256551
|
7.8 |
HIGH
|
opera
|
opera_browser
|
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
|
NVD-CWE-noinfo CWE-200
情報漏えい
|
CVE-2008-5683
|
2012-06-8 02:18 |
2008-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256552
|
6.8 |
MEDIUM
|
opera
|
opera_browser
|
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a b…
|
CWE-287
不適切な認証
|
CVE-2009-2070
|
2012-06-8 01:12 |
2009-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256553
|
10.0 |
HIGH
|
opera
|
opera_browser
|
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
|
NVD-CWE-noinfo
|
CVE-2009-0916
|
2012-06-7 13:00 |
2009-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256554
|
4.3 |
MEDIUM
|
bandainamcogames
|
madomagi-ip_android
|
The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a craft…
|
CWE-255
証明書・パスワード管理
|
CVE-2012-2630
|
2012-06-6 13:00 |
2012-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256555
|
6.5 |
MEDIUM
|
bestpractical
|
rt
|
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arb…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-5093
|
2012-06-6 01:34 |
2012-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256556
|
7.5 |
HIGH
|
bestpractical
|
rt
|
Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-5092
|
2012-06-6 01:31 |
2012-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256557
|
4.3 |
MEDIUM
|
rssowl
|
rssowl
|
Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1252
|
2012-06-5 13:00 |
2012-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256558
|
10.0 |
HIGH
|
cogentdatahub
|
cogent_datahub
|
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrar…
|
CWE-119
バッファエラー
|
CVE-2011-3493
|
2012-06-4 13:00 |
2011-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256559
|
7.1 |
HIGH
|
typo3
|
typo3
|
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values dur…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-3714
|
2012-06-1 12:33 |
2010-10-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256560
|
5.0 |
MEDIUM
|
php-collab
|
phpcollab
|
phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newt…
|
CWE-200
情報漏えい
|
CVE-2011-3772
|
2012-05-31 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256561
|
5.0 |
MEDIUM
|
idevspot
|
phphostbot
|
PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_ac…
|
CWE-200
情報漏えい
|
CVE-2011-3779
|
2012-05-31 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256562
|
4.3 |
MEDIUM
|
roundup-tracker
|
roundup
|
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2491
|
2012-05-31 13:00 |
2010-09-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256563
|
5.4 |
MEDIUM
|
cisco
|
ios unified_communications_manager
|
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted respo…
|
CWE-399
リソース管理の問題
|
CVE-2011-4019
|
2012-05-30 13:00 |
2012-05-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256564
|
2.1 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspeci…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-0657
|
2012-05-30 12:42 |
2012-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256565
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a mo…
|
CWE-119
バッファエラー
|
CVE-2012-0658
|
2012-05-30 12:42 |
2012-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256566
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
|
CWE-189
数値処理の問題
|
CVE-2012-0659
|
2012-05-30 12:42 |
2012-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256567
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
|
CWE-119
バッファエラー
|
CVE-2012-0660
|
2012-05-30 12:42 |
2012-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256568
|
7.5 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via…
|
CWE-189
数値処理の問題
|
CVE-2012-0662
|
2012-05-30 12:42 |
2012-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256569
|
4.3 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Caps…
|
CWE-287
不適切な認証
|
CVE-2012-0675
|
2012-05-30 12:42 |
2012-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256570
|
5.0 |
MEDIUM
|
cisco
|
unified_meetingplace
|
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate direc…
|
CWE-200
情報漏えい
|
CVE-2011-4232
|
2012-05-30 12:40 |
2012-05-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256571
|
6.5 |
MEDIUM
|
pligg
|
pligg_cms
|
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha para…
|
CWE-22
パス・トラバーサル
|
CVE-2012-2435
|
2012-05-29 13:00 |
2012-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256572
|
2.6 |
LOW
|
zen-cart
|
zen_cart
|
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attacker…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1413
|
2012-05-28 13:00 |
2012-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256573
|
2.6 |
LOW
|
oscommerce
|
online_merchant
|
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1792
|
2012-05-28 13:00 |
2012-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256574
|
7.2 |
HIGH
|
measuresoft
|
scadapro_client scadapro_server
|
Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working di…
|
NVD-CWE-Other
|
CVE-2012-1824
|
2012-05-28 13:00 |
2012-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256575
|
4.3 |
MEDIUM
|
sitracker
|
support_incident_tracker
|
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2235
|
2012-05-28 13:00 |
2012-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256576
|
7.8 |
HIGH
|
xarrow
|
xarrow
|
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
|
CWE-399
リソース管理の問題
|
CVE-2012-2426
|
2012-05-28 13:00 |
2012-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256577
|
10.0 |
HIGH
|
xarrow
|
xarrow
|
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
|
CWE-119
バッファエラー
|
CVE-2012-2427
|
2012-05-28 13:00 |
2012-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256578
|
10.0 |
HIGH
|
xarrow
|
xarrow
|
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
|
CWE-189
数値処理の問題
|
CVE-2012-2428
|
2012-05-28 13:00 |
2012-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256579
|
10.0 |
HIGH
|
xarrow
|
xarrow
|
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-189
数値処理の問題
|
CVE-2012-2429
|
2012-05-28 13:00 |
2012-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256580
|
7.5 |
HIGH
|
johan_cwiklinski
|
galette
|
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to pi…
|
CWE-89
SQLインジェクション
|
CVE-2012-2338
|
2012-05-23 02:25 |
2012-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256581
|
4.3 |
MEDIUM
|
symantec
|
web_gateway
|
Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vect…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0296
|
2012-05-23 01:37 |
2012-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256582
|
3.3 |
LOW
|
debian
|
texlive-extra-utils
|
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a te…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-2120
|
2012-05-22 01:24 |
2012-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256583
|
1.9 |
LOW
|
tembria
|
server_monitor
|
Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1)…
|
CWE-310
暗号の問題
|
CVE-2011-3685
|
2012-05-21 13:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256584
|
4.3 |
MEDIUM
|
sonexis
|
conferencemanager
|
Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) f…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3686
|
2012-05-21 13:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256585
|
4.3 |
MEDIUM
|
tembria
|
server_monitor
|
Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to log…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3684
|
2012-05-21 13:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256586
|
4.3 |
MEDIUM
|
wibu
|
codemeter_webadmin
|
Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3689
|
2012-05-21 13:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256587
|
1.9 |
LOW
|
netsaro
|
enterprise_messenger_server
|
NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base6…
|
CWE-310
暗号の問題
|
CVE-2011-3692
|
2012-05-21 13:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256588
|
1.9 |
LOW
|
netsaro
|
enterprise_messenger_server
|
NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file.
|
CWE-310
暗号の問題
|
CVE-2011-3693
|
2012-05-21 13:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256589
|
5.0 |
MEDIUM
|
netsaro
|
enterprise_messenger_server
|
The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL.
|
CWE-200
情報漏えい
|
CVE-2011-3694
|
2012-05-21 13:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256590
|
5.0 |
MEDIUM
|
phpicalendar
|
php_icalendar
|
PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_comm…
|
CWE-200
情報漏えい
|
CVE-2011-3780
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256591
|
5.0 |
MEDIUM
|
phpids
|
phpids
|
PHPIDS 0.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/IDS/Version…
|
CWE-200
情報漏えい
|
CVE-2011-3781
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256592
|
5.0 |
MEDIUM
|
phplinkdirectory
|
phpld
|
phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Sm…
|
CWE-200
情報漏えい
|
CVE-2011-3782
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256593
|
5.0 |
MEDIUM
|
phpmyfaq
|
phpmyfaq
|
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_…
|
CWE-200
情報漏えい
|
CVE-2011-3783
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256594
|
5.0 |
MEDIUM
|
phpnuke
|
php-nuke
|
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by t…
|
CWE-200
情報漏えい
|
CVE-2011-3784
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256595
|
5.0 |
MEDIUM
|
phppointofsale
|
php_point_of_sale
|
PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by s…
|
CWE-200
情報漏えい
|
CVE-2011-3785
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256596
|
5.0 |
MEDIUM
|
phprojekt
|
phprojekt
|
PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controll…
|
CWE-200
情報漏えい
|
CVE-2011-3786
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256597
|
5.0 |
MEDIUM
|
nick_korbel
|
phpscheduleit
|
phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates…
|
CWE-200
情報漏えい
|
CVE-2011-3787
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256598
|
5.0 |
MEDIUM
|
phpsec
|
phpsecinfo
|
PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suh…
|
CWE-200
情報漏えい
|
CVE-2011-3788
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256599
|
5.0 |
MEDIUM
|
phpwcms
|
phpwcms
|
phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/in…
|
CWE-200
情報漏えい
|
CVE-2011-3789
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256600
|
5.0 |
MEDIUM
|
piwigo
|
piwigo
|
Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.ph…
|
CWE-200
情報漏えい
|
CVE-2011-3790
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|