|
263301
|
- |
|
bloxx
|
web_filtering
|
Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2566
|
2012-08-19 12:44 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263302
|
- |
|
sap
|
netweaver
|
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace config…
|
CWE-20
Improper Input Validation
|
CVE-2012-2611
|
2012-08-19 12:44 |
2012-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263303
|
- |
|
cisco
|
wireless_control_system_software
|
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.
|
CWE-200
Information Exposure
|
CVE-2011-4014
|
2012-08-19 12:38 |
2012-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263304
|
- |
|
lattice_semiconductor
|
lattice_diamond_programmer
|
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long stri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2614
|
2012-08-18 13:00 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263305
|
- |
|
standards_based_linux_instrumentation
|
sblim-sfcb
|
sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
|
NVD-CWE-Other
|
CVE-2012-3381
|
2012-08-17 23:20 |
2012-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263306
|
- |
|
ez
|
ezjscore
|
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1597
|
2012-08-17 13:00 |
2012-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263307
|
- |
|
splunk
|
splunk
|
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1908
|
2012-08-17 13:00 |
2012-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263308
|
- |
|
openstack
|
essex
folsom
|
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to wr…
|
CWE-22
Path Traversal
|
CVE-2012-3360
|
2012-08-17 12:53 |
2012-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263309
|
- |
|
openstack
|
diablo
essex
folsom
|
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3361
|
2012-08-17 12:53 |
2012-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263310
|
- |
|
siemens
|
comos
|
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3009
|
2012-08-16 19:38 |
2012-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
