261141
|
- |
|
bigace
|
bigace
|
Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2012-5173
|
2013-04-11 12:31 |
2012-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261142
|
- |
|
bigace
|
bigace
|
Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'
|
NVD-CWE-Other
|
CVE-2012-5173
|
2013-04-11 12:31 |
2012-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261143
|
- |
|
atutor
|
acontent
|
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vu…
|
CWE-89
SQL Injection
|
CVE-2012-5453
|
2013-04-11 12:31 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261144
|
- |
|
atutor
|
acontent
|
user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5454
|
2013-04-11 12:31 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261145
|
- |
|
glpi-project
|
glpi
|
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2012-4002
|
2013-04-11 12:30 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261146
|
- |
|
glpi-project
|
glpi
|
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4003
|
2013-04-11 12:30 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261147
|
- |
|
djangoproject
|
django
|
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3442
|
2013-04-11 12:29 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261148
|
- |
|
djangoproject
|
django
|
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a…
|
CWE-20
Improper Input Validation
|
CVE-2012-3443
|
2013-04-11 12:29 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261149
|
- |
|
djangoproject
|
django
|
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows re…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3444
|
2013-04-11 12:29 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261150
|
- |
|
fedorahosted
|
cronie
|
File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.
|
CWE-200
Information Exposure
|
CVE-2012-6097
|
2013-04-10 22:23 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|