256451
|
9.0 |
HIGH
|
cisco
|
telepresence_recording_server
|
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2012-3076
|
2012-07-12 19:34 |
2012-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256452
|
10.0 |
HIGH
|
netsweeper
|
netsweeper
|
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
|
NVD-CWE-noinfo
|
CVE-2012-3859
|
2012-07-10 23:29 |
2012-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256453
|
6.8 |
MEDIUM
|
netsweeper
|
netsweeper
|
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-2447
|
2012-07-10 23:10 |
2012-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256454
|
4.3 |
MEDIUM
|
netsweeper
|
netsweeper
|
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a loo…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2446
|
2012-07-10 23:05 |
2012-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256455
|
4.3 |
MEDIUM
|
aladdin fortinet pandasecurity rising-global
|
esafe fortinet_antivirus panda_antivirus rising_antivirus
|
The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file wit…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-1445
|
2012-07-10 13:28 |
2012-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256456
|
4.3 |
MEDIUM
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspe…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0716
|
2012-07-10 13:27 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256457
|
7.8 |
HIGH
|
f5
|
big-ip_application_security_manager big-ip_global_traffic_manager big-ip_local_traffic_manager tmos big-ip_1000 big-ip_11000 big-ip_11050 big-ip_1500 big-ip_1600 big-ip_240…
|
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x befor…
|
CWE-255
証明書・パスワード管理
|
CVE-2012-1493
|
2012-07-10 13:00 |
2012-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256458
|
7.8 |
HIGH
|
synel
|
sy-780\/a_time_\&_attendance_terminal
|
The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735.
|
CWE-399
リソース管理の問題
|
CVE-2012-2970
|
2012-07-10 13:00 |
2012-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256459
|
4.3 |
MEDIUM
|
astaro sophos
|
security_gateway_software security_gateway unified_threat_management_software unified_threat_management
|
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Co…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-3238
|
2012-07-10 13:00 |
2012-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256460
|
4.3 |
MEDIUM
|
hazama
|
mt4i
|
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2644
|
2012-07-9 23:28 |
2012-07-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256461
|
4.3 |
MEDIUM
|
hazama
|
mt4i
|
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2642
|
2012-07-9 13:00 |
2012-07-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256462
|
4.3 |
MEDIUM
|
kent-web
|
yy-board
|
Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2643
|
2012-07-9 13:00 |
2012-07-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256463
|
6.8 |
MEDIUM
|
symantec
|
message_filter
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for reque…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-0303
|
2012-07-6 23:14 |
2012-07-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256464
|
5.4 |
MEDIUM
|
symantec
|
message_filter
|
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2012-0301
|
2012-07-6 23:05 |
2012-07-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256465
|
4.3 |
MEDIUM
|
zenphoto
|
zenphoto
|
Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2641
|
2012-07-6 13:00 |
2012-07-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256466
|
2.6 |
LOW
|
redhat
|
dtach
|
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an …
|
CWE-189
数値処理の問題
|
CVE-2012-3368
|
2012-07-4 13:00 |
2012-07-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256467
|
4.3 |
MEDIUM
|
gnome
|
gdk-pixbuf
|
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (…
|
NVD-CWE-Other
|
CVE-2011-2485
|
2012-07-4 01:40 |
2012-07-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256468
|
1.2 |
LOW
|
apache
|
http_server
|
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…
|
CWE-20
不適切な入力確認
|
CVE-2011-4415
|
2012-07-3 13:04 |
2011-11-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256469
|
7.5 |
HIGH
|
php
|
php
|
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging pot…
|
CWE-94
コード・インジェクション
|
CVE-2011-3379
|
2012-07-3 13:02 |
2011-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256470
|
4.3 |
MEDIUM
|
secureideas
|
basic_analysis_and_security_engine
|
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parame…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4837
|
2012-07-3 13:00 |
2010-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256471
|
7.5 |
HIGH
|
secureideas
|
basic_analysis_and_security_engine
|
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NO…
|
CWE-89
SQLインジェクション
|
CVE-2009-4838
|
2012-07-3 13:00 |
2010-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256472
|
4.3 |
MEDIUM
|
secureideas
|
basic_analysis_and_security_engine
|
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4839
|
2012-07-3 13:00 |
2010-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256473
|
4.3 |
MEDIUM
|
secureideas
|
basic_analysis_and_security_engine
|
Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6156
|
2012-07-3 13:00 |
2007-11-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256474
|
7.5 |
HIGH
|
acid secureideas
|
analysis_console_for_intrusion_databases basic_analysis_and_security_engine
|
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2,…
|
CWE-89
SQLインジェクション
|
CVE-2005-3325
|
2012-07-3 13:00 |
2005-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256475
|
2.1 |
LOW
|
mikel_olasagasti
|
revelation
|
The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.
|
CWE-310
暗号の問題
|
CVE-2012-3818
|
2012-07-2 21:36 |
2012-06-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256476
|
4.3 |
MEDIUM
|
webatall
|
web\@all
|
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-3232
|
2012-07-2 21:22 |
2012-06-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256477
|
4.3 |
MEDIUM
|
paul_lesniewsk
|
autocomplete
|
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0323
|
2012-07-2 13:00 |
2012-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256478
|
2.1 |
LOW
|
david_paleino
|
wicd
|
The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly includin…
|
CWE-16
環境設定
|
CVE-2009-0489
|
2012-07-2 13:00 |
2009-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256479
|
5.0 |
MEDIUM
|
wordpress
|
wordpress
|
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a deni…
|
CWE-20
不適切な入力確認
|
CVE-2011-4957
|
2012-06-28 21:57 |
2012-06-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256480
|
2.6 |
LOW
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embed…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1253
|
2012-06-28 13:00 |
2012-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256481
|
6.5 |
MEDIUM
|
collabnet
|
scrumworks
|
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-2603
|
2012-06-28 13:00 |
2012-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256482
|
6.8 |
MEDIUM
|
webatall
|
web\@all
|
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that a…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-3231
|
2012-06-28 13:00 |
2012-06-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256483
|
7.5 |
HIGH
|
pippin_williamson
|
font_uploader
|
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-3814
|
2012-06-28 13:00 |
2012-06-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256484
|
10.0 |
HIGH
|
equis
|
metastock
|
Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.
|
CWE-399
リソース管理の問題
|
CVE-2011-3488
|
2012-06-28 13:00 |
2011-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256485
|
4.3 |
MEDIUM
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4956
|
2012-06-28 13:00 |
2012-06-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256486
|
3.5 |
LOW
|
geoff_davies
|
contact_forms
|
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-2340
|
2012-06-28 12:43 |
2012-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256487
|
5.1 |
MEDIUM
|
blaine_lang
|
filedepot
|
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-2719
|
2012-06-28 01:51 |
2012-06-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256488
|
5.0 |
MEDIUM
|
bryce_hamrick
|
janrain_capture
|
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t…
|
CWE-200
情報漏えい
|
CVE-2012-3798
|
2012-06-27 13:00 |
2012-06-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256489
|
5.0 |
MEDIUM
|
canonical
|
ubuntu_linux
|
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows rem…
|
CWE-200
情報漏えい
|
CVE-2012-0950
|
2012-06-26 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256490
|
6.9 |
MEDIUM
|
checkpoint
|
endpoint_connect endpoint_security endpoint_security_vpn remote_access_clients
|
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint …
|
NVD-CWE-Other
|
CVE-2012-2753
|
2012-06-26 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256491
|
6.9 |
MEDIUM
|
checkpoint
|
endpoint_connect endpoint_security endpoint_security_vpn remote_access_clients
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2012-2753
|
2012-06-26 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256492
|
4.0 |
MEDIUM
|
digium
|
asterisk
|
chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon cr…
|
NVD-CWE-Other
|
CVE-2012-3553
|
2012-06-26 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256493
|
4.0 |
MEDIUM
|
digium
|
asterisk
|
Per: http://cwe.mitre.org/data/definitions/476.html
'CWE-476: NULL Pointer Dereference'
|
NVD-CWE-Other
|
CVE-2012-3553
|
2012-06-26 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256494
|
7.5 |
HIGH
|
dell
|
wyse_device_manager
|
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 que…
|
CWE-287
不適切な認証
|
CVE-2009-0695
|
2012-06-26 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256495
|
6.4 |
MEDIUM
|
php
|
php
|
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2001-1247
|
2012-06-25 13:00 |
2001-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256496
|
2.6 |
LOW
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication …
|
CWE-287
不適切な認証
|
CVE-2012-0717
|
2012-06-21 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256497
|
9.3 |
HIGH
|
cisco
|
anyconnect_secure_mobility_client
|
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linu…
|
CWE-20
不適切な入力確認
|
CVE-2012-2493
|
2012-06-21 13:00 |
2012-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256498
|
4.3 |
MEDIUM
|
cisco
|
anyconnect_secure_mobility_client
|
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to t…
|
CWE-20
不適切な入力確認
|
CVE-2012-2494
|
2012-06-21 13:00 |
2012-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256499
|
4.3 |
MEDIUM
|
cisco
|
anyconnect_secure_mobility_client secure_desktop
|
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the…
|
CWE-20
不適切な入力確認
|
CVE-2012-2495
|
2012-06-21 13:00 |
2012-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256500
|
4.3 |
MEDIUM
|
adiscon
|
loganalyzer
|
Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight param…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-3790
|
2012-06-21 13:00 |
2012-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|