|
264081
|
- |
|
freebsd
|
freebsd
|
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4062
|
2011-12-13 13:09 |
2011-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264082
|
- |
|
vmware
|
vcenter_update_manager
|
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directo…
|
CWE-16
Configuration
|
CVE-2011-4404
|
2011-12-13 13:09 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264083
|
- |
|
ibm
|
db2_tools_for_z\/os
|
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4435
|
2011-12-13 13:09 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264084
|
- |
|
prestashop
|
prestashop
|
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name paramete…
|
CWE-94
Code Injection
|
CVE-2011-4545
|
2011-12-13 13:09 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264085
|
- |
|
prestashop
|
prestashop
|
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to mod…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4544
|
2011-12-13 13:09 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264086
|
- |
|
adrotateplugin
|
adrotate
|
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the…
|
CWE-89
SQL Injection
|
CVE-2011-4671
|
2011-12-13 13:09 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264087
|
- |
|
freedesktop
|
colord
|
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices a…
|
CWE-89
SQL Injection
|
CVE-2011-4349
|
2011-12-12 14:00 |
2011-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264088
|
- |
|
mambo-foundation
|
mambo
|
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
|
CWE-89
SQL Injection
|
CVE-2011-2917
|
2011-12-9 14:00 |
2011-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264089
|
- |
|
oscss
|
oscss
|
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_ca…
|
CWE-22
Path Traversal
|
CVE-2011-4713
|
2011-12-9 14:00 |
2011-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264090
|
- |
|
apc
|
powerchute
|
Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4263
|
2011-12-8 23:59 |
2011-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
