|
264091
|
- |
|
indusoft
|
web_studio
|
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vecto…
|
CWE-287
Improper Authentication
|
CVE-2011-4051
|
2011-12-8 14:00 |
2011-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264092
|
- |
|
proftpd
|
proftpd
|
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data tran…
|
CWE-399
Resource Management Errors
|
CVE-2011-4130
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264093
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4552
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264094
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and…
|
CWE-20
Improper Input Validation
|
CVE-2011-4553
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264095
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e…
|
CWE-20
Improper Input Validation
|
CVE-2011-4554
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264096
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comme…
|
CWE-255
Credentials Management
|
CVE-2011-4555
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264097
|
- |
|
oneclickorgs
|
one_click_orgs
|
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attac…
|
CWE-255
Credentials Management
|
CVE-2011-4678
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264098
|
- |
|
etomite
|
etomite
|
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2006-5242
|
2011-12-8 14:00 |
2006-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264099
|
- |
|
etomite
|
etomite
|
This vulnerability is addressed in the following product release:
Etomite, Etomite Content Management System, 0.6.1.1
|
CWE-89
SQL Injection
|
CVE-2006-5242
|
2011-12-8 14:00 |
2006-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264100
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2011-4677
|
2011-12-6 20:55 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
