|
260661
|
- |
|
restorepoint
|
restorepoint
|
The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4202
|
2011-12-13 23:57 |
2011-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260662
|
- |
|
restorepoint
|
restorepoint
|
remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_rem…
|
CWE-94
Code Injection
|
CVE-2011-4201
|
2011-12-13 20:55 |
2011-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260663
|
- |
|
freebsd
|
freebsd
|
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4062
|
2011-12-13 13:09 |
2011-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260664
|
- |
|
vmware
|
vcenter_update_manager
|
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directo…
|
CWE-16
Configuration
|
CVE-2011-4404
|
2011-12-13 13:09 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260665
|
- |
|
ibm
|
db2_tools_for_z\/os
|
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4435
|
2011-12-13 13:09 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260666
|
- |
|
prestashop
|
prestashop
|
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name paramete…
|
CWE-94
Code Injection
|
CVE-2011-4545
|
2011-12-13 13:09 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260667
|
- |
|
prestashop
|
prestashop
|
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to mod…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4544
|
2011-12-13 13:09 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260668
|
- |
|
adrotateplugin
|
adrotate
|
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the…
|
CWE-89
SQL Injection
|
CVE-2011-4671
|
2011-12-13 13:09 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260669
|
- |
|
freedesktop
|
colord
|
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices a…
|
CWE-89
SQL Injection
|
CVE-2011-4349
|
2011-12-12 14:00 |
2011-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260670
|
- |
|
mambo-foundation
|
mambo
|
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
|
CWE-89
SQL Injection
|
CVE-2011-2917
|
2011-12-9 14:00 |
2011-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
