257401
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embed…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1253
|
2012-06-28 13:00 |
2012-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257402
|
- |
|
collabnet
|
scrumworks
|
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2603
|
2012-06-28 13:00 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257403
|
- |
|
webatall
|
web\@all
|
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that a…
|
CWE-352
Origin Validation Error
|
CVE-2012-3231
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257404
|
- |
|
pippin_williamson
|
font_uploader
|
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3814
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257405
|
- |
|
equis
|
metastock
|
Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.
|
CWE-399
Resource Management Errors
|
CVE-2011-3488
|
2012-06-28 13:00 |
2011-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257406
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4956
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257407
|
- |
|
geoff_davies
|
contact_forms
|
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2340
|
2012-06-28 12:43 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257408
|
- |
|
blaine_lang
|
filedepot
|
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2719
|
2012-06-28 01:51 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257409
|
- |
|
bryce_hamrick
|
janrain_capture
|
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t…
|
CWE-200
Information Exposure
|
CVE-2012-3798
|
2012-06-27 13:00 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257410
|
- |
|
canonical
|
ubuntu_linux
|
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows rem…
|
CWE-200
Information Exposure
|
CVE-2012-0950
|
2012-06-26 13:00 |
2012-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|