|
260891
|
- |
|
oscommerce
paypal
|
online_merchant
website_payments_standard_module
|
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant'…
|
NVD-CWE-Other
|
CVE-2012-2991
|
2013-03-2 13:42 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260892
|
- |
|
cososys
|
endpoint_protector_appliace_4
|
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2994
|
2013-03-2 13:42 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260893
|
- |
|
mutiny
|
standard
|
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
|
CWE-78
OS Command
|
CVE-2012-3001
|
2013-03-2 13:42 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260894
|
- |
|
mutiny
|
standard
|
Per: http://www.kb.cert.org/vuls/id/841851
"Impact
An authenticated attacker can run arbitrary commands on the appliance."
|
CWE-78
OS Command
|
CVE-2012-3001
|
2013-03-2 13:42 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260895
|
- |
|
mutiny
|
standard
|
Per: http://www.mutiny.com/products.php
"Mutiny is a virtual appliance that uses industry standard SNMP to gather information from IT Infrastructure, process and display the results in a multi-use…
|
CWE-78
OS Command
|
CVE-2012-3001
|
2013-03-2 13:42 |
2012-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260896
|
- |
|
foscam
wansview
|
h.264_hi3510\/11\/12_ip_camera
|
The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to …
|
CWE-287
Improper Authentication
|
CVE-2012-3002
|
2013-03-2 13:42 |
2012-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260897
|
- |
|
quagga
|
quagga
|
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationsh…
|
NVD-CWE-Other
|
CVE-2012-1820
|
2013-03-2 13:40 |
2012-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260898
|
- |
|
springsource
|
grails
|
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1833
|
2013-03-2 13:40 |
2012-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260899
|
- |
|
umich
|
libgssglue
libgssapi
|
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment va…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2709
|
2013-03-2 13:33 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260900
|
- |
|
katello
|
katello
|
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
|
CWE-200
Information Exposure
|
CVE-2012-5561
|
2013-03-2 00:51 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
