|
260921
|
- |
|
glpi-project
|
glpi
|
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4003
|
2013-04-11 12:30 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260922
|
- |
|
djangoproject
|
django
|
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3442
|
2013-04-11 12:29 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260923
|
- |
|
djangoproject
|
django
|
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a…
|
CWE-20
Improper Input Validation
|
CVE-2012-3443
|
2013-04-11 12:29 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260924
|
- |
|
djangoproject
|
django
|
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows re…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3444
|
2013-04-11 12:29 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260925
|
- |
|
fedorahosted
|
cronie
|
File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.
|
CWE-200
Information Exposure
|
CVE-2012-6097
|
2013-04-10 22:23 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260926
|
- |
|
newrelic
|
ruby_agent
|
Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and…
|
CWE-200
Information Exposure
|
CVE-2013-0284
|
2013-04-10 13:00 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260927
|
- |
|
adobe
|
shockwave_player
|
Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1383
|
2013-04-10 13:00 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260928
|
- |
|
adobe
|
shockwave_player
|
Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1…
|
NVD-CWE-noinfo
|
CVE-2013-1384
|
2013-04-10 13:00 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260929
|
- |
|
adobe
|
shockwave_player
|
Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1385
|
2013-04-10 13:00 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260930
|
- |
|
adobe
|
shockwave_player
|
Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1…
|
NVD-CWE-noinfo
|
CVE-2013-1386
|
2013-04-10 13:00 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
