|
261171
|
- |
|
nancy_wichmann
|
announcements
|
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unsp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4500
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261172
|
- |
|
pizzashack
|
rssh
|
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3478
|
2013-03-2 13:44 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261173
|
- |
|
justsystems
|
atok
|
The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4016
|
2013-03-2 13:44 |
2012-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261174
|
- |
|
jb\+
|
jigbrowser\+
|
The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
|
CWE-94
Code Injection
|
CVE-2012-4017
|
2013-03-2 13:44 |
2012-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261175
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4020
|
2013-03-2 13:44 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261176
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information …
|
CWE-287
Improper Authentication
|
CVE-2012-4021
|
2013-03-2 13:44 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261177
|
- |
|
fultek
|
wintr_scada
|
Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request.
|
CWE-22
Path Traversal
|
CVE-2012-3011
|
2013-03-2 13:43 |
2012-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261178
|
- |
|
oscommerce
paypal
|
online_merchant
website_payments_standard_module
|
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant'…
|
NVD-CWE-Other
|
CVE-2012-2991
|
2013-03-2 13:42 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261179
|
- |
|
cososys
|
endpoint_protector_appliace_4
|
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2994
|
2013-03-2 13:42 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261180
|
- |
|
mutiny
|
standard
|
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
|
CWE-78
OS Command
|
CVE-2012-3001
|
2013-03-2 13:42 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
