|
260621
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e…
|
CWE-20
Improper Input Validation
|
CVE-2011-4554
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260622
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comme…
|
CWE-255
Credentials Management
|
CVE-2011-4555
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260623
|
- |
|
oneclickorgs
|
one_click_orgs
|
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attac…
|
CWE-255
Credentials Management
|
CVE-2011-4678
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260624
|
- |
|
etomite
|
etomite
|
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2006-5242
|
2011-12-8 14:00 |
2006-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260625
|
- |
|
etomite
|
etomite
|
This vulnerability is addressed in the following product release:
Etomite, Etomite Content Management System, 0.6.1.1
|
CWE-89
SQL Injection
|
CVE-2006-5242
|
2011-12-8 14:00 |
2006-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260626
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2011-4677
|
2011-12-6 20:55 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260627
|
- |
|
schneider-electric
|
vijeo_historian
citecthistorian
citectscada_reports
|
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4033
|
2011-12-2 20:55 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260628
|
- |
|
schneider-electric
|
vijeo_historian
citecthistorian
citectscada_reports
|
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arb…
|
CWE-22
Path Traversal
|
CVE-2011-4036
|
2011-12-2 20:55 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260629
|
- |
|
adjam
|
rekonq
|
Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
|
CWE-20
Improper Input Validation
|
CVE-2011-3366
|
2011-12-1 14:00 |
2011-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260630
|
- |
|
lesterchan
|
wp-postratings
|
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role…
|
CWE-94
Code Injection
|
CVE-2011-4646
|
2011-12-1 14:00 |
2011-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
