CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 0CVE-2012-5650 – Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-5650
14 Jan 2013 — Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite. Una vulnerabilidad de tipo cross-site scripting (XSS) en la UI de Futon en Apache CouchDB anteriores a versión 1.0.4, versiones 1.1.x anteriores a 1.1.2 y versiones 1.2.x anteriores a 1.2.1, permite a los atacantes remotos inyectar script web o HTML arbitra... • http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1CVE-2012-5641 – Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 Information Disclosure
https://notcve.org/view.php?id=CVE-2012-5641
14 Jan 2013 — Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. Vulnerabilidad de salto de directorio en la función partition2 en mochiweb_util.erl en MochiWeb anterior a 2.4.0, utilizado en Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1, permite a ata... • http://seclists.org/fulldisclosure/2013/Jan/81 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2012-5649 – Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 JSONP Adobe Code Execution
https://notcve.org/view.php?id=CVE-2012-5649
14 Jan 2013 — Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1 permite a atacantes remotos ejecutar código arbitrario a través de una devolución de llamada JSONP, relacionado con Adobe Flash. A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessib... • http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •