257371
|
- |
|
acid secureideas
|
analysis_console_for_intrusion_databases basic_analysis_and_security_engine
|
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2,…
|
CWE-89
SQL Injection
|
CVE-2005-3325
|
2012-07-3 13:00 |
2005-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257372
|
- |
|
mikel_olasagasti
|
revelation
|
The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.
|
CWE-310
Cryptographic Issues
|
CVE-2012-3818
|
2012-07-2 21:36 |
2012-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257373
|
- |
|
webatall
|
web\@all
|
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3232
|
2012-07-2 21:22 |
2012-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257374
|
- |
|
paul_lesniewsk
|
autocomplete
|
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-0323
|
2012-07-2 13:00 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257375
|
- |
|
david_paleino
|
wicd
|
The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly includin…
|
CWE-16
Configuration
|
CVE-2009-0489
|
2012-07-2 13:00 |
2009-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257376
|
- |
|
wordpress
|
wordpress
|
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a deni…
|
CWE-20
Improper Input Validation
|
CVE-2011-4957
|
2012-06-28 21:57 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257377
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embed…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1253
|
2012-06-28 13:00 |
2012-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257378
|
- |
|
collabnet
|
scrumworks
|
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2603
|
2012-06-28 13:00 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257379
|
- |
|
webatall
|
web\@all
|
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that a…
|
CWE-352
Origin Validation Error
|
CVE-2012-3231
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257380
|
- |
|
pippin_williamson
|
font_uploader
|
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3814
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|