|
296691
|
- |
|
openvswitch
|
openvswitch
|
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3449
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296692
|
- |
|
kde
|
kde_pim
|
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitra…
|
CWE-16
Configuration
|
CVE-2012-3413
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296693
|
- |
|
ganglia
|
ganglia-web
|
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
|
NVD-CWE-noinfo
|
CVE-2012-3448
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296694
|
- |
|
php
|
php
|
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote a…
|
NVD-CWE-Other
|
CVE-2012-3450
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296695
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote att…
|
CWE-287
Improper Authentication
|
CVE-2012-3408
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296696
|
- |
|
siemens
|
synco_ozw_web_server
synco_ozw_web_server_firmware
|
The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrativ…
|
CWE-255
Credentials Management
|
CVE-2012-3020
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296697
|
- |
|
djangoproject
|
django
|
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows re…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3444
|
2024-11-21 10:40 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296698
|
- |
|
djangoproject
|
django
|
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a…
|
CWE-20
Improper Input Validation
|
CVE-2012-3443
|
2024-11-21 10:40 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296699
|
- |
|
djangoproject
|
django
|
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3442
|
2024-11-21 10:40 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296700
|
- |
|
openstack
|
essex
keystone
horizon
|
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass in…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3426
|
2024-11-21 10:40 |
2012-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
