|
291761
|
- |
|
redhat
|
cloudforms
|
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
|
CWE-255
Credentials Management
|
CVE-2012-3538
|
2024-11-21 10:41 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291762
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestb…
|
CWE-89
SQL Injection
|
CVE-2012-3873
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291763
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) th…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3872
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291764
|
- |
|
openconstructor_project
|
openconstructor
|
Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3871
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291765
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3870
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291766
|
- |
|
apache
|
tomcat
|
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3546
|
2024-11-21 10:41 |
2012-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291767
|
- |
|
citrix
xen
|
xenserver
xen
|
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3516
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291768
|
- |
|
xen
qemu
suse
opensuse
redhat
debian
canonical
|
xen
qemu
linux_enterprise_server
linux_enterprise_desktop
opensuse
linux_enterprise_software_development_kit
virtualization
enterprise_linux_server
enterprise_linux_workstatio…
|
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 seq…
|
CWE-20
Improper Input Validation
|
CVE-2012-3515
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291769
|
- |
|
citrix
xen
|
xenserver
xen
|
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory v…
|
CWE-20
Improper Input Validation
|
CVE-2012-3498
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291770
|
- |
|
munin-monitoring
|
munin
|
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3513
|
2024-11-21 10:41 |
2012-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
