|
294611
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modul…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4550
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294612
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no r…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4549
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294613
|
- |
|
redhat
|
cloudforms
|
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.
|
CWE-255
Credentials Management
|
CVE-2012-4574
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294614
|
- |
|
redhat
|
certificate_system
|
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certai…
|
CWE-20
Improper Input Validation
|
CVE-2012-4556
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294615
|
- |
|
redhat
|
certificate_system
|
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a den…
|
NVD-CWE-Other
|
CVE-2012-4555
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294616
|
- |
|
redhat
|
certificate_system
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4543
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294617
|
- |
|
elinks
|
elinks
|
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials thro…
|
CWE-287
Improper Authentication
|
CVE-2012-4545
|
2024-11-21 10:43 |
2013-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294618
|
- |
|
polycom
|
hdx_system_software
|
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote att…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4970
|
2024-11-21 10:43 |
2013-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294619
|
- |
|
i-gen
|
oplynx
|
The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support.
|
CWE-287
Improper Authentication
|
CVE-2012-4688
|
2024-11-21 10:43 |
2012-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294620
|
- |
|
simple_invoices
|
simple_invoices
|
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a mana…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4932
|
2024-11-21 10:43 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
