|
291651
|
6.1 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4440
|
2024-11-21 10:42 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291652
|
6.1 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4439
|
2024-11-21 10:42 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291653
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
|
CWE-20
Improper Input Validation
|
CVE-2012-4438
|
2024-11-21 10:42 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291654
|
6.5 |
MEDIUM
Network
|
trilexnet
debian
|
letodms
debian_linux
|
letodms 3.3.6 has CSRF via change password
|
CWE-352
Origin Validation Error
|
CVE-2012-4385
|
2024-11-21 10:42 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291655
|
6.1 |
MEDIUM
Network
|
trilexnet
debian
|
letodms
debian_linux
|
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
|
CWE-79
Cross-site Scripting
|
CVE-2012-4384
|
2024-11-21 10:42 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291656
|
9.8 |
CRITICAL
Network
|
apache
|
hadoop
|
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-depen…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2012-4449
|
2024-11-21 10:42 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291657
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4378
|
2024-11-21 10:42 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291658
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4377
|
2024-11-21 10:42 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291659
|
4.9 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
|
CWE-200
Information Exposure
|
CVE-2012-4382
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291660
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2012-4380
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
