261091
|
- |
|
isaac_sukin
|
shorten
|
Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions …
|
CWE-79
Cross-site Scripting
|
CVE-2012-4492
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261092
|
- |
|
mime_mail_module_project
|
mimemail
|
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4495
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261093
|
- |
|
nancy_wichmann
|
announcements
|
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unsp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4500
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261094
|
- |
|
pizzashack
|
rssh
|
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3478
|
2013-03-2 13:44 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261095
|
- |
|
justsystems
|
atok
|
The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4016
|
2013-03-2 13:44 |
2012-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261096
|
- |
|
jb\+
|
jigbrowser\+
|
The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
|
CWE-94
Code Injection
|
CVE-2012-4017
|
2013-03-2 13:44 |
2012-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261097
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4020
|
2013-03-2 13:44 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261098
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information …
|
CWE-287
Improper Authentication
|
CVE-2012-4021
|
2013-03-2 13:44 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261099
|
- |
|
fultek
|
wintr_scada
|
Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request.
|
CWE-22
Path Traversal
|
CVE-2012-3011
|
2013-03-2 13:43 |
2012-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261100
|
- |
|
oscommerce paypal
|
online_merchant website_payments_standard_module
|
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant'…
|
NVD-CWE-Other
|
CVE-2012-2991
|
2013-03-2 13:42 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|