261511
|
- |
|
m2osw
|
tableofcontents
|
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5584
|
2013-01-8 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261512
|
- |
|
epiqo
|
email
|
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5587
|
2013-01-8 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261513
|
- |
|
wordpress
|
wordpress
|
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-…
|
CWE-200
Information Exposure
|
CVE-2012-5868
|
2013-01-8 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261514
|
- |
|
vmware
|
vcenter_server_appliance
|
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2012-6325
|
2013-01-8 14:00 |
2012-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261515
|
- |
|
lookout
|
lookout
|
The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
|
NVD-CWE-noinfo
|
CVE-2012-6336
|
2013-01-8 14:00 |
2012-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261516
|
- |
|
centrify
|
centrify_deployment_manager centrify_suite
|
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, …
|
CWE-59
Link Following
|
CVE-2012-6348
|
2013-01-8 14:00 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261517
|
- |
|
carlosgavazzi
|
eos-box_photovoltaic_monitoring_system_firmware eos-box_photovoltaic_monitoring_system
|
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password …
|
CWE-255
Credentials Management
|
CVE-2012-6428
|
2013-01-8 14:00 |
2012-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261518
|
- |
|
redhat
|
certificate_system
|
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a den…
|
NVD-CWE-Other
|
CVE-2012-4555
|
2013-01-8 00:41 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261519
|
- |
|
redhat
|
enterprise_virtualization_manager
|
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4316
|
2013-01-7 23:54 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261520
|
- |
|
steven_jones
|
context
|
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5655
|
2013-01-7 14:00 |
2013-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|