|
303781
|
9.8 |
CRITICAL
Network
|
umbraco
|
umbraco_cms
|
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
|
CWE-20
Improper Input Validation
|
CVE-2012-1301
|
2024-11-21 10:36 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303782
|
- |
|
dflabs
|
ptk
|
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2012-1415
|
2024-11-21 10:36 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303783
|
- |
|
amcharts
|
flash
|
Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1303
|
2024-11-21 10:36 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303784
|
- |
|
ammap_project
|
ammap
|
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1302
|
2024-11-21 10:36 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303785
|
- |
|
syndeocms
|
syndeocms
|
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user acc…
|
CWE-352
Origin Validation Error
|
CVE-2012-1203
|
2024-11-21 10:36 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303786
|
- |
|
robert_ancell
|
lightdm
|
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
|
CWE-200
Information Exposure
|
CVE-2012-1111
|
2024-11-21 10:36 |
2014-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303787
|
- |
|
yealink
|
ip_phone_sip-t19p
ultra-elegant_ip_phone_sip-t41p
ultra-elegant_ip_phone_sip-t48g
gigabit_color_ip_phone_sip-t32g
ultra-elegant_ip_phone_sip-t46g
ip_video_phone_vp530
ip_phone_sip-t…
|
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1417
|
2024-11-21 10:36 |
2014-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303788
|
- |
|
siteseeker
episerver
|
euroling_siteseeker
episerver
|
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1032
|
2024-11-21 10:36 |
2014-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303789
|
- |
|
xoops
|
xoops
|
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the…
|
CWE-79
Cross-site Scripting
|
CVE-2012-0984
|
2024-11-21 10:36 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303790
|
- |
|
testlink
|
testlink
|
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id param…
|
CWE-89
SQL Injection
|
CVE-2012-0939
|
2024-11-21 10:36 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
