|
263031
|
- |
|
ushahidi
|
ushahidi_platform
|
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2012-3475
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263032
|
- |
|
dir2web
|
dir2web
|
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4069
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263033
|
- |
|
dir2web
|
dir2web
|
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
|
CWE-89
SQL Injection
|
CVE-2012-4070
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263034
|
- |
|
phplist
|
phplist
|
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4246
|
2012-08-13 13:00 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263035
|
- |
|
amazon
|
kindle_touch
|
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4248
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263036
|
- |
|
opscode
|
chef
|
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allow…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5097
|
2012-08-13 13:00 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263037
|
- |
|
opscode
|
chef
|
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5142
|
2012-08-13 13:00 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263038
|
- |
|
rsgallery2
|
com_rsgallery2
|
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands …
|
CWE-89
SQL Injection
|
CVE-2012-3554
|
2012-08-10 22:59 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263039
|
- |
|
rsgallery2
|
com_rsgallery2
|
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4071
|
2012-08-10 19:34 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263040
|
- |
|
rsgallery2
|
com_rsgallery2
|
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for …
|
CWE-200
Information Exposure
|
CVE-2012-4235
|
2012-08-10 19:34 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
