260881
|
- |
|
moinmo
|
moinmoin
|
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4404
|
2013-04-19 12:24 |
2012-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260882
|
- |
|
php
|
php
|
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote a…
|
NVD-CWE-Other
|
CVE-2012-3450
|
2013-04-19 12:23 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260883
|
- |
|
postgresql
|
postgresql
|
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURIT…
|
CWE-399
Resource Management Errors
|
CVE-2012-2655
|
2013-04-19 12:22 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260884
|
- |
|
oracle
|
jdk jre
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via u…
|
NVD-CWE-noinfo
|
CVE-2012-3136
|
2013-04-19 12:22 |
2012-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260885
|
- |
|
gajim
|
gajim
|
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.
|
CWE-94
Code Injection
|
CVE-2012-2085
|
2013-04-19 12:21 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260886
|
- |
|
gajim
|
gajim
|
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
|
CWE-89
SQL Injection
|
CVE-2012-2086
|
2013-04-19 12:21 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260887
|
- |
|
asterisk
|
open_source certified_asterisk digiumphones business_edition
|
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-…
|
NVD-CWE-Other
|
CVE-2012-2186
|
2013-04-19 12:21 |
2012-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260888
|
- |
|
devscripts_devel_team
|
devscripts
|
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
|
CWE-20
Improper Input Validation
|
CVE-2012-2240
|
2013-04-19 12:21 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260889
|
- |
|
devscripts_devel_team
|
devscripts
|
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are no…
|
CWE-20
Improper Input Validation
|
CVE-2012-2242
|
2013-04-19 12:21 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260890
|
- |
|
mahara
|
mahara
|
Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2253
|
2013-04-19 12:21 |
2012-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|