|
263151
|
- |
|
typo3
|
typo3
|
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection …
|
CWE-20
Improper Input Validation
|
CVE-2012-1608
|
2012-09-5 13:00 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263152
|
- |
|
mark_theunissen
|
views_lang_switch
|
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2064
|
2012-09-5 13:00 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263153
|
- |
|
freso
|
languageicons
|
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2065
|
2012-09-5 13:00 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263154
|
- |
|
gnome
|
at-spi2-atk
|
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier fo…
|
CWE-310
Cryptographic Issues
|
CVE-2012-3378
|
2012-09-5 13:00 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263155
|
- |
|
bluecoat
|
director
|
Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method.
|
CWE-79
Cross-site Scripting
|
CVE-2011-5125
|
2012-09-5 13:00 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263156
|
- |
|
ingumadev
|
bokken
|
Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.
|
CWE-59
Link Following
|
CVE-2011-5146
|
2012-09-5 13:00 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263157
|
- |
|
comodo
|
comodo_internet_security
|
The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote …
|
CWE-20
Improper Input Validation
|
CVE-2010-5185
|
2012-09-5 13:00 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263158
|
- |
|
tornadoweb
|
tornado
|
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting…
|
CWE-20
Improper Input Validation
|
CVE-2012-2374
|
2012-09-5 12:23 |
2012-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263159
|
- |
|
bdale_garbee
|
as31
|
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.
|
CWE-59
Link Following
|
CVE-2012-0808
|
2012-09-5 12:21 |
2012-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263160
|
- |
|
garrettcom
|
magnum_managed_networks_software-6k
magnum_managed_networks_software-6k_secure
|
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileg…
|
CWE-255
Credentials Management
|
CVE-2012-3014
|
2012-09-4 20:04 |
2012-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
