|
263101
|
- |
|
airdroid
|
airdroid
|
The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack.
|
CWE-287
Improper Authentication
|
CVE-2012-3885
|
2012-07-27 22:45 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263102
|
- |
|
novell
|
zenworks_configuration_management
|
Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-3174
|
2012-07-27 22:39 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263103
|
- |
|
novell
|
zenworks_configuration_management
|
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to exe…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2658
|
2012-07-27 22:33 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263104
|
- |
|
airdroid
|
airdroid
|
AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless netw…
|
CWE-287
Improper Authentication
|
CVE-2012-3884
|
2012-07-27 13:00 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263105
|
- |
|
airdroid
|
airdroid
|
AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by…
|
CWE-310
Cryptographic Issues
|
CVE-2012-3887
|
2012-07-27 13:00 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263106
|
- |
|
palo_alto
|
global_protected_gateway
ssl_vpn
networks
|
Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4043
|
2012-07-27 13:00 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263107
|
- |
|
novell
|
zenworks_configuration_management
|
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.…
|
CWE-22
Path Traversal
|
CVE-2011-2657
|
2012-07-27 13:00 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263108
|
- |
|
extplorer
|
extplorer
|
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account …
|
CWE-352
Origin Validation Error
|
CVE-2012-3362
|
2012-07-27 12:40 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263109
|
- |
|
apple
|
safari
|
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3690
|
2012-07-26 23:23 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263110
|
- |
|
freebsd
netbsd
|
freebsd
netbsd
|
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-…
|
CWE-189
Numeric Errors
|
CVE-2007-6754
|
2012-07-26 21:52 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
