Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-10-01 | CVE-2012-4063 | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2012-10-01 | CVE-2012-1604 | Cross-Site Scripting vulnerability in Nextbbs 0.6 Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. | 4.3 |
2012-10-01 | CVE-2012-1603 | SQL Injection vulnerability in Nextbbs 0.6 Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | 7.5 |
2012-10-01 | CVE-2012-1602 | Improper Authentication vulnerability in Nextbbs 0.6 user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | 7.5 |
2012-10-01 | CVE-2012-1471 | Path Traversal vulnerability in Ocportal Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
2012-10-01 | CVE-2012-1470 | Cross-Site Scripting vulnerability in Ocportal Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. | 4.3 |
2012-10-01 | CVE-2012-5233 | Cross-Site Scripting vulnerability in Luke Herrington Stickynote 7.X1.0/7.X1.X Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | 2.1 |
2012-10-01 | CVE-2012-1636 | Cross-Site Request Forgery (CSRF) vulnerability in Luke Herrington Stickynote 7.X1.0/7.X1.X Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | 4.3 |
2012-10-01 | CVE-2012-0989 | Cross-Site Scripting vulnerability in Oneorzero Action and Information Management System 2.8.0 Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | 4.3 |
2012-10-01 | CVE-2012-5232 | Cross-Site Scripting vulnerability in Mediafire MOD Quick Form Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |