|
263181
|
- |
|
vbulletin
|
vbulletin
|
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.
|
CWE-89
SQL Injection
|
CVE-2012-4686
|
2012-08-29 23:34 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263182
|
- |
|
rik_de_boer
|
revisioning
|
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1635
|
2012-08-29 13:00 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263183
|
- |
|
danielb
|
finder
|
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1641
|
2012-08-29 13:00 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263184
|
- |
|
yaml-fuer-drupal
|
linkchecker
|
includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1642
|
2012-08-29 13:00 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263185
|
- |
|
jason_savino
|
fp
|
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vect…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1643
|
2012-08-29 13:00 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263186
|
- |
|
wimleers
|
cdn
|
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified ve…
|
CWE-200
Information Exposure
|
CVE-2012-1645
|
2012-08-29 13:00 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263187
|
- |
|
wellintech
|
kingview
|
WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.
|
CWE-255
Credentials Management
|
CVE-2012-1977
|
2012-08-29 13:00 |
2012-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263188
|
- |
|
mybb
|
mybb
|
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) M…
|
CWE-89
SQL Injection
|
CVE-2012-2324
|
2012-08-29 13:00 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263189
|
- |
|
afterlogic
|
mailsuite_pro
|
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribu…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2587
|
2012-08-29 13:00 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263190
|
- |
|
samsung
|
kies
|
The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified me…
|
CWE-94
Code Injection
|
CVE-2012-2990
|
2012-08-29 13:00 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
