Lista CVE - 2012 / Novembre
Visualizzazione 101 - 200 di 436 CVE per Novembre 2012 (Pagina 2 di 5)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2012-4021 | 2012-11-08 | MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified... |
| CVE-2012-4022 | 2012-11-08 | Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. |
| CVE-2012-4023 | 2012-11-08 | CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
| CVE-2012-5171 | 2012-11-08 | Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. |
| CVE-2011-1374 | 2012-11-09 | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT... |
| CVE-2012-3751 | 2012-11-09 | Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with... |
| CVE-2012-3752 | 2012-11-09 | Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a... |
| CVE-2012-3753 | 2012-11-09 | Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. |
| CVE-2012-3754 | 2012-11-09 | Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)... |
| CVE-2012-3755 | 2012-11-09 | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. |
| CVE-2012-3756 | 2012-11-09 | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4... |
| CVE-2012-3757 | 2012-11-09 | Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. |
| CVE-2012-3758 | 2012-11-09 | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack... |
| CVE-2012-2455 | 2012-11-10 | Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects... |
| CVE-2012-3523 | 2012-11-11 | The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command... |
| CVE-2012-4504 | 2012-11-11 | Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. |
| CVE-2012-4505 | 2012-11-11 | Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP... |
| CVE-2012-4540 | 2012-11-11 | Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information,... |
| CVE-2012-4548 | 2012-11-11 | Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight... |
| CVE-2012-4564 | 2012-11-11 | ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted... |
| CVE-2012-4573 | 2012-11-11 | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than... |
| CVE-2012-4732 | 2012-11-11 | Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of... |
| CVE-2012-4734 | 2012-11-11 | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to... |
| CVE-2012-5482 | 2012-11-11 | The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists... |
| CVE-2012-5827 | 2012-11-11 | Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." |
| CVE-2012-4513 | 2012-11-11 | khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign... |
| CVE-2012-4514 | 2012-11-11 | rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a... |
| CVE-2012-4515 | 2012-11-11 | Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code... |
| CVE-2012-4553 | 2012-11-11 | Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." |
| CVE-2012-4554 | 2012-11-11 | The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. |
| CVE-2012-4730 | 2012-11-11 | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain... |
| CVE-2012-4731 | 2012-11-11 | FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. |
| CVE-2012-4884 | 2012-11-11 | Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client. |
| CVE-2012-1810 | 2012-11-13 | EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004. |
| CVE-2012-1811 | 2012-11-13 | EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006. |
| CVE-2012-1812 | 2012-11-13 | eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000. |
| CVE-2012-1813 | 2012-11-13 | eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 12000. |
| CVE-2012-5285 | 2012-11-13 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android... |
| CVE-2012-5286 | 2012-11-13 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android... |
| CVE-2012-5287 | 2012-11-13 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android... |
| CVE-2012-5673 | 2012-11-13 | Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android... |
| CVE-2012-1527 | 2012-11-14 | Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold... |
| CVE-2012-1528 | 2012-11-14 | Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold... |
| CVE-2012-1538 | 2012-11-14 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." |
| CVE-2012-1539 | 2012-11-14 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." |
| CVE-2012-1885 | 2012-11-14 | Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote... |
| CVE-2012-1886 | 2012-11-14 | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a... |
| CVE-2012-1887 | 2012-11-14 | Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a... |
| CVE-2012-1895 | 2012-11-14 | The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code... |
| CVE-2012-1896 | 2012-11-14 | Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted... |
| CVE-2012-2519 | 2012-11-14 | Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via... |
| CVE-2012-2530 | 2012-11-14 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,... |
| CVE-2012-2531 | 2012-11-14 | Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." |
| CVE-2012-2532 | 2012-11-14 | Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by... |
| CVE-2012-2543 | 2012-11-14 | Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to... |
| CVE-2012-2553 | 2012-11-14 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1... |
| CVE-2012-4775 | 2012-11-14 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability." |
| CVE-2012-4776 | 2012-11-14 | The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings,... |
| CVE-2012-4777 | 2012-11-14 | The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1)... |
| CVE-2012-2619 | 2012-11-14 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to... |
| CVE-2012-3330 | 2012-11-14 | The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of... |
| CVE-2012-3569 | 2012-11-14 | Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers... |
| CVE-2012-4847 | 2012-11-14 | IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte. |
| CVE-2012-4850 | 2012-11-14 | IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. |
| CVE-2012-4851 | 2012-11-14 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. |
| CVE-2012-4853 | 2012-11-14 | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication... |
| CVE-2012-4948 | 2012-11-14 | The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to... |
| CVE-2012-4949 | 2012-11-14 | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. |
| CVE-2012-4953 | 2012-11-14 | The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does... |
| CVE-2012-5458 | 2012-11-14 | VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges... |
| CVE-2012-5459 | 2012-11-14 | Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan... |
| CVE-2012-5860 | 2012-11-14 | Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 smart cards makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the generation of non-compliant public keys. |
| CVE-2012-4951 | 2012-11-15 | Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or... |
| CVE-2012-4954 | 2012-11-15 | The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter... |
| CVE-2012-4955 | 2012-11-15 | Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2012-5851 | 2012-11-15 | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for... |
| CVE-2012-4612 | 2012-11-16 | Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2012-4613 | 2012-11-16 | EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local... |
| CVE-2012-5522 | 2012-11-16 | MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass... |
| CVE-2012-5523 | 2012-11-16 | core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a... |
| CVE-2012-5777 | 2012-11-16 | Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template. |
| CVE-2012-4189 | 2012-11-16 | Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field... |
| CVE-2012-4197 | 2012-11-16 | Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to... |
| CVE-2012-4198 | 2012-11-16 | The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups... |
| CVE-2012-4199 | 2012-11-16 | template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names... |
| CVE-2012-5881 | 2012-11-16 | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a... |
| CVE-2012-5882 | 2012-11-16 | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a... |
| CVE-2012-5883 | 2012-11-16 | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x... |
| CVE-2012-5884 | 2012-11-16 | The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request,... |
| CVE-2012-2733 | 2012-11-16 | java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a... |
| CVE-2012-5172 | 2012-11-16 | The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted... |
| CVE-2012-5856 | 2012-11-17 | Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5885 | 2012-11-17 | The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead... |
| CVE-2012-5886 | 2012-11-17 | The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which... |
| CVE-2012-5887 | 2012-11-17 | The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with... |
| CVE-2012-5888 | 2012-11-17 | Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5889 | 2012-11-17 | Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5890 | 2012-11-17 | The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. |
| CVE-2012-5892 | 2012-11-17 | Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for... |
| CVE-2012-5893 | 2012-11-17 | Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it... |