260251
|
- |
|
sybase
|
m-business_anywhere
|
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5078
|
2012-02-9 14:00 |
2012-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260252
|
- |
|
emobile
|
pocket_wifi_firmware pocket_wifi
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the aut…
|
CWE-352
Origin Validation Error
|
CVE-2012-0314
|
2012-02-9 13:10 |
2012-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260253
|
- |
|
hudong
|
hdwiki
|
Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dir…
|
NVD-CWE-Other
|
CVE-2011-5077
|
2012-02-9 00:21 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260254
|
- |
|
hudong
|
hdwiki
|
SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE:…
|
CWE-89
SQL Injection
|
CVE-2011-5076
|
2012-02-9 00:16 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260255
|
- |
|
foswiki
|
foswiki
|
Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1004
|
2012-02-8 14:00 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260256
|
- |
|
foswiki
|
foswiki
|
Per: http://foswiki.org/Support/SecurityAlert-CVE-2012-1004
'Vulnerable Software Versions - All versions 1.0.0 - 1.1.4 inclusive for sites that use the user registration process'
|
CWE-79
Cross-site Scripting
|
CVE-2012-1004
|
2012-02-8 14:00 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260257
|
- |
|
xwiki
|
xwiki_enterprise
|
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1019
|
2012-02-8 14:00 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260258
|
- |
|
dream-multimedia-tv
|
enigma2_webinterface
|
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2012-1025
|
2012-02-8 14:00 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260259
|
- |
|
whmcs
|
whmcompletesolution
|
functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to…
|
CWE-94
Code Injection
|
CVE-2011-5061
|
2012-02-8 14:00 |
2012-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260260
|
- |
|
ibm
|
websphere_application_server
|
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump o…
|
CWE-200
Information Exposure
|
CVE-2011-5066
|
2012-02-8 14:00 |
2012-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|