|
302021
|
- |
|
ibm
|
tivoli_asset_management_for_it
maximo_asset_management
smartcloud_control_desk
change_and_configuration_management_database
maximo_service_desk
tivoli_service_request_manager
|
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk,…
|
NVD-CWE-Other
|
CVE-2012-2183
|
2024-11-21 10:38 |
2012-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302022
|
- |
|
openkm
|
openkm
|
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrat…
|
CWE-352
Origin Validation Error
|
CVE-2012-2316
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302023
|
- |
|
openkm
|
openkm
|
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2315
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302024
|
- |
|
open-emr
|
openemr
|
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
|
CWE-89
SQL Injection
|
CVE-2012-2115
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302025
|
- |
|
chatelao
|
php_address_book
|
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1912
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302026
|
- |
|
chatelao
|
php_address_book
|
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter …
|
CWE-89
SQL Injection
|
CVE-2012-1911
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302027
|
- |
|
mclewin
|
wishlist
|
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary u…
|
CWE-352
Origin Validation Error
|
CVE-2012-2069
|
2024-11-21 10:38 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302028
|
- |
|
tiger-fish
|
fancy_slide
|
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permissi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2068
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302029
|
- |
|
ckeditor
|
fckeditor
ckeditor
|
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allo…
|
NVD-CWE-noinfo
|
CVE-2012-2067
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302030
|
- |
|
ckeditor
|
fckeditor
ckeditor
|
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticate…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2066
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
