|
301031
|
- |
|
websitepanel
|
websitepanel
|
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to De…
|
CWE-20
Improper Input Validation
|
CVE-2012-4032
|
2024-11-21 10:42 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301032
|
- |
|
wangkongbao
|
cns-1100
cns-1000
|
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid coo…
|
CWE-22
Path Traversal
|
CVE-2012-4031
|
2024-11-21 10:42 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301033
|
- |
|
tridium
|
niagara_ax
|
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authenticatio…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2012-4028
|
2024-11-21 10:42 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301034
|
- |
|
tridium
|
niagara_ax
|
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as dem…
|
CWE-22
Path Traversal
|
CVE-2012-4027
|
2024-11-21 10:42 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301035
|
- |
|
johnsoncontrols
|
pegasys_p2000_server_software
pegasys_p2000_server
|
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerabil…
|
CWE-20
Improper Input Validation
|
CVE-2012-4026
|
2024-11-21 10:42 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301036
|
- |
|
ckeditor
|
fckeditor
|
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remo…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4000
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301037
|
- |
|
sayakbanerjee
|
sticky_notes
|
Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3999
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301038
|
- |
|
sayakbanerjee
|
sticky_notes
|
Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.…
|
CWE-89
SQL Injection
|
CVE-2012-3998
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301039
|
- |
|
sayakbanerjee
|
sticky_notes
|
Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parame…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3997
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301040
|
- |
|
tiki
|
tikiwiki_cms\/groupware
|
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_se…
|
CWE-200
Information Exposure
|
CVE-2012-3996
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
