|
260371
|
- |
|
cogentdatahub
|
cogent_datahub
|
Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
|
CWE-22
Path Traversal
|
CVE-2011-3500
|
2011-09-19 13:00 |
2011-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260372
|
- |
|
cogentdatahub
|
cogent_datahub
|
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
|
CWE-200
Information Exposure
|
CVE-2011-3502
|
2011-09-19 13:00 |
2011-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260373
|
- |
|
proftpd
|
proftpd
|
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC esca…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-4221
|
2011-09-15 12:18 |
2010-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260374
|
- |
|
proftpd
|
proftpd
|
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modi…
|
CWE-22
Path Traversal
|
CVE-2010-3867
|
2011-09-15 12:17 |
2010-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260375
|
- |
|
banshee-project
|
banshee
|
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse share…
|
NVD-CWE-Other
|
CVE-2010-3998
|
2011-09-15 12:17 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260376
|
- |
|
nick_copeland
|
bristol
|
startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directo…
|
NVD-CWE-Other
|
CVE-2010-3351
|
2011-09-15 12:16 |
2010-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260377
|
- |
|
kernel
linux
|
linux_kernel
|
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of ser…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3288
|
2011-09-15 12:06 |
2009-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260378
|
- |
|
mark_stosberg
|
data\
|
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2201
|
2011-09-15 01:05 |
2011-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260379
|
- |
|
sage-mozdev
|
sage
|
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3384
|
2011-09-14 13:00 |
2011-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260380
|
- |
|
edgetechweb
|
event_registration
|
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
|
CWE-89
SQL Injection
|
CVE-2010-4839
|
2011-09-14 13:00 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
