|
263361
|
- |
|
apache
|
qpid
|
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster…
|
CWE-287
Improper Authentication
|
CVE-2011-3620
|
2012-08-14 12:30 |
2012-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263362
|
- |
|
ultravnc
|
ultravnc
|
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-0610
|
2012-08-14 11:37 |
2008-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263363
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated us…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3476
|
2012-08-14 02:58 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263364
|
- |
|
ushahidi
|
ushahidi_platform
|
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP addre…
|
CWE-200
Information Exposure
|
CVE-2012-3474
|
2012-08-14 02:55 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263365
|
- |
|
ushahidi
|
ushahidi_platform
|
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organiz…
|
CWE-287
Improper Authentication
|
CVE-2012-3473
|
2012-08-14 02:54 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263366
|
- |
|
ushahidi
|
ushahidi_platform
|
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize mess…
|
CWE-287
Improper Authentication
|
CVE-2012-3472
|
2012-08-14 02:53 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263367
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 a…
|
CWE-89
SQL Injection
|
CVE-2012-3471
|
2012-08-14 02:52 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263368
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in appl…
|
CWE-89
SQL Injection
|
CVE-2012-3469
|
2012-08-14 02:47 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263369
|
- |
|
manageengine
|
servicedesk_plus
|
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT ele…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2585
|
2012-08-14 02:22 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263370
|
- |
|
amazon
|
kindle_touch
|
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as…
|
CWE-94
Code Injection
|
CVE-2012-4249
|
2012-08-14 01:49 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
