|
294281
|
- |
|
secureideas
|
base
|
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) …
|
CWE-89
SQL Injection
|
CVE-2012-1017
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294282
|
- |
|
likno
|
allwebmenus_plugin
|
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a cert…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1011
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294283
|
- |
|
likno
|
allwebmenus_plugin
|
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a P…
|
CWE-20
Improper Input Validation
|
CVE-2012-1010
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294284
|
- |
|
sphinx-soft
|
mobile_web_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1005
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294285
|
- |
|
openemr
|
openemr
|
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.
|
CWE-20
Improper Input Validation
|
CVE-2012-0992
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294286
|
- |
|
openemr
|
openemr
|
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php;…
|
CWE-22
Path Traversal
|
CVE-2012-0991
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294287
|
- |
|
dclassifieds
|
dclassifieds
|
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify acco…
|
CWE-352
Origin Validation Error
|
CVE-2012-0990
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294288
|
- |
|
apache
|
struts
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-s…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1007
|
2024-11-21 10:36 |
2012-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294289
|
- |
|
apache
|
struts
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to strut…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1006
|
2024-11-21 10:36 |
2012-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294290
|
- |
|
opera
|
opera_browser
|
Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3)…
|
CWE-189
Numeric Errors
|
CVE-2012-1003
|
2024-11-21 10:36 |
2012-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
