257071
|
- |
|
gnu
|
gnash
|
Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a craf…
|
CWE-189
Numeric Errors
|
CVE-2012-1175
|
2012-08-27 13:00 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257072
|
- |
|
ematia
|
elixir
|
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the data…
|
CWE-310
Cryptographic Issues
|
CVE-2012-2146
|
2012-08-27 13:00 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257073
|
- |
|
thomas_hunter
|
neoinvoice
|
SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action.
|
CWE-89
SQL Injection
|
CVE-2012-3477
|
2012-08-27 13:00 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257074
|
- |
|
google
|
tunnelblick
|
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
|
CWE-362
Race Condition
|
CVE-2012-3483
|
2012-08-27 13:00 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257075
|
- |
|
google
|
tunnelblick
|
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access res…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3484
|
2012-08-27 13:00 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257076
|
- |
|
google
|
tunnelblick
|
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3486
|
2012-08-27 13:00 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257077
|
- |
|
google
|
tunnelblick
|
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
|
CWE-362
Race Condition
|
CVE-2012-3487
|
2012-08-27 13:00 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257078
|
- |
|
darold
|
squidclamav
|
The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cau…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3501
|
2012-08-27 13:00 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257079
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4668
|
2012-08-27 13:00 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257080
|
- |
|
isode
|
m-link
|
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses fo…
|
CWE-20
Improper Input Validation
|
CVE-2012-4669
|
2012-08-27 13:00 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|