|
263541
|
- |
|
mambo-foundation
|
mambo
|
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
|
CWE-89
SQL Injection
|
CVE-2011-2917
|
2011-12-9 14:00 |
2011-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263542
|
- |
|
oscss
|
oscss
|
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_ca…
|
CWE-22
Path Traversal
|
CVE-2011-4713
|
2011-12-9 14:00 |
2011-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263543
|
- |
|
apc
|
powerchute
|
Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4263
|
2011-12-8 23:59 |
2011-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263544
|
- |
|
indusoft
|
web_studio
|
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vecto…
|
CWE-287
Improper Authentication
|
CVE-2011-4051
|
2011-12-8 14:00 |
2011-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263545
|
- |
|
proftpd
|
proftpd
|
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data tran…
|
CWE-399
Resource Management Errors
|
CVE-2011-4130
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263546
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4552
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263547
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and…
|
CWE-20
Improper Input Validation
|
CVE-2011-4553
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263548
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e…
|
CWE-20
Improper Input Validation
|
CVE-2011-4554
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263549
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comme…
|
CWE-255
Credentials Management
|
CVE-2011-4555
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263550
|
- |
|
oneclickorgs
|
one_click_orgs
|
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attac…
|
CWE-255
Credentials Management
|
CVE-2011-4678
|
2011-12-8 14:00 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
