|
301401
|
- |
|
moodle
|
moodle
|
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4400
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301402
|
- |
|
freedesktop
gtk
|
spice-gtk
libgio
|
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS env…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4425
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301403
|
- |
|
openstack
|
keystone
|
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4413
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301404
|
- |
|
ghostscript
argyllcms
color
|
ghostscript
cms
icclib
|
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remo…
|
CWE-189
Numeric Errors
|
CVE-2012-4405
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301405
|
- |
|
mike_carr
|
flogr
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary par…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4336
|
2024-11-21 10:42 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301406
|
- |
|
google
|
mod_pagespeed
|
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4360
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301407
|
- |
|
google
|
mod_pagespeed
|
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified …
|
CWE-20
Improper Input Validation
|
CVE-2012-4001
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301408
|
- |
|
cybozu
|
kunai_browser_for_remote_service
|
The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a cra…
|
CWE-200
Information Exposure
|
CVE-2012-4013
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301409
|
- |
|
wordpress
|
wordpress
|
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4422
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301410
|
- |
|
wordpress
|
wordpress
|
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4421
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
