|
291321
|
- |
|
pawel_jakub_dawidek
|
geli
|
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.
|
CWE-310
Cryptographic Issues
|
CVE-2012-4578
|
2024-11-21 10:43 |
2012-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291322
|
- |
|
korenix
|
jetport
|
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, …
|
CWE-255
Credentials Management
|
CVE-2012-4577
|
2024-11-21 10:43 |
2012-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291323
|
8.1 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2012-4381
|
2024-11-21 10:42 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291324
|
6.1 |
MEDIUM
Network
|
chamilo
|
chamilo
|
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an a…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4029
|
2024-11-21 10:42 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291325
|
8.8 |
HIGH
Network
|
contao
|
contao
|
contao prior to 2.11.4 has a sql injection vulnerability
|
CWE-89
SQL Injection
|
CVE-2012-4383
|
2024-11-21 10:42 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291326
|
9.8 |
CRITICAL
Network
|
sparklabs
|
viscosity
|
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execut…
|
NVD-CWE-Other
|
CVE-2012-4284
|
2024-11-21 10:42 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291327
|
7.5 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
|
CWE-20
Improper Input Validation
|
CVE-2012-4030
|
2024-11-21 10:42 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291328
|
8.8 |
HIGH
Network
|
cipherdyne
|
fwknop
|
fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.
|
CWE-276
Incorrect Default Permissions
|
CVE-2012-4434
|
2024-11-21 10:42 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291329
|
6.1 |
MEDIUM
Network
|
zend
fedoraproject
redhat
|
zend_framework
fedora
enterprise_linux
|
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\Pub…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4451
|
2024-11-21 10:42 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291330
|
7.5 |
HIGH
Network
|
oracle
|
jdk
|
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation …
|
CWE-200
Information Exposure
|
CVE-2012-4420
|
2024-11-21 10:42 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
