|
301331
|
- |
|
typo3
|
typo3
|
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection …
|
CWE-20
Improper Input Validation
|
CVE-2012-1608
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301332
|
- |
|
typo3
|
typo3
|
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
|
CWE-200
Information Exposure
|
CVE-2012-1607
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301333
|
- |
|
typo3
|
typo3
|
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1606
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301334
|
- |
|
typo3
|
typo3
|
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via ve…
|
NVD-CWE-Other
|
CVE-2012-1605
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301335
|
- |
|
oracle
|
jdk
jre
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via u…
|
NVD-CWE-noinfo
|
CVE-2012-1682
|
2024-11-21 10:37 |
2012-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301336
|
- |
|
giantrobot
|
zipcart
|
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1650
|
2024-11-21 10:37 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301337
|
- |
|
mediafront
|
mediafront
|
Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Dru…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1647
|
2024-11-21 10:37 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301338
|
- |
|
wimleers
|
cdn
|
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified ve…
|
CWE-200
Information Exposure
|
CVE-2012-1645
|
2024-11-21 10:37 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301339
|
- |
|
gizra
|
og_vocab
|
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via uns…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1644
|
2024-11-21 10:37 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301340
|
- |
|
jason_savino
|
fp
|
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vect…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1643
|
2024-11-21 10:37 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
