|
296011
|
- |
|
dream-multimedia-tv
|
enigma2_webinterface
|
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2012-1025
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296012
|
- |
|
dream-multimedia-tv
|
enigma2_webinterface
|
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2012-1024
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296013
|
- |
|
4homepages
|
4images
|
Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
|
CWE-20
Improper Input Validation
|
CVE-2012-1023
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296014
|
- |
|
4homepages
|
4images
|
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.
|
CWE-89
SQL Injection
|
CVE-2012-1022
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296015
|
- |
|
4homepages
|
4images
|
Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1021
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296016
|
- |
|
overseaswtc
|
nexorone_online_banking_system
|
Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to reg…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1020
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296017
|
- |
|
xwiki
|
xwiki_enterprise
|
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1019
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296018
|
- |
|
dmackmedia
|
mod_currencyconverter
|
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1018
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296019
|
- |
|
secureideas
|
base
|
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) …
|
CWE-89
SQL Injection
|
CVE-2012-1017
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296020
|
- |
|
likno
|
allwebmenus_plugin
|
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a cert…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1011
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
