The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. Date published : 2012-11-27 http://www.kb.cert.org/vuls/id/281284
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. Date published : 2012-11-27 http://www.securityfocus.com/bid/56682...
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. Date published...
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2012-11-27 http://www.securityfocus.com/bid/56699 http://archives.neohapsis.com/archives/bugtraq/2012-11/0096.html
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Date...
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action. Date published : 2012-11-26 http://www.securityfocus.com/bid/44050...
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter...
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. Date published : 2012-11-26 http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html...
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action...
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE:...
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the...
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download...
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message. Date published...
Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file. Date published : 2012-11-26 http://www.exploit-db.com/exploits/18851 http://www.osvdb.org/81828