|
290461
|
9.8 |
CRITICAL
Network
|
ektron
|
ektron_content_management_system
|
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE …
|
CWE-19
Data Processing Errors
|
CVE-2012-5357
|
2024-11-21 10:44 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290462
|
7.8 |
HIGH
Local
|
ffmpeg
|
ffmpeg
|
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-5361
|
2024-11-21 10:44 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290463
|
- |
|
tvmobili
|
tvmobili
|
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-5451
|
2024-11-21 10:44 |
2015-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290464
|
- |
|
plone
|
plone
|
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifi…
|
CWE-200
Information Exposure
|
CVE-2012-5508
|
2024-11-21 10:44 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290465
|
- |
|
plone
|
plone
|
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a cr…
|
CWE-352
Origin Validation Error
|
CVE-2012-5500
|
2024-11-21 10:44 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290466
|
- |
|
libproxy_project
|
libproxy
|
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary …
|
CWE-94
Code Injection
|
CVE-2012-5580
|
2024-11-21 10:44 |
2014-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290467
|
- |
|
bananadance
|
banana_dance
|
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5243
|
2024-11-21 10:44 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290468
|
- |
|
bananadance
|
banana_dance
|
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parame…
|
CWE-22
Path Traversal
|
CVE-2012-5242
|
2024-11-21 10:44 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290469
|
- |
|
bananadance
|
banana_dance
|
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter t…
|
CWE-89
SQL Injection
|
CVE-2012-5244
|
2024-11-21 10:44 |
2014-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290470
|
- |
|
zope
plone
|
zope
plone
|
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa…
|
CWE-362
Race Condition
|
CVE-2012-5507
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
