|
263191
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribu…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3508
|
2012-08-29 13:00 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263192
|
- |
|
atmail
|
atmail_open
|
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executabl…
|
NVD-CWE-Other
|
CVE-2012-1916
|
2012-08-29 12:48 |
2012-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263193
|
- |
|
atmail
|
atmail_open
|
Per: http://www.kb.cert.org/vuls/id/743555 'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2012-1916
|
2012-08-29 12:48 |
2012-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263194
|
- |
|
atmail
|
atmail_open
|
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct director…
|
CWE-22
Path Traversal
|
CVE-2012-1917
|
2012-08-29 12:48 |
2012-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263195
|
- |
|
atmail
|
atmail_open
|
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A se…
|
CWE-94
Code Injection
|
CVE-2012-1919
|
2012-08-29 12:48 |
2012-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263196
|
- |
|
debian
|
cifs-utils
|
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error messag…
|
CWE-200
Information Exposure
|
CVE-2012-1586
|
2012-08-28 13:00 |
2012-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263197
|
- |
|
timely
|
all-in-one_event_calendar
|
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title p…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1835
|
2012-08-28 13:00 |
2012-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263198
|
- |
|
barandisolutions
|
shareyourcart
|
The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK.
|
CWE-200
Information Exposure
|
CVE-2012-4332
|
2012-08-28 13:00 |
2012-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263199
|
- |
|
bluecoat
|
reporter
|
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequentl…
|
CWE-22
Path Traversal
|
CVE-2011-5127
|
2012-08-28 07:54 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263200
|
- |
|
bluecoat
|
sgos
|
Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by…
|
CWE-200
Information Exposure
|
CVE-2011-5126
|
2012-08-28 07:38 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
