|
291691
|
- |
|
mysqldumper
|
mysqldumper
|
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restric…
|
CWE-352
Origin Validation Error
|
CVE-2012-4252
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291692
|
- |
|
mysqldumper
|
mysqldumper
|
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4251
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291693
|
- |
|
samsung
|
net-i_viewer
|
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-4250
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291694
|
- |
|
amazon
|
kindle_touch
|
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as…
|
CWE-94
Code Injection
|
CVE-2012-4249
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291695
|
- |
|
amazon
|
kindle_touch
|
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4248
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291696
|
- |
|
dir2web
|
dir2web
|
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
|
CWE-89
SQL Injection
|
CVE-2012-4070
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291697
|
- |
|
dir2web
|
dir2web
|
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4069
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291698
|
- |
|
phplist
|
phplist
|
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remot…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4247
|
2024-11-21 10:42 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291699
|
- |
|
phplist
|
phplist
|
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4246
|
2024-11-21 10:42 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291700
|
- |
|
pbboard
|
pbboard
|
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4035
|
2024-11-21 10:42 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
