|
260511
|
- |
|
schneider-electric
|
quantum_ethernet_module_140noe77100
quantum_ethernet_module_140noe77101
quantum_ethernet_module_140noe77111
|
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing…
|
CWE-287
Improper Authentication
|
CVE-2011-4860
|
2011-12-20 04:03 |
2011-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260512
|
- |
|
smartertools
|
smarterstats
|
Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstra…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4750
|
2011-12-16 20:55 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260513
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to…
|
NVD-CWE-Other
|
CVE-2011-4768
|
2011-12-16 20:55 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260514
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potenti…
|
CWE-200
Information Exposure
|
CVE-2011-4850
|
2011-12-16 20:55 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260515
|
- |
|
homeseer
|
homeseer_hs2
|
Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4836
|
2011-12-16 04:54 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260516
|
- |
|
homeseer
|
homeseer_hs2
|
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2011-4835
|
2011-12-16 04:53 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260517
|
- |
|
barter-sites
|
com_listing
|
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2011-4830
|
2011-12-16 04:01 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260518
|
- |
|
barter-sites
|
com_listing
|
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2011-4829
|
2011-12-16 03:56 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260519
|
- |
|
phpletter
phpmyfaq
tinymce
|
ajax_file_and_image_manager
phpmyfaq
tinymce
|
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly …
|
CWE-94
Code Injection
|
CVE-2011-4825
|
2011-12-16 03:03 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260520
|
- |
|
artsoft
|
rocks\'n\'diamonds
|
Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4606
|
2011-12-16 01:32 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
