|
256881
|
- |
|
racemotocross_project
|
racemotocross
|
The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt…
|
CWE-310
Cryptographic Issues
|
CVE-2014-6667
|
2014-10-3 21:19 |
2014-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256882
|
- |
|
plone
|
plone
|
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
|
CWE-94
Code Injection
|
CVE-2012-5495
|
2014-10-3 03:57 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256883
|
- |
|
zope
plone
|
zope
plone
|
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa…
|
CWE-362
Race Condition
|
CVE-2012-5507
|
2014-10-3 03:25 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256884
|
- |
|
mytx
|
tx_smart
|
The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5959
|
2014-10-3 03:14 |
2014-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256885
|
- |
|
plone
|
plone
|
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permissi…
|
CWE-399
Resource Management Errors
|
CVE-2012-5506
|
2014-10-3 03:12 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256886
|
- |
|
plone
|
plone
|
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
|
CWE-200
Information Exposure
|
CVE-2012-5505
|
2014-10-3 03:07 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256887
|
- |
|
plone
|
plone
|
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
|
CWE-399
Resource Management Errors
|
CVE-2012-5496
|
2014-10-3 02:58 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256888
|
- |
|
plone
zope
|
plone
zope
|
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to g…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5489
|
2014-10-3 02:54 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256889
|
- |
|
postfix
|
postfix
|
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt func…
|
CWE-89
SQL Injection
|
CVE-2012-0811
|
2014-10-3 01:39 |
2014-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256890
|
- |
|
yorba
|
geary
|
Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted cer…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5444
|
2014-10-2 09:19 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
