|
293081
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2012-4380
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293082
|
6.5 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response i…
|
CWE-284
Improper Access Control
|
CVE-2012-4379
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293083
|
- |
|
group-office
|
groupoffice
|
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
|
CWE-89
SQL Injection
|
CVE-2012-4240
|
2024-11-21 10:42 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293084
|
- |
|
phorum
|
phorum
|
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-4234
|
2024-11-21 10:42 |
2014-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293085
|
- |
|
qpw.famvanakkeren
|
quick_post_widget
|
Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4226
|
2024-11-21 10:42 |
2014-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293086
|
- |
|
microcart_project
|
microcart
|
Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3)…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4241
|
2024-11-21 10:42 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293087
|
- |
|
tinymce
|
tinymce
|
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4230
|
2024-11-21 10:42 |
2014-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293088
|
- |
|
cisco
|
nx-os
|
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCt…
|
CWE-22
Path Traversal
|
CVE-2012-4135
|
2024-11-21 10:42 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293089
|
- |
|
cisco
|
nx-os
|
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
|
CWE-22
Path Traversal
|
CVE-2012-4131
|
2024-11-21 10:42 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293090
|
- |
|
cisco
|
unified_computing_system
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4115
|
2024-11-21 10:42 |
2013-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
