257191
|
- |
|
amazon
|
kindle_touch
|
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4248
|
2012-08-13 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257192
|
- |
|
opscode
|
chef
|
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allow…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5097
|
2012-08-13 13:00 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257193
|
- |
|
opscode
|
chef
|
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5142
|
2012-08-13 13:00 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257194
|
- |
|
rsgallery2
|
com_rsgallery2
|
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands …
|
CWE-89
SQL Injection
|
CVE-2012-3554
|
2012-08-10 22:59 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257195
|
- |
|
rsgallery2
|
com_rsgallery2
|
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4071
|
2012-08-10 19:34 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257196
|
- |
|
rsgallery2
|
com_rsgallery2
|
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for …
|
CWE-200
Information Exposure
|
CVE-2012-4235
|
2012-08-10 19:34 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257197
|
- |
|
opscode
|
chef
|
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5098
|
2012-08-10 13:00 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257198
|
- |
|
fenrir-inc
|
sleipnir_mobile
|
Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to in…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4004
|
2012-08-9 22:47 |
2012-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257199
|
- |
|
tryton
|
trytond
|
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authent…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0215
|
2012-08-9 13:00 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257200
|
- |
|
florian_weber
|
spaces
|
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2303
|
2012-08-9 13:00 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|