|
292041
|
- |
|
sourcefabric
|
newscoop
|
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.
|
CWE-89
SQL Injection
|
CVE-2012-1934
|
2024-11-21 10:38 |
2012-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292042
|
- |
|
sourcefabric
|
newscoop
|
Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in…
|
CWE-94
Code Injection
|
CVE-2012-1933
|
2024-11-21 10:38 |
2012-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292043
|
- |
|
creative_commons_module_project
|
creativecommons
|
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission t…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2297
|
2024-11-21 10:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292044
|
- |
|
munin-monitoring
|
munin
|
munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.
|
CWE-399
Resource Management Errors
|
CVE-2012-2147
|
2024-11-21 10:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292045
|
- |
|
ematia
|
elixir
|
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the data…
|
CWE-310
Cryptographic Issues
|
CVE-2012-2146
|
2024-11-21 10:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292046
|
- |
|
munin-monitoring
|
munin
|
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequenc…
|
CWE-20
Improper Input Validation
|
CVE-2012-2104
|
2024-11-21 10:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292047
|
- |
|
munin-monitoring
|
munin
|
The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
|
CWE-59
Link Following
|
CVE-2012-2103
|
2024-11-21 10:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292048
|
- |
|
sitecom
|
wlm-2501
|
Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the r…
|
CWE-352
Origin Validation Error
|
CVE-2012-1921
|
2024-11-21 10:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292049
|
- |
|
pluxml
|
pluxml
|
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_la…
|
CWE-22
Path Traversal
|
CVE-2012-2227
|
2024-11-21 10:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292050
|
- |
|
emc
|
applicationxtender_web_access_.net
applicationxtender_desktop
|
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via un…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2289
|
2024-11-21 10:38 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
