261491
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no r…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4549
|
2013-01-15 14:00 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261492
|
- |
|
redhat
|
certificate_system
|
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certai…
|
CWE-20
Improper Input Validation
|
CVE-2012-4556
|
2013-01-15 14:00 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261493
|
- |
|
dalbum
|
dalbum
|
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests th…
|
CWE-352
Origin Validation Error
|
CVE-2012-5891
|
2013-01-15 14:00 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261494
|
- |
|
samedia
|
landshop
|
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5899
|
2013-01-15 14:00 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261495
|
- |
|
samedia
|
landshop
|
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (…
|
CWE-89
SQL Injection
|
CVE-2012-5900
|
2013-01-15 14:00 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261496
|
- |
|
maxtom
|
atomymaxsite
|
Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing …
|
NVD-CWE-Other
|
CVE-2012-6498
|
2013-01-15 14:00 |
2013-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261497
|
- |
|
maxtom
|
atomymaxsite
|
Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2012-6498
|
2013-01-15 14:00 |
2013-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261498
|
- |
|
redhat
|
enterprise_virtualization_manager
|
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allow…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-2224
|
2013-01-15 14:00 |
2010-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261499
|
- |
|
redhat
|
libvirt
|
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associate…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2693
|
2013-01-15 13:30 |
2012-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261500
|
- |
|
wi-fi
|
wifi_protected_setup_protocol
|
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remo…
|
CWE-287
Improper Authentication
|
CVE-2011-5053
|
2013-01-15 13:25 |
2012-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|