|
296151
|
- |
|
wireshark
|
wireshark
|
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to …
|
NVD-CWE-noinfo
|
CVE-2012-5238
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296152
|
- |
|
wireshark
|
wireshark
|
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed p…
|
CWE-399
Resource Management Errors
|
CVE-2012-5237
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296153
|
- |
|
mystorexpress
|
tienda_virtual
|
SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5300
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296154
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5299
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296155
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5298
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296156
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5297
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296157
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approv…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5296
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296158
|
- |
|
fusetalk
fusetalk.
|
fusetalk
|
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5295
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296159
|
- |
|
mystorexpress
|
tienda_virtual
|
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5294
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296160
|
- |
|
redgraphic
|
sapid_cms
|
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/g…
|
CWE-94
Code Injection
|
CVE-2012-5293
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
