260351
|
- |
|
glpi-project
|
glpi
|
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST reques…
|
CWE-200
Information Exposure
|
CVE-2011-2720
|
2012-02-16 13:15 |
2011-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260352
|
- |
|
cacti
|
cacti
|
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a va…
|
CWE-89
SQL Injection
|
CVE-2010-2092
|
2012-02-16 13:04 |
2010-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260353
|
- |
|
cacti
|
cacti
|
Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters…
|
CWE-20
Improper Input Validation
|
CVE-2010-1645
|
2012-02-16 13:03 |
2010-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260354
|
- |
|
cacti
|
cacti
|
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
|
CWE-89
SQL Injection
|
CVE-2010-1431
|
2012-02-16 13:02 |
2010-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260355
|
- |
|
netcreators
|
irfaq
|
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1070
|
2012-02-16 03:18 |
2012-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260356
|
- |
|
manfred_egger
|
bc_post2facebook
|
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2012-1077
|
2012-02-15 14:00 |
2012-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260357
|
- |
|
juergen_furrer
|
jftcaforms
|
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5080
|
2012-02-15 14:00 |
2012-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260358
|
- |
|
e107
|
e107
|
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers…
|
CWE-352
Origin Validation Error
|
CVE-2010-5084
|
2012-02-15 14:00 |
2012-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260359
|
- |
|
apple
|
iphone_os
|
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
|
CWE-399
Resource Management Errors
|
CVE-2011-3442
|
2012-02-15 13:10 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260360
|
- |
|
apple
|
iphone_os
|
Per: http://support.apple.com/kb/HT5052
'This issue does not affect devices running iOS prior to version 4.3.'
|
CWE-399
Resource Management Errors
|
CVE-2011-3442
|
2012-02-15 13:10 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|