|
290361
|
- |
|
irods
|
irods
|
Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2012-5895
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290362
|
- |
|
havalite
|
cms
|
SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5894
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290363
|
- |
|
havalite
|
cms
|
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then acce…
|
NVD-CWE-Other
|
CVE-2012-5893
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290364
|
- |
|
havalite
|
cms
|
Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct requ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5892
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290365
|
- |
|
dalbum
|
dalbum
|
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests th…
|
CWE-352
Origin Validation Error
|
CVE-2012-5891
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290366
|
- |
|
stanislas_rolland
|
sr_feuser_register
|
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
|
CWE-200
Information Exposure
|
CVE-2012-5890
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290367
|
- |
|
alex_kellner
|
powermail
|
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5889
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290368
|
- |
|
benjamin_mack
|
seo_basics
|
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5888
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290369
|
- |
|
apache
|
tomcat
|
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with …
|
CWE-287
Improper Authentication
|
CVE-2012-5887
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290370
|
- |
|
apache
|
tomcat
|
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session …
|
CWE-287
Improper Authentication
|
CVE-2012-5886
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
