257331
|
- |
|
yomecolle
|
nec_biglobe_yome_collection
|
The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE perm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2640
|
2012-07-17 13:00 |
2012-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257332
|
- |
|
irfanview
|
irfanview_plugins
|
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS f…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3585
|
2012-07-17 13:00 |
2012-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257333
|
- |
|
avaya
|
ip_office_customer_call_reporter
|
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.1…
|
NVD-CWE-Other
|
CVE-2012-3811
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257334
|
- |
|
avaya
|
ip_office_customer_call_reporter
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2012-3811
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257335
|
- |
|
joomla
|
joomla\!
|
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
|
CWE-200
Information Exposure
|
CVE-2012-3829
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257336
|
- |
|
milesj
|
decoda
|
Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3832
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257337
|
- |
|
babygekko
|
baby_gekko
|
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the u…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3836
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257338
|
- |
|
babygekko
|
baby_gekko
|
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3837
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257339
|
- |
|
babygekko
|
baby_gekko
|
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.
|
CWE-200
Information Exposure
|
CVE-2012-3838
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257340
|
- |
|
jbmc-software
|
directadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3842
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|