|
289631
|
- |
|
-
|
-
|
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get…
|
-
|
CVE-2012-6664
|
2024-11-21 10:46 |
2024-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289632
|
7.5 |
HIGH
Network
|
nokogiri
redhat
|
nokogiri
openstack
cloudforms_management_engine
satellite
subscription_asset_manager
openshift
openstack_foreman
enterprise_mrg
|
Nokogiri before 1.5.4 is vulnerable to XXE attacks
|
CWE-776
XML Entity Expansion
|
CVE-2012-6685
|
2024-11-21 10:46 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289633
|
7.2 |
HIGH
Network
|
dlink
|
dsr-250n_firmware
|
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
|
CWE-862
Missing Authorization
|
CVE-2012-6614
|
2024-11-21 10:46 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289634
|
6.3 |
MEDIUM
Network
|
socialengine
|
socialengine
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4.
|
CWE-352
Origin Validation Error
|
CVE-2012-6721
|
2024-11-21 10:46 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289635
|
6.1 |
MEDIUM
Network
|
socialengine
|
socialengine
|
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) locatio…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6720
|
2024-11-21 10:46 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289636
|
9.8 |
CRITICAL
Network
|
polycom
|
hdx_system_software
|
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative pass…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2012-6611
|
2024-11-21 10:46 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289637
|
5.4 |
MEDIUM
Network
|
cpanel
|
whm
cpanel
|
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6449
|
2024-11-21 10:46 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289638
|
6.1 |
MEDIUM
Network
|
vbseo
|
vbseo
|
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6666
|
2024-11-21 10:46 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289639
|
6.5 |
MEDIUM
Network
|
netgear
|
wgr614v9_firmware
wgr614v7_firmware
|
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the co…
|
CWE-200
Information Exposure
|
CVE-2012-6341
|
2024-11-21 10:46 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289640
|
4.6 |
MEDIUM
Physics
|
netgear
|
wgr614v9_firmware
wgr614v7_firmware
|
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.
|
CWE-287
Improper Authentication
|
CVE-2012-6340
|
2024-11-21 10:46 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
