|
294331
|
- |
|
mozilla
|
bugzilla
|
template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function…
|
CWE-200
Information Exposure
|
CVE-2012-4199
|
2024-11-21 10:42 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294332
|
- |
|
mozilla
|
bugzilla
|
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups reque…
|
CWE-200
Information Exposure
|
CVE-2012-4198
|
2024-11-21 10:42 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294333
|
- |
|
mozilla
|
bugzilla
|
Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers t…
|
CWE-200
Information Exposure
|
CVE-2012-4197
|
2024-11-21 10:42 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294334
|
- |
|
mozilla
|
bugzilla
|
Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value …
|
CWE-79
Cross-site Scripting
|
CVE-2012-4189
|
2024-11-21 10:42 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294335
|
- |
|
simon_brown
|
pebble
|
CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2012-4023
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294336
|
- |
|
simon_brown
|
pebble
|
Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4022
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294337
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information …
|
CWE-287
Improper Authentication
|
CVE-2012-4021
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294338
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4020
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294339
|
- |
|
boombatower
|
subuser
|
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4487
|
2024-11-21 10:42 |
2012-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294340
|
- |
|
boombatower
|
subuser
|
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the us…
|
CWE-352
Origin Validation Error
|
CVE-2012-4486
|
2024-11-21 10:42 |
2012-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
