CVE-2012-1211
published 2012-02-24CVE-2012-1211: Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.60%
72.8th percentile
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| powie | pfile | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2012-3972 Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
bugzilla·2012-08-27·CVSS 5.0
CVE-2012-3972 [MEDIUM] CVE-2012-3972 Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
CVE-2012-3972 Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
Security researcher Nicolas Grégoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable.
Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Nicolas Grégoire as the original reporter of this flaw.
External Reference:
https://www.mozilla.org/security/advisories/mfsa2012-65/
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:1211 https://rhn.redhat.com/errata/RHSA-2012-1211.html
---
Bugzilla
CVE-2012-3967 CVE-2012-3968 Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62)
bugzilla·2012-08-27·CVSS 9.3
CVE-2012-3967 [CRITICAL] CVE-2012-3967 CVE-2012-3968 Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62)
CVE-2012-3967 CVE-2012-3968 Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62)
Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. The first issue is a use-after-free when WebGL shaders are called after being destroyed. The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash.
Reference:
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter of this flaw.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:1211 https://rhn.redhat.com/errata/RHSA-201
http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.htmlhttp://www.securityfocus.com/bid/51982https://exchange.xforce.ibmcloud.com/vulnerabilities/73165http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.htmlhttp://www.securityfocus.com/bid/51982https://exchange.xforce.ibmcloud.com/vulnerabilities/73165
2012-02-24
Published