|
261221
|
- |
|
cerberusftp
|
ftp_server
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a l…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6339
|
2012-12-31 20:50 |
2012-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261222
|
- |
|
mediawiki
|
rssreader
|
Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6453
|
2012-12-31 20:50 |
2012-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261223
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestb…
|
CWE-89
SQL Injection
|
CVE-2012-3873
|
2012-12-29 00:09 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261224
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) th…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3872
|
2012-12-29 00:06 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261225
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3870
|
2012-12-28 20:48 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261226
|
- |
|
openconstructor_project
|
openconstructor
|
Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3871
|
2012-12-28 20:48 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261227
|
- |
|
bestpractical
|
rtfm
|
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4731
|
2012-12-28 14:00 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261228
|
- |
|
laytontechnology
|
helpbox
|
Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) logg…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4974
|
2012-12-28 14:00 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261229
|
- |
|
vmware
|
springsource_spring_security
|
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the respons…
|
CWE-200
Information Exposure
|
CVE-2012-5055
|
2012-12-28 14:00 |
2012-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261230
|
- |
|
phpmyadmin
|
phpmyadmin
|
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-php…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5469
|
2012-12-28 14:00 |
2012-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
