AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting

AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. id: CVE-2012-4547 info: name: AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting author: dhiyaneshDk severity: medium description: AWStats is prone to multip...

Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access

An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. id: CVE-2012-0896 info: name: Count Per Day = 3.1 - download.php f Parameter Traversal Arbitrary File Access author:...

TikiWiki CMS Groupware v8.3 - Open Redirect

tiki-featuredlink.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection id: CVE-2012-5321 info: name: TikiWiki CMS Groupware v8.3 - Open Redirect author: ctflearner severity:...

YouSayToo auto-publishing 1.0 - Cross-Site Scripting

A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. id: CVE-2012-0901 info: name: YouSayToo auto-publishing 1.0 - Cross-Site Scripting author: daffainfo...

Apache Struts2 S2-008 RCE

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. id: CVE-2012-0392 info: name: Apache...

Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...

SUSE CVE-2012-5120

Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array...

The use of CVE2012-0 1 5 8 old vulnerability in the latest APT attack V1. 0-vulnerability warning-the black bar safety net

Format overflow vulnerabilities are often APT to attack the use. In such vulnerability, CVE2012-0 1 5 8 over the past year the most often used one. The use of the vulnerability of the carrier is typically an RTF file formats, the internal data in hex string form saved. 2 0 1 3 years 1 month of...

Fedora 18 : mate-settings-daemon-1.5.3-5.fc18 (2012-18977)

Fix CVE2012-5560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...