|
295221
|
- |
|
apache
|
struts
|
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor chara…
|
CWE-94
Code Injection
|
CVE-2012-0394
|
2024-11-21 10:34 |
2012-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295222
|
- |
|
apache
|
struts
|
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0393
|
2024-11-21 10:34 |
2012-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295223
|
- |
|
apache
|
struts
|
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header…
|
NVD-CWE-noinfo
|
CVE-2012-0392
|
2024-11-21 10:34 |
2012-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295224
|
- |
|
maradns
|
maradns
|
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a den…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2012-0024
|
2024-11-21 10:34 |
2012-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295225
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via th…
|
CWE-79
Cross-site Scripting
|
CVE-2012-0287
|
2024-11-21 10:34 |
2012-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295226
|
- |
|
gnu
|
gnutls
|
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it eas…
|
CWE-310
Cryptographic Issues
|
CVE-2012-0390
|
2024-11-21 10:34 |
2012-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295227
|
- |
|
openssl
|
openssl
|
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d…
|
CWE-399
Resource Management Errors
|
CVE-2012-0027
|
2024-11-21 10:34 |
2012-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295228
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_asset_manager
|
IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.
|
NVD-CWE-Other
|
CVE-2011-4820
|
2024-11-21 10:33 |
2022-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295229
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.
|
CWE-200
Information Exposure
|
CVE-2011-4916
|
2024-11-21 10:33 |
2022-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295230
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.
|
NVD-CWE-noinfo
|
CVE-2011-4917
|
2024-11-21 10:33 |
2022-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
