|
263391
|
- |
|
opscode
|
chef
|
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5098
|
2012-08-10 13:00 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263392
|
- |
|
fenrir-inc
|
sleipnir_mobile
|
Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to in…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4004
|
2012-08-9 22:47 |
2012-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263393
|
- |
|
tryton
|
trytond
|
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authent…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0215
|
2012-08-9 13:00 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263394
|
- |
|
florian_weber
|
spaces
|
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2303
|
2012-08-9 13:00 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263395
|
- |
|
justin_ellison
|
node_gallery
|
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that creat…
|
CWE-352
Origin Validation Error
|
CVE-2012-2305
|
2012-08-9 13:00 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263396
|
- |
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2012-3384
|
2012-08-9 13:00 |
2012-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263397
|
- |
|
opera
|
opera_browser
|
Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."
|
NVD-CWE-noinfo
|
CVE-2012-3559
|
2012-08-9 13:00 |
2012-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263398
|
- |
|
csilvers
|
gperftools
|
Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large siz…
|
CWE-189
Numeric Errors
|
CVE-2005-4895
|
2012-08-9 13:00 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263399
|
- |
|
extplorer
|
extplorer
|
eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3454
|
2012-08-9 00:21 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263400
|
- |
|
novell
|
suse_audit_log_keeper
|
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by rea…
|
CWE-200
Information Exposure
|
CVE-2012-0421
|
2012-08-8 19:26 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
