260311
|
- |
|
geoff_wong
|
hammerhead
|
hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file.
|
CWE-59
Link Following
|
CVE-2011-3204
|
2011-09-23 12:34 |
2011-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260312
|
- |
|
bcfg2
|
bcfg2
|
The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.
|
CWE-20
Improper Input Validation
|
CVE-2011-3211
|
2011-09-23 12:34 |
2011-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260313
|
- |
|
ibm
|
lotus_domino
|
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3576
|
2011-09-23 12:34 |
2011-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260314
|
- |
|
chyrp
|
chyrp
|
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2745
|
2011-09-22 12:32 |
2011-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260315
|
- |
|
citrix
|
access_gateway
|
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-2882
|
2011-09-22 12:32 |
2011-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260316
|
- |
|
hp
|
network_node_manager_i
|
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-1855
|
2011-09-22 12:31 |
2011-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260317
|
- |
|
webmin
|
webmin
|
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related …
|
CWE-79
Cross-site Scripting
|
CVE-2011-1937
|
2011-09-22 12:31 |
2011-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260318
|
- |
|
inventivetec
|
mediacast
|
MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different…
|
CWE-200
Information Exposure
|
CVE-2011-2076
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260319
|
- |
|
inventivetec
|
mediacast
|
The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1,…
|
CWE-16
Configuration
|
CVE-2011-2077
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260320
|
- |
|
inventivetec
|
mediacast
|
Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2078
|
2011-09-22 12:31 |
2011-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|