266261
|
- |
|
mediawiki
|
mediawiki
|
Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly No…
|
CWE-22
Path Traversal
|
CVE-2011-0537
|
2011-02-12 15:46 |
2011-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266262
|
- |
|
dovecot
|
dovecot
|
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a direc…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3706
|
2011-02-12 15:44 |
2010-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266263
|
- |
|
dovecot
|
dovecot
|
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass inten…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3779
|
2011-02-12 15:44 |
2010-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266264
|
- |
|
dovecot
|
dovecot
|
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended wea…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3304
|
2011-02-12 15:43 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266265
|
- |
|
yahoo
|
yui
|
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4207
|
2011-02-5 16:00 |
2010-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266266
|
- |
|
yahoo
|
yui
|
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4208
|
2011-02-5 16:00 |
2010-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266267
|
- |
|
yahoo
|
yui
|
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4209
|
2011-02-5 16:00 |
2010-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266268
|
- |
|
smarty
|
smarty
|
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
|
NVD-CWE-noinfo
|
CVE-2010-4726
|
2011-02-4 14:00 |
2011-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266269
|
- |
|
smarty
|
smarty
|
Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.
|
CWE-20
Improper Input Validation
|
CVE-2010-4727
|
2011-02-4 14:00 |
2011-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266270
|
- |
|
mono novell
|
mono moonlight
|
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possi…
|
CWE-20
Improper Input Validation
|
CVE-2010-4254
|
2011-02-2 15:59 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|