|
260001
|
- |
|
webmin
|
webmin
|
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related …
|
CWE-79
Cross-site Scripting
|
CVE-2011-1937
|
2011-09-22 12:31 |
2011-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260002
|
- |
|
inventivetec
|
mediacast
|
MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different…
|
CWE-200
Information Exposure
|
CVE-2011-2076
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260003
|
- |
|
inventivetec
|
mediacast
|
The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1,…
|
CWE-16
Configuration
|
CVE-2011-2077
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260004
|
- |
|
inventivetec
|
mediacast
|
Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2078
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260005
|
- |
|
inventivetec
|
mediacast
|
MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to…
|
CWE-20
Improper Input Validation
|
CVE-2011-2079
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260006
|
- |
|
inventivetec
|
mediacast
|
MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecif…
|
CWE-200
Information Exposure
|
CVE-2011-2081
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260007
|
- |
|
apache
|
httpclient
|
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers …
|
CWE-200
Information Exposure
|
CVE-2011-1498
|
2011-09-22 12:30 |
2011-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260008
|
- |
|
nagios
|
nagios
|
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1523
|
2011-09-22 12:30 |
2011-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260009
|
- |
|
hp
|
performance_insight
|
Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-1536
|
2011-09-22 12:30 |
2011-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260010
|
- |
|
hp
|
proliant_support_pack
|
Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1537
|
2011-09-22 12:30 |
2011-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
