|
257701
|
- |
|
spreecommerce
|
spree
|
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographi…
|
CWE-255
Credentials Management
|
CVE-2008-7311
|
2012-04-12 13:00 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257702
|
- |
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used wi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1030
|
2012-04-11 19:39 |
2012-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257703
|
- |
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1036
|
2012-04-11 19:39 |
2012-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257704
|
- |
|
toshibatec
|
e-studio-167_with_network_printer_kit_firmware
e-studio-181_with_network_printer_kit_firmware
e-studio-182_with_network_printer_kit_firmware
e-studio-207_with_network_printer_kit_firmware
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attacker…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1239
|
2012-04-9 13:00 |
2012-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
257705
|
- |
|
cisco
|
video_surveillance_2421
video_surveillance_2500
video_surveillance_software
video_surveillance_2600
|
Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause…
|
CWE-399
Resource Management Errors
|
CVE-2011-3318
|
2012-04-6 13:00 |
2011-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257706
|
- |
|
cisco
|
webex_recording_format_player
|
Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a craf…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-3319
|
2012-04-6 13:00 |
2011-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257707
|
- |
|
cisco
|
webex_recording_format_player
|
Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4004
|
2012-04-6 13:00 |
2011-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257708
|
- |
|
openssl
|
openssl
|
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use o…
|
CWE-310
Cryptographic Issues
|
CVE-2008-7270
|
2012-04-6 12:07 |
2010-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257709
|
- |
|
redmine
|
redmine
|
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) Iss…
|
CWE-255
Credentials Management
|
CVE-2012-2054
|
2012-04-5 23:55 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257710
|
- |
|
spreecommerce
|
spree
|
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step vi…
|
CWE-255
Credentials Management
|
CVE-2008-7310
|
2012-04-5 22:25 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
