|
290771
|
- |
|
josso
|
java_open_single_sign-on_project_home
|
Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attac…
|
CWE-287
Improper Authentication
|
CVE-2012-5352
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290772
|
- |
|
apache
|
axis2
|
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability tha…
|
CWE-287
Improper Authentication
|
CVE-2012-5351
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290773
|
- |
|
wordpress
|
pay-with-tweet
|
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in …
|
CWE-89
SQL Injection
|
CVE-2012-5350
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290774
|
- |
|
wordpress
|
pay-with-tweet
|
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5349
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290775
|
- |
|
wilson_steven
|
mangosweb_enhanced
|
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
|
CWE-89
SQL Injection
|
CVE-2012-5348
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290776
|
- |
|
tinywebgallery
|
tinywebgallery
|
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
|
NVD-CWE-noinfo
|
CVE-2012-5347
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290777
|
- |
|
bencemeszaros
|
wp-livephp
|
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some o…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5346
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290778
|
- |
|
kepler_lam
|
iptools
|
Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-5345
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290779
|
- |
|
kepler_lam
|
iptools
|
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
|
CWE-22
Path Traversal
|
CVE-2012-5344
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290780
|
- |
|
limny
|
limny
|
Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5343
|
2024-11-21 10:44 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
