|
263561
|
- |
|
arora-browser
|
arora
|
Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certifica…
|
CWE-20
Improper Input Validation
|
CVE-2011-3367
|
2011-12-1 00:51 |
2011-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263562
|
- |
|
foliovision
|
fv_wordpress_flowplayer_plugin
|
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4568
|
2011-11-30 14:00 |
2011-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263563
|
- |
|
joomla
|
joomla\!
|
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vector…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4321
|
2011-11-28 14:00 |
2011-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263564
|
- |
|
joomla
|
joomla\!
|
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4332
|
2011-11-28 14:00 |
2011-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263565
|
- |
|
php-shop-system
|
com_xobbix
|
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.ph…
|
CWE-89
SQL Injection
|
CVE-2010-5053
|
2011-11-28 14:00 |
2011-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263566
|
- |
|
realnetworks
|
realplayer
|
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via uns…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4246
|
2011-11-24 20:55 |
2011-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263567
|
- |
|
cherokee-project
|
cherokee
|
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site …
|
CWE-352
Origin Validation Error
|
CVE-2011-2191
|
2011-11-24 12:58 |
2011-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263568
|
- |
|
apple
|
mac_os_x
imageio
mac_os_x_server
|
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-0204
|
2011-11-24 12:54 |
2011-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263569
|
- |
|
jamwiki
|
jamwiki
|
Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-5054
|
2011-11-23 23:56 |
2011-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263570
|
- |
|
cisco
linksys
|
linksys_wrt54gx_router_firmware
wrt54gx
|
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer…
|
CWE-16
Configuration
|
CVE-2011-4500
|
2011-11-22 20:55 |
2011-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
