|
263661
|
- |
|
pligg
|
pligg_cms
|
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha para…
|
CWE-22
Path Traversal
|
CVE-2012-2435
|
2012-05-29 13:00 |
2012-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263662
|
- |
|
zen-cart
|
zen_cart
|
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1413
|
2012-05-28 13:00 |
2012-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263663
|
- |
|
oscommerce
|
online_merchant
|
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1792
|
2012-05-28 13:00 |
2012-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263664
|
- |
|
measuresoft
|
scadapro_client
scadapro_server
|
Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working di…
|
NVD-CWE-Other
|
CVE-2012-1824
|
2012-05-28 13:00 |
2012-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263665
|
- |
|
sitracker
|
support_incident_tracker
|
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2235
|
2012-05-28 13:00 |
2012-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263666
|
- |
|
xarrow
|
xarrow
|
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2012-2426
|
2012-05-28 13:00 |
2012-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263667
|
- |
|
xarrow
|
xarrow
|
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2427
|
2012-05-28 13:00 |
2012-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263668
|
- |
|
xarrow
|
xarrow
|
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
|
CWE-189
Numeric Errors
|
CVE-2012-2428
|
2012-05-28 13:00 |
2012-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263669
|
- |
|
xarrow
|
xarrow
|
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-189
Numeric Errors
|
CVE-2012-2429
|
2012-05-28 13:00 |
2012-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263670
|
- |
|
johan_cwiklinski
|
galette
|
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to pi…
|
CWE-89
SQL Injection
|
CVE-2012-2338
|
2012-05-23 02:25 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
