|
304931
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated us…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3476
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304932
|
- |
|
ushahidi
|
ushahidi_platform
|
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2012-3475
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304933
|
- |
|
ushahidi
|
ushahidi_platform
|
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP addre…
|
CWE-200
Information Exposure
|
CVE-2012-3474
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304934
|
- |
|
ushahidi
|
ushahidi_platform
|
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organiz…
|
CWE-287
Improper Authentication
|
CVE-2012-3473
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304935
|
- |
|
ushahidi
|
ushahidi_platform
|
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize mess…
|
CWE-287
Improper Authentication
|
CVE-2012-3472
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304936
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 a…
|
CWE-89
SQL Injection
|
CVE-2012-3471
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304937
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vector…
|
CWE-89
SQL Injection
|
CVE-2012-3470
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304938
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in appl…
|
CWE-89
SQL Injection
|
CVE-2012-3469
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304939
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/contr…
|
CWE-89
SQL Injection
|
CVE-2012-3468
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304940
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2969
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
