|
259171
|
- |
|
banshee-project
|
banshee
|
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse share…
|
NVD-CWE-Other
|
CVE-2010-3998
|
2011-09-15 12:17 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259172
|
- |
|
nick_copeland
|
bristol
|
startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directo…
|
NVD-CWE-Other
|
CVE-2010-3351
|
2011-09-15 12:16 |
2010-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259173
|
- |
|
kernel
linux
|
linux_kernel
|
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of ser…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3288
|
2011-09-15 12:06 |
2009-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259174
|
- |
|
mark_stosberg
|
data\
|
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2201
|
2011-09-15 01:05 |
2011-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259175
|
- |
|
sage-mozdev
|
sage
|
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3384
|
2011-09-14 13:00 |
2011-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259176
|
- |
|
edgetechweb
|
event_registration
|
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
|
CWE-89
SQL Injection
|
CVE-2010-4839
|
2011-09-14 13:00 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259177
|
- |
|
hp
|
palm_pre_webos
|
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
|
CWE-94
Code Injection
|
CVE-2009-5097
|
2011-09-14 13:00 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259178
|
- |
|
webmin
|
usermin
webmin
|
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2)…
|
CWE-79
Cross-site Scripting
|
CVE-2007-3156
|
2011-09-13 13:00 |
2007-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259179
|
- |
|
zwahlen_informatik
|
online_shop
|
Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2006-5534
|
2011-09-13 13:00 |
2006-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259180
|
- |
|
spymac
|
spymac_web_os
|
Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in in…
|
CWE-79
Cross-site Scripting
|
CVE-2005-3511
|
2011-09-13 13:00 |
2005-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
