257171
|
- |
|
ushahidi
|
ushahidi_platform
|
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organiz…
|
CWE-287
Improper Authentication
|
CVE-2012-3473
|
2012-08-14 02:54 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257172
|
- |
|
ushahidi
|
ushahidi_platform
|
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize mess…
|
CWE-287
Improper Authentication
|
CVE-2012-3472
|
2012-08-14 02:53 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257173
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 a…
|
CWE-89
SQL Injection
|
CVE-2012-3471
|
2012-08-14 02:52 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257174
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in appl…
|
CWE-89
SQL Injection
|
CVE-2012-3469
|
2012-08-14 02:47 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257175
|
- |
|
manageengine
|
servicedesk_plus
|
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT ele…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2585
|
2012-08-14 02:22 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257176
|
- |
|
amazon
|
kindle_touch
|
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as…
|
CWE-94
Code Injection
|
CVE-2012-4249
|
2012-08-14 01:49 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257177
|
- |
|
phplist
|
phplist
|
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remot…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4247
|
2012-08-13 23:23 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257178
|
- |
|
winwebmail
|
winwebmail_server
|
Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2571
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257179
|
- |
|
tdah
|
t-day_webmail
|
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) …
|
CWE-79
Cross-site Scripting
|
CVE-2012-2573
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257180
|
- |
|
e-supportportal
|
escon_supportportal
|
Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2590
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|