|
301581
|
- |
|
tridium
|
niagara_ax
|
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as dem…
|
CWE-22
Path Traversal
|
CVE-2012-4027
|
2024-11-21 10:42 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301582
|
- |
|
johnsoncontrols
|
pegasys_p2000_server_software
pegasys_p2000_server
|
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerabil…
|
CWE-20
Improper Input Validation
|
CVE-2012-4026
|
2024-11-21 10:42 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301583
|
- |
|
ckeditor
|
fckeditor
|
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remo…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4000
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301584
|
- |
|
sayakbanerjee
|
sticky_notes
|
Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3999
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301585
|
- |
|
sayakbanerjee
|
sticky_notes
|
Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.…
|
CWE-89
SQL Injection
|
CVE-2012-3998
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301586
|
- |
|
sayakbanerjee
|
sticky_notes
|
Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parame…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3997
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301587
|
- |
|
tiki
|
tikiwiki_cms\/groupware
|
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_se…
|
CWE-200
Information Exposure
|
CVE-2012-3996
|
2024-11-21 10:42 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301588
|
4.3 |
MEDIUM
Network
|
arialsoftware
|
campaign_enterprise
|
A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.
|
CWE-863
Incorrect Authorization
|
CVE-2012-3821
|
2024-11-21 10:41 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301589
|
7.5 |
HIGH
Network
|
arialsoftware
|
campaign_enterprise
|
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.
|
CWE-287
Improper Authentication
|
CVE-2012-3824
|
2024-11-21 10:41 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301590
|
7.5 |
HIGH
Network
|
arialsoftware
|
campaign_enterprise
|
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2012-3823
|
2024-11-21 10:41 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
