|
291211
|
- |
|
limesurvey
|
limesurvey
|
Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parame…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4995
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291212
|
- |
|
limesurvey
|
limesurvey
|
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NO…
|
CWE-89
SQL Injection
|
CVE-2012-4994
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291213
|
- |
|
rivetcode
|
rivettracker
|
torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4993
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291214
|
- |
|
flashfxp
|
flashfxp
|
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-4992
|
2024-11-21 10:43 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291215
|
- |
|
silverstripe
|
silverstripe
|
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string t…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4968
|
2024-11-21 10:43 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291216
|
- |
|
mozilla
google
|
firefox
chrome
|
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypte…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4930
|
2024-11-21 10:43 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291217
|
- |
|
debian
mozilla
google
|
debian_linux
firefox
chrome
|
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4929
|
2024-11-21 10:43 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291218
|
- |
|
oxwall
|
oxwall
|
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4928
|
2024-11-21 10:43 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291219
|
- |
|
limesurvey
|
limesurvey
|
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2012-4927
|
2024-11-21 10:43 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291220
|
- |
|
imgpals
|
img_pals_photo_host
|
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app…
|
CWE-287
Improper Authentication
|
CVE-2012-4926
|
2024-11-21 10:43 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
