CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1115
https://notcve.org/view.php?id=CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en LDAP Account Manager (LAM) Pro versión 3.6, en los parámetros export, add_value_form y dn en el archivo cmd.php. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html http://www.openwall.com/lists/oss-security/2012/03/05/24 http://www.openwall.com/lists/oss-security/2012/03/12/1 http://www.openwall.com/lists/oss-security/2012/03/12/10 http://www.securityfocus.com/bid/52255 https://bugzilla.redhat.com&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2012-1114
https://notcve.org/view.php?id=CVE-2012-1114
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en LDAP Account Manager (LAM) Pro versión 3.6, en el parámetro filter en el archivo cmd.php en una acción export y exporter_id y el parámetro filteruid en el archivo list.php. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html http://www.openwall.com/lists/oss-security/2012/03/05/24 http://www.openwall.com/lists/oss-security/2012/03/12/1 http://www.openwall.com/lists/oss-security/2012/03/12/10 http://www.securityfocus.com/bid/52255 https://bugzilla.redhat.com&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1105
https://notcve.org/view.php?id=CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. Se presenta una vulnerabilidad de Divulgación de Información en el paquete Jasig Project php-pear-CAS versión 1.2.2 en el directorio /tmp. La biblioteca del cliente Central Authentication Service guarda el archivo de registro de depuración de manera no segura. • http://www.openwall.com/lists/oss-security/2012/03/05/7 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105 https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog https://security-tracker.debian.org/tracker/CVE-2012-1105 https://www.securityfocus.com/bid/52280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2012-1104
https://notcve.org/view.php?id=CVE-2012-1104
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. Se presenta una vulnerabilidad de Omisión de Seguridad en la biblioteca phpCAS versión 1.2.2 del proyecto jasig debido a la manera en que el proxy de servicios es administrado. • http://www.openwall.com/lists/oss-security/2012/03/05/7 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104 https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog https://security-tracker.debian.org/tracker/CVE-2012-1104 https://www.securityfocus.com/bid/52279 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0326
https://notcve.org/view.php?id=CVE-2013-0326
OpenStack nova base images permissions are world readable Los permisos de imágenes base de OpenStack nova son de tipo world readable. • https://access.redhat.com/security/cve/cve-2013-0326 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0326 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-0326 https://security-tracker.debian.org/tracker/CVE-2013-0326 • CWE-732: Incorrect Permission Assignment for Critical Resource •