|
262921
|
- |
|
pkp
|
open_journal_systems
|
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files…
|
CWE-22
Path Traversal
|
CVE-2012-1467
|
2012-09-13 13:00 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262922
|
- |
|
phplist
|
phplist
|
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
|
CWE-89
SQL Injection
|
CVE-2012-2740
|
2012-09-13 13:00 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262923
|
- |
|
phplist
|
phplist
|
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2741
|
2012-09-13 13:00 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262924
|
- |
|
arbiter
|
power_sentinel_1133a_firmware
power_sentinel
|
The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buf…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3012
|
2012-09-13 13:00 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262925
|
- |
|
opera
|
opera_browser
|
Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.
|
NVD-CWE-Other
|
CVE-2012-4010
|
2012-09-13 13:00 |
2012-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262926
|
- |
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and access…
|
NVD-CWE-Other
|
CVE-2012-4389
|
2012-09-13 13:00 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262927
|
- |
|
owncloud
|
owncloud
|
Per: http://cwe.mitre.org/data/definitions/184.html
'CWE-184: Incomplete Blacklist'
|
NVD-CWE-Other
|
CVE-2012-4389
|
2012-09-13 13:00 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262928
|
- |
|
owncloud
|
owncloud
|
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2012-4390
|
2012-09-13 13:00 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262929
|
- |
|
owncloud
|
owncloud
|
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
|
CWE-287
Improper Authentication
|
CVE-2012-4392
|
2012-09-13 13:00 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262930
|
- |
|
oreans
|
themida
|
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-4865
|
2012-09-13 13:00 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
