260631
|
- |
|
mailup
|
wp-mailup
|
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2640
|
2013-04-5 13:00 |
2013-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260632
|
- |
|
cisco
|
asa_cx_context-aware_security prime_security_manager
|
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to caus…
|
CWE-399
Resource Management Errors
|
CVE-2012-4629
|
2013-04-5 12:13 |
2012-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260633
|
- |
|
pnp4nagios
|
pnp4nagios
|
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3457
|
2013-04-5 12:12 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260634
|
- |
|
fetchmail
|
fetchmail
|
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NT…
|
NVD-CWE-noinfo
|
CVE-2012-3482
|
2013-04-5 12:12 |
2012-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260635
|
- |
|
munin-monitoring
|
munin
|
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3512
|
2013-04-5 12:12 |
2012-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260636
|
- |
|
mono
|
mono
|
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3382
|
2013-04-5 12:11 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260637
|
- |
|
gnome
|
libgdata
|
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoof…
|
CWE-20
Improper Input Validation
|
CVE-2012-1177
|
2013-04-5 12:09 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260638
|
- |
|
atheme
|
atheme
|
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1576
|
2013-04-5 12:09 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260639
|
- |
|
novell
|
groupwise
|
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directo…
|
CWE-22
Path Traversal
|
CVE-2012-0419
|
2013-04-5 12:07 |
2012-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260640
|
- |
|
tedfelix
|
acpid2
|
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4578
|
2013-04-5 12:06 |
2012-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|