261441
|
- |
|
cisco
|
prime_lan_management_solution
|
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arb…
|
CWE-20
Improper Input Validation
|
CVE-2012-6392
|
2013-01-29 14:00 |
2013-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261442
|
- |
|
cisco
|
quad webex_social
|
Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub619…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6397
|
2013-01-29 14:00 |
2013-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261443
|
- |
|
shawn_bradley
|
php_volunteer_management
|
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-6504
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261444
|
- |
|
shawn_bradley
|
php_volunteer_management
|
Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6505
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261445
|
- |
|
netartmedia
|
car_portal
|
Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary …
|
CWE-352
Origin Validation Error
|
CVE-2012-6508
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261446
|
- |
|
netartmedia
|
car_portal
|
Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.
|
NVD-CWE-Other
|
CVE-2012-6509
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261447
|
- |
|
netartmedia
|
car_portal
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2012-6509
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261448
|
- |
|
netartmedia
|
car_portal
|
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6510
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261449
|
- |
|
gpeasy
|
gpeasy_cms
|
Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6513
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261450
|
- |
|
efrontlearning
|
efront
|
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the insta…
|
CWE-200
Information Exposure
|
CVE-2012-6515
|
2013-01-29 14:00 |
2013-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|