|
290061
|
7.5 |
HIGH
Network
|
boldgrid
|
w3_total_cache
|
W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes.
|
CWE-200
Information Exposure
|
CVE-2012-6078
|
2024-11-21 10:45 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290062
|
7.5 |
HIGH
Network
|
boldgrid
|
w3_total_cache
|
W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files.
|
CWE-200
Information Exposure
|
CVE-2012-6077
|
2024-11-21 10:45 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290063
|
5.5 |
MEDIUM
Local
|
redhat
fedoraproject
debian
|
tuned
fedora
enterprise_linux
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
debian_linux
|
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
|
CWE-276
Incorrect Default Permissions
|
CVE-2012-6136
|
2024-11-21 10:45 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290064
|
7.5 |
HIGH
Network
|
phusion
redhat
|
passenger
openshift
|
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
|
CWE-20
Improper Input Validation
|
CVE-2012-6135
|
2024-11-21 10:45 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290065
|
7.5 |
HIGH
Network
|
nusoap_project
debian
|
nusoap
debian_linux
|
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
|
CWE-295
Improper Certificate Validation
|
CVE-2012-6071
|
2024-11-21 10:45 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290066
|
7.5 |
HIGH
Network
|
falconpl
|
falconpl
|
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
|
CWE-20
Improper Input Validation
|
CVE-2012-6070
|
2024-11-21 10:45 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290067
|
9.8 |
CRITICAL
Network
|
call-cc
|
chicken
|
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
|
CWE-20
Improper Input Validation
|
CVE-2012-6125
|
2024-11-21 10:45 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290068
|
5.3 |
MEDIUM
Network
|
call-cc
|
chicken
|
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2012-6124
|
2024-11-21 10:45 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290069
|
6.5 |
MEDIUM
Network
|
call-cc
debian
|
chicken
debian_linux
|
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
|
CWE-20
Improper Input Validation
|
CVE-2012-6123
|
2024-11-21 10:45 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290070
|
7.5 |
HIGH
Network
|
call-cc
|
chicken
|
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
|
CWE-120
Classic Buffer Overflow
|
CVE-2012-6122
|
2024-11-21 10:45 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
