261571
|
- |
|
phpmyadmin
|
phpmyadmin
|
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-php…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5469
|
2012-12-28 14:00 |
2012-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261572
|
- |
|
zohocorp
|
manageengine_assetexplorer
|
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset da…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5956
|
2012-12-28 14:00 |
2012-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261573
|
- |
|
video-lead-form
|
uk-cookie
|
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form actio…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6312
|
2012-12-28 14:00 |
2012-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261574
|
- |
|
sensiolabs
|
symfony
|
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI begin…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6432
|
2012-12-28 05:03 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261575
|
- |
|
sebastian_heinlein canonical
|
aptdaemon ubuntu_linux
|
Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-t…
|
NVD-CWE-noinfo
|
CVE-2012-0962
|
2012-12-28 03:42 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261576
|
- |
|
emc
|
data_protection_advisor
|
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif…
|
CWE-22
Path Traversal
|
CVE-2012-4616
|
2012-12-28 01:42 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261577
|
- |
|
epiqo
|
email
|
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5588
|
2012-12-27 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261578
|
- |
|
netgenius
|
multilink
|
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users …
|
CWE-200
Information Exposure
|
CVE-2012-5589
|
2012-12-27 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261579
|
- |
|
catalin_florian_radut
|
zeropoint
|
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5591
|
2012-12-27 14:00 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261580
|
- |
|
postoaktraffic
|
awam_bluetooth_reader
|
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4687
|
2012-12-26 14:00 |
2012-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|