CVE-2012-5378

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrate...

CVE-2012-5377

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, a...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2012-5379

CVE-2012-5379 affects ActivePython 3.2.2.3 installed in the top-level C:\ directory, where an untrusted search path can allow a Trojan horse DLL (wlbsctrl.dll) in C:\Python27 or C:\Python27\Scripts to be found via the PATH, enabling local privilege escalation through the IKE and AuthIP IPsec Keyi...

CVE-2012-5382

CVE-2012-5382 describes an untrusted search path vulnerability in Zend Server 5.6.0 SP4 when installed in the top-level C:\ directory. A Trojan horse DLL placed in C:\Zend\ZendServer\share\ZendFramework\bin could be added to PATH by an administrator, enabling local privilege escalation via wlbsct...

PT-2012-5963 · Microsoft +1 · Windows 8 +4

Name of the Vulnerable Software and Affected Versions: PHP version 5.3.17 Description: The issue is related to an untrusted search path vulnerability in the installation functionality of PHP. This vulnerability might allow local users to gain privileges via a Trojan horse DLL in the C:PHP...

CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

CVE-2012-5343

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-5343

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-0846

Cross-site scripting XSS vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable...

Cross site scripting

Cross-site scripting XSS vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable...

phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion

Exploit for php platform in category web applications Author: Janek Vind "waraxe" Date: 01. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-91.html Description of vulnerable target: phpMyBitTorrent is the brand new Open Source solution for BitTorrent communities!...

phpMyBitTorrent 2.04 - Multiple Vulnerabilities

phpMyBitTorrent 2.04 - Multiple Vulnerabilities waraxe-2012-SA091 - Multiple Vulnerabilities in phpMyBitTorrent 2.04 =============================================================================== Author: Janek Vind "waraxe" Date: 01. October 2012 Location: Estonia, Tartu Web:...

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

Code injection

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...