|
297021
|
- |
|
openstack
|
grizzly
folsom
|
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which a…
|
CWE-200
Information Exposure
|
CVE-2012-5625
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297022
|
- |
|
openstack
|
keystone
|
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows loca…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5483
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297023
|
- |
|
citrix
|
xenapp
|
The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2012-5161
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297024
|
- |
|
catalin_florian_radut
|
zeropoint
|
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5591
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297025
|
- |
|
scripthead
|
webmail_plus
|
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2012-5590
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297026
|
- |
|
netgenius
|
multilink
|
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users …
|
CWE-200
Information Exposure
|
CVE-2012-5589
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297027
|
- |
|
epiqo
|
email
|
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5588
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297028
|
- |
|
epiqo
|
email
|
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5587
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297029
|
- |
|
marc_ingram
|
services
|
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5586
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297030
|
- |
|
mixpanel_project
|
mixpanel
|
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5585
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
