|
301761
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3465
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301762
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3464
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301763
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3463
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301764
|
- |
|
todd_miller
redhat
|
sudo
enterprise_linux
|
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
|
CWE-59
Link Following
|
CVE-2012-3440
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301765
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic…
|
CWE-287
Improper Authentication
|
CVE-2012-3424
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301766
|
- |
|
hp
|
arcsight_connector_appliance_firmware
arcsight_connector_appliance
arcsight_logger_appliance_firmware
arcsight_logger_appliance
|
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2960
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301767
|
- |
|
redhat
|
libvirt
|
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of servi…
|
CWE-399
Resource Management Errors
|
CVE-2012-3445
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301768
|
- |
|
graphicsmagick
|
graphicsmagick
|
The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3438
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301769
|
- |
|
imagemagick
|
imagemagick
|
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of …
|
NVD-CWE-Other
|
CVE-2012-3437
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301770
|
- |
|
martin_nagy
|
bind-dyndb-ldap
|
The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to…
|
CWE-20
Improper Input Validation
|
CVE-2012-3429
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
