|
263161
|
- |
|
garrettcom
|
magnum_managed_networks_software-6k
magnum_managed_networks_software-6k_secure
|
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileg…
|
CWE-255
Credentials Management
|
CVE-2012-3014
|
2012-09-4 20:04 |
2012-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263162
|
- |
|
garrettcom
|
magnum_managed_networks_software-6k
magnum_managed_networks_software-6k_secure
|
Per http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf
"An attacker with access to an established user account could remotely log into the affected system and elevate privileges to the…
|
CWE-255
Credentials Management
|
CVE-2012-3014
|
2012-09-4 20:04 |
2012-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263163
|
- |
|
mozilla
|
bugzilla
|
Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4747
|
2012-09-4 20:04 |
2012-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263164
|
- |
|
fusiondrupalthemes
|
fusion
|
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2083
|
2012-09-4 13:00 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263165
|
- |
|
commerceguys
|
commerce_reorder
|
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add …
|
CWE-352
Origin Validation Error
|
CVE-2012-2116
|
2012-09-4 13:00 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263166
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HT…
|
CWE-20
Improper Input Validation
|
CVE-2012-2965
|
2012-09-4 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263167
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.
|
NVD-CWE-Other
|
CVE-2012-2966
|
2012-09-4 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263168
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack…
|
NVD-CWE-Other
|
CVE-2012-2967
|
2012-09-4 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263169
|
- |
|
caucho
|
resin
|
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an…
|
CWE-22
Path Traversal
|
CVE-2012-2968
|
2012-09-4 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263170
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2969
|
2012-09-4 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
