|
298401
|
- |
|
nicolas_cannasse
|
ocaml_xml-light_library
|
OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service …
|
CWE-310
Cryptographic Issues
|
CVE-2012-3514
|
2024-11-21 10:41 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298402
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribu…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3508
|
2024-11-21 10:41 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298403
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3507
|
2024-11-21 10:41 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298404
|
9.8 |
CRITICAL
Network
|
theforeman
redhat
|
katello
enterprise_linux_server
|
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2012-3503
|
2024-11-21 10:41 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298405
|
- |
|
darold
|
squidclamav
|
The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cau…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3501
|
2024-11-21 10:41 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298406
|
- |
|
apache
|
http_server
|
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi…
|
CWE-200
Information Exposure
|
CVE-2012-3502
|
2024-11-21 10:41 |
2012-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298407
|
- |
|
redaxo
|
redaxo
|
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3869
|
2024-11-21 10:41 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298408
|
- |
|
phplist
|
phplist
|
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
|
CWE-89
SQL Injection
|
CVE-2012-3953
|
2024-11-21 10:41 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298409
|
- |
|
phplist
|
phplist
|
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3952
|
2024-11-21 10:41 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298410
|
- |
|
rsgallery2
|
com_rsgallery2
|
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands …
|
CWE-89
SQL Injection
|
CVE-2012-3554
|
2024-11-21 10:41 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
