|
261231
|
- |
|
zohocorp
|
manageengine_assetexplorer
|
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset da…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5956
|
2012-12-28 14:00 |
2012-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261232
|
- |
|
video-lead-form
|
uk-cookie
|
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form actio…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6312
|
2012-12-28 14:00 |
2012-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261233
|
- |
|
sensiolabs
|
symfony
|
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI begin…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6432
|
2012-12-28 05:03 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261234
|
- |
|
sebastian_heinlein
canonical
|
aptdaemon
ubuntu_linux
|
Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-t…
|
NVD-CWE-noinfo
|
CVE-2012-0962
|
2012-12-28 03:42 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261235
|
- |
|
emc
|
data_protection_advisor
|
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif…
|
CWE-22
Path Traversal
|
CVE-2012-4616
|
2012-12-28 01:42 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261236
|
- |
|
epiqo
|
email
|
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5588
|
2012-12-27 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261237
|
- |
|
netgenius
|
multilink
|
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users …
|
CWE-200
Information Exposure
|
CVE-2012-5589
|
2012-12-27 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261238
|
- |
|
catalin_florian_radut
|
zeropoint
|
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5591
|
2012-12-27 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261239
|
- |
|
postoaktraffic
|
awam_bluetooth_reader
|
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4687
|
2012-12-26 14:00 |
2012-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261240
|
- |
|
carlosgavazzi
|
eos-box_photovoltaic_monitoring_system_firmware
eos-box_photovoltaic_monitoring_system
|
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issu…
|
CWE-89
SQL Injection
|
CVE-2012-6427
|
2012-12-24 14:00 |
2012-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
