|
263571
|
- |
|
collabnet
|
scrumworks
|
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2603
|
2012-06-28 13:00 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263572
|
- |
|
webatall
|
web\@all
|
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that a…
|
CWE-352
Origin Validation Error
|
CVE-2012-3231
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263573
|
- |
|
pippin_williamson
|
font_uploader
|
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3814
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263574
|
- |
|
equis
|
metastock
|
Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.
|
CWE-399
Resource Management Errors
|
CVE-2011-3488
|
2012-06-28 13:00 |
2011-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263575
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4956
|
2012-06-28 13:00 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263576
|
- |
|
geoff_davies
|
contact_forms
|
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2340
|
2012-06-28 12:43 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263577
|
- |
|
blaine_lang
|
filedepot
|
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2719
|
2012-06-28 01:51 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263578
|
- |
|
bryce_hamrick
|
janrain_capture
|
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t…
|
CWE-200
Information Exposure
|
CVE-2012-3798
|
2012-06-27 13:00 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263579
|
- |
|
canonical
|
ubuntu_linux
|
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows rem…
|
CWE-200
Information Exposure
|
CVE-2012-0950
|
2012-06-26 13:00 |
2012-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263580
|
- |
|
checkpoint
|
endpoint_connect
endpoint_security
endpoint_security_vpn
remote_access_clients
|
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint …
|
NVD-CWE-Other
|
CVE-2012-2753
|
2012-06-26 13:00 |
2012-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
