260061
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4552
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260062
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and…
|
CWE-20
Improper Input Validation
|
CVE-2011-4553
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260063
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e…
|
CWE-20
Improper Input Validation
|
CVE-2011-4554
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260064
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comme…
|
CWE-255
Credentials Management
|
CVE-2011-4555
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260065
|
- |
|
oneclickorgs
|
one_click_orgs
|
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attac…
|
CWE-255
Credentials Management
|
CVE-2011-4678
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260066
|
- |
|
etomite
|
etomite
|
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2006-5242
|
2011-12-8 14:00 |
2006-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260067
|
- |
|
etomite
|
etomite
|
This vulnerability is addressed in the following product release:
Etomite, Etomite Content Management System, 0.6.1.1
|
CWE-89
SQL Injection
|
CVE-2006-5242
|
2011-12-8 14:00 |
2006-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260068
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2011-4677
|
2011-12-6 20:55 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260069
|
- |
|
schneider-electric
|
vijeo_historian citecthistorian citectscada_reports
|
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4033
|
2011-12-2 20:55 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260070
|
- |
|
schneider-electric
|
vijeo_historian citecthistorian citectscada_reports
|
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arb…
|
CWE-22
Path Traversal
|
CVE-2011-4036
|
2011-12-2 20:55 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|