|
261621
|
- |
|
dell
|
openmanage_server_administrator
|
Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic p…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6272
|
2013-01-30 14:00 |
2013-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261622
|
- |
|
uninett
|
radsecproxy
|
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, whi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4523
|
2013-01-30 13:55 |
2012-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261623
|
- |
|
google
mozilla
|
chrome
firefox
|
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypte…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4930
|
2013-01-30 13:55 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261624
|
- |
|
apache
|
axis2
|
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
|
CWE-287
Improper Authentication
|
CVE-2012-4418
|
2013-01-30 13:54 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261625
|
- |
|
lars_hjemli
|
cgit
|
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-4465
|
2013-01-30 13:54 |
2012-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261626
|
- |
|
privatemsg_project
|
privatemsg
|
Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4468
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261627
|
- |
|
philip_ludlam
|
listhandler
|
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4470
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261628
|
- |
|
dominique_clause
|
search_autocomplete
|
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4471
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261629
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an…
|
NVD-CWE-Other
|
CVE-2012-4472
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261630
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2012-4472
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
