259801
|
- |
|
wordpress
|
wordpress
|
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a deni…
|
CWE-20
Improper Input Validation
|
CVE-2011-4957
|
2012-06-28 21:57 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259802
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embed…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1253
|
2012-06-28 13:00 |
2012-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259803
|
- |
|
collabnet
|
scrumworks
|
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2603
|
2012-06-28 13:00 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259804
|
- |
|
webatall
|
web\@all
|
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that a…
|
CWE-352
Origin Validation Error
|
CVE-2012-3231
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259805
|
- |
|
pippin_williamson
|
font_uploader
|
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3814
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259806
|
- |
|
equis
|
metastock
|
Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.
|
CWE-399
Resource Management Errors
|
CVE-2011-3488
|
2012-06-28 13:00 |
2011-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259807
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4956
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259808
|
- |
|
geoff_davies
|
contact_forms
|
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2340
|
2012-06-28 12:43 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259809
|
- |
|
blaine_lang
|
filedepot
|
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2719
|
2012-06-28 01:51 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259810
|
- |
|
bryce_hamrick
|
janrain_capture
|
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t…
|
CWE-200
Information Exposure
|
CVE-2012-3798
|
2012-06-27 13:00 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|