|
291531
|
- |
|
monkey-project
|
monkey
|
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4443
|
2024-11-21 10:42 |
2012-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291532
|
- |
|
finalbeta
|
mywebsearch
|
Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4018
|
2024-11-21 10:42 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291533
|
- |
|
mf_gig_calendar_project
|
mf_gig_calendar
|
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4242
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291534
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain di…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4065
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291535
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Con…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4064
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291536
|
- |
|
eucalyptus
|
eucalyptus
|
The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4063
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291537
|
- |
|
fedoraproject
|
389_directory_server
|
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restriction…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4450
|
2024-11-21 10:42 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291538
|
- |
|
smarty
|
smarty
|
Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors t…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4437
|
2024-11-21 10:42 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291539
|
- |
|
optipng
|
optipng
|
Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction."
|
CWE-399
Resource Management Errors
|
CVE-2012-4432
|
2024-11-21 10:42 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291540
|
- |
|
gnome
|
gnome-shell
|
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
|
CWE-94
Code Injection
|
CVE-2012-4427
|
2024-11-21 10:42 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
