|
291201
|
- |
|
frankdeveloper
|
vr_gpub
|
Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an ad…
|
CWE-352
Origin Validation Error
|
CVE-2012-5005
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291202
|
- |
|
parallels
|
h-sphere
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via ad…
|
CWE-352
Origin Validation Error
|
CVE-2012-5004
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291203
|
- |
|
nomachine
|
nx_web_companion
|
nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (…
|
CWE-287
Improper Authentication
|
CVE-2012-5003
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291204
|
- |
|
ricoh
|
sr10_ftp_server
dl-10
|
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-5002
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291205
|
- |
|
hitachi
|
jp1\/cm2\/network_node_manager
|
Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified …
|
NVD-CWE-noinfo
|
CVE-2012-5001
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291206
|
- |
|
blueteck
|
witze_addon
|
SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
|
CWE-89
SQL Injection
|
CVE-2012-5000
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291207
|
- |
|
mercurycom
|
mr804_firmware
mr804
|
Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (…
|
CWE-20
Improper Input Validation
|
CVE-2012-4999
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291208
|
- |
|
starcms
|
starcms
|
Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4998
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291209
|
- |
|
anecms
|
anecms
|
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
|
CWE-22
Path Traversal
|
CVE-2012-4997
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291210
|
- |
|
rivetcode
|
rivettracker
|
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.p…
|
CWE-89
SQL Injection
|
CVE-2012-4996
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
