|
290821
|
5.3 |
MEDIUM
Network
|
call-cc
|
chicken
|
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2012-6124
|
2024-11-21 10:45 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290822
|
6.5 |
MEDIUM
Network
|
call-cc
debian
|
chicken
debian_linux
|
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
|
CWE-20
Improper Input Validation
|
CVE-2012-6123
|
2024-11-21 10:45 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290823
|
7.5 |
HIGH
Network
|
call-cc
|
chicken
|
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
|
CWE-120
Classic Buffer Overflow
|
CVE-2012-6122
|
2024-11-21 10:45 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290824
|
4.4 |
MEDIUM
Local
|
gofer_project
|
gofer
|
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries.
|
CWE-275
Permission Issues
|
CVE-2012-5628
|
2024-11-21 10:45 |
2018-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290825
|
6.1 |
MEDIUM
Network
|
apache
|
wicket
|
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vector…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5636
|
2024-11-21 10:45 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290826
|
- |
|
clip-bucket
|
clipbucket
|
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.ph…
|
CWE-89
SQL Injection
|
CVE-2012-5849
|
2024-11-21 10:45 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290827
|
- |
|
ajax_search_project
|
ajax_search
|
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to e…
|
CWE-89
SQL Injection
|
CVE-2012-5853
|
2024-11-21 10:45 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290828
|
- |
|
dotproject
|
dotproject
|
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action,…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5702
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290829
|
- |
|
bulbsecurity
|
smartphone_pentest_framework
|
The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5697
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290830
|
- |
|
bulbsecurity
|
smartphone_pentest_framework
|
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5696
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
