|
294901
|
- |
|
openconstructor_project
|
openconstructor
|
Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3871
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294902
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3870
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294903
|
- |
|
apache
|
tomcat
|
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3546
|
2024-11-21 10:41 |
2012-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294904
|
- |
|
citrix
xen
|
xenserver
xen
|
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3516
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294905
|
- |
|
xen
qemu
suse
opensuse
redhat
debian
canonical
|
xen
qemu
linux_enterprise_server
linux_enterprise_desktop
opensuse
linux_enterprise_software_development_kit
virtualization
enterprise_linux_server
enterprise_linux_workstatio…
|
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 seq…
|
CWE-20
Improper Input Validation
|
CVE-2012-3515
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294906
|
- |
|
citrix
xen
|
xenserver
xen
|
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory v…
|
CWE-20
Improper Input Validation
|
CVE-2012-3498
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294907
|
- |
|
munin-monitoring
|
munin
|
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3513
|
2024-11-21 10:41 |
2012-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294908
|
- |
|
munin-monitoring
|
munin
|
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3512
|
2024-11-21 10:41 |
2012-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294909
|
- |
|
vmware
|
ovf_tool
workstation
player
|
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attacker…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2012-3569
|
2024-11-21 10:41 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294910
|
- |
|
isc
|
inn
|
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cle…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3523
|
2024-11-21 10:41 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
