Lista CVE - 2012 / Agosto
Visualizzazione 101 - 200 di 735 CVE per Agosto 2012 (Pagina 2 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2012-3463 | 2012-08-10 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2012-3464 | 2012-08-10 | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML... |
| CVE-2012-3465 | 2012-08-10 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web... |
| CVE-2012-3554 | 2012-08-10 | SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-4071 | 2012-08-10 | Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary... |
| CVE-2012-4235 | 2012-08-10 | The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a... |
| CVE-2012-3132 | 2012-08-10 | SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a... |
| CVE-2012-3457 | 2012-08-12 | PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. |
| CVE-2012-3952 | 2012-08-12 | Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. |
| CVE-2012-3953 | 2012-08-12 | SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. |
| CVE-2012-4034 | 2012-08-12 | Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget... |
| CVE-2012-4035 | 2012-08-12 | The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php. |
| CVE-2012-4246 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer,... |
| CVE-2012-4247 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4)... |
| CVE-2012-2577 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact,... |
| CVE-2012-2602 | 2012-08-12 | Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user... |
| CVE-2012-2963 | 2012-08-12 | The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive... |
| CVE-2012-2964 | 2012-08-12 | The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network... |
| CVE-2012-2965 | 2012-08-12 | Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an... |
| CVE-2012-2966 | 2012-08-12 | Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors. |
| CVE-2012-2967 | 2012-08-12 | Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors. |
| CVE-2012-2968 | 2012-08-12 | Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within... |
| CVE-2012-2969 | 2012-08-12 | Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an... |
| CVE-2012-2584 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style... |
| CVE-2012-4069 | 2012-08-12 | Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db. |
| CVE-2012-4070 | 2012-08-12 | SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php. |
| CVE-2012-4248 | 2012-08-12 | The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving... |
| CVE-2012-4249 | 2012-08-12 | The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop... |
| CVE-2012-2571 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2)... |
| CVE-2012-2573 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2)... |
| CVE-2012-2585 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element,... |
| CVE-2012-2587 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute... |
| CVE-2012-2590 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT... |
| CVE-2012-3468 | 2012-08-12 | Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the... |
| CVE-2012-3469 | 2012-08-12 | Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2)... |
| CVE-2012-3470 | 2012-08-12 | Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions. |
| CVE-2012-3471 | 2012-08-12 | Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an... |
| CVE-2012-3472 | 2012-08-12 | The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request. |
| CVE-2012-3473 | 2012-08-12 | The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and... |
| CVE-2012-3474 | 2012-08-12 | The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author... |
| CVE-2012-3475 | 2012-08-12 | The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. |
| CVE-2012-3476 | 2012-08-12 | Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors... |
| CVE-2012-4250 | 2012-08-13 | Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string... |
| CVE-2012-4251 | 2012-08-13 | Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php,... |
| CVE-2012-4252 | 2012-08-13 | Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action,... |
| CVE-2012-4253 | 2012-08-13 | Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter... |
| CVE-2012-4254 | 2012-08-13 | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. |
| CVE-2012-4256 | 2012-08-13 | The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. |
| CVE-2012-4257 | 2012-08-13 | Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in... |
| CVE-2012-4259 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S... |
| CVE-2012-4260 | 2012-08-13 | Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter... |
| CVE-2012-4261 | 2012-08-13 | SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. |
| CVE-2012-4262 | 2012-08-13 | Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to... |
| CVE-2012-2324 | 2012-08-13 | Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log... |
| CVE-2012-2325 | 2012-08-13 | SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via... |
| CVE-2012-2326 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file... |
| CVE-2012-2327 | 2012-08-13 | MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. |
| CVE-2012-4255 | 2012-08-13 | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. |
| CVE-2012-4258 | 2012-08-13 | Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter... |
| CVE-2009-5066 | 2012-08-13 | twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. |
| CVE-2011-0523 | 2012-08-13 | gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. |
| CVE-2011-0524 | 2012-08-13 | Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function. |
| CVE-2012-2370 | 2012-08-13 | Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or... |
| CVE-2012-2662 | 2012-08-13 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters... |
| CVE-2012-2806 | 2012-08-13 | Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a... |
| CVE-2012-3367 | 2012-08-13 | Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to... |
| CVE-2012-3401 | 2012-08-13 | The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause... |
| CVE-2012-3417 | 2012-08-13 | The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to... |
| CVE-2012-3425 | 2012-08-13 | The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds... |
| CVE-2012-2368 | 2012-08-13 | Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password. |
| CVE-2012-2371 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. |
| CVE-2012-3869 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. |
| CVE-2012-4263 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT... |
| CVE-2012-4268 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. |
| CVE-2012-4269 | 2012-08-13 | Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. |
| CVE-2012-4270 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message. |
| CVE-2012-4271 | 2012-08-13 | Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML... |
| CVE-2012-4273 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2012-4281 | 2012-08-13 | Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to... |
| CVE-2012-4264 | 2012-08-13 | Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related... |
| CVE-2012-4265 | 2012-08-13 | SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| CVE-2012-4266 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are... |
| CVE-2012-4267 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. |
| CVE-2012-4272 | 2012-08-13 | Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors... |
| CVE-2012-4274 | 2012-08-13 | Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00... |
| CVE-2012-4275 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-4276 | 2012-08-13 | Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack vectors. |
| CVE-2012-4277 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-4278 | 2012-08-13 | Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3)... |
| CVE-2012-4279 | 2012-08-13 | Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php. |
| CVE-2012-4280 | 2012-08-13 | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an... |
| CVE-2012-2274 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
| CVE-2012-2330 | 2012-08-13 | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information... |
| CVE-2012-4282 | 2012-08-13 | SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-5096 | 2012-08-13 | Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or... |
| CVE-2012-2331 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant... |
| CVE-2012-2332 | 2012-08-13 | SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request... |
| CVE-2012-4283 | 2012-08-13 | Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter. |
| CVE-2012-2097 | 2012-08-14 | Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests... |
| CVE-2012-4324 | 2012-08-14 | Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in... |