259191
|
- |
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that c…
|
CWE-352
Origin Validation Error
|
CVE-2011-3668
|
2012-02-2 13:07 |
2012-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259192
|
- |
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that…
|
CWE-352
Origin Validation Error
|
CVE-2011-3669
|
2012-02-2 13:07 |
2012-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259193
|
- |
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag.
|
CWE-79
Cross-site Scripting
|
CVE-2011-2463
|
2012-02-2 13:06 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259194
|
- |
|
gnome
|
libsoup
|
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
|
CWE-22
Path Traversal
|
CVE-2011-2524
|
2012-02-2 13:06 |
2011-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259195
|
- |
|
linux-ha
|
ocf_resource_agents
|
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allow…
|
NVD-CWE-Other
|
CVE-2010-3389
|
2012-02-2 12:58 |
2010-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259196
|
- |
|
python
|
virtualenv
|
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
|
CWE-59
Link Following
|
CVE-2011-4617
|
2012-02-1 13:12 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259197
|
- |
|
zabbix
|
zabbix
|
Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.
|
CWE-79
Cross-site Scripting
|
CVE-2011-5027
|
2012-02-1 13:12 |
2011-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259198
|
- |
|
cisco
|
digital_media_manager
|
Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878.
|
CWE-94
Code Injection
|
CVE-2012-0329
|
2012-01-31 13:08 |
2012-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259199
|
- |
|
drusus kerry_thompson
|
logsurfer logsurfer\+
|
Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted s…
|
CWE-399
Resource Management Errors
|
CVE-2011-3626
|
2012-01-30 14:00 |
2012-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259200
|
- |
|
duckcorp
|
bip
|
bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command.
|
NVD-CWE-Other
|
CVE-2010-3071
|
2012-01-28 02:43 |
2010-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|