|
299611
|
- |
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XS…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5368
|
2024-11-21 10:44 |
2012-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299612
|
- |
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5339
|
2024-11-21 10:44 |
2012-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299613
|
- |
|
zoner
|
zoner_antivirus_free
|
The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-t…
|
CWE-310
Cryptographic Issues
|
CVE-2012-5456
|
2024-11-21 10:44 |
2012-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299614
|
- |
|
videousermanuals
|
white-label-cms
|
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5388
|
2024-11-21 10:44 |
2012-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299615
|
- |
|
videousermanuals
|
white-label-cms
|
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for…
|
CWE-352
Origin Validation Error
|
CVE-2012-5387
|
2024-11-21 10:44 |
2012-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299616
|
- |
|
tibco
|
formvine
|
The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vect…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5302
|
2024-11-21 10:44 |
2012-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299617
|
- |
|
adobe
|
shockwave_player
|
Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-5273
|
2024-11-21 10:44 |
2012-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299618
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5455
|
2024-11-21 10:44 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299619
|
- |
|
atutor
|
acontent
|
user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5454
|
2024-11-21 10:44 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299620
|
- |
|
atutor
|
acontent
|
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vu…
|
CWE-89
SQL Injection
|
CVE-2012-5453
|
2024-11-21 10:44 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
