|
263601
|
- |
|
mahara
|
mahara
|
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
|
CWE-352
Origin Validation Error
|
CVE-2011-2773
|
2011-11-15 14:00 |
2011-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263602
|
- |
|
mahara
|
mahara
|
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.
|
CWE-200
Information Exposure
|
CVE-2011-2774
|
2011-11-15 14:00 |
2011-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263603
|
- |
|
apple
|
iphone_os
ipad2
|
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover dur…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-3440
|
2011-11-15 14:00 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263604
|
- |
|
dell
|
kace_k2000_systems_deployment_appliance
|
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by exam…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4046
|
2011-11-15 14:00 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263605
|
- |
|
mahara
|
mahara
|
Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4118
|
2011-11-15 14:00 |
2011-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263606
|
- |
|
dell
|
kace_k2000_systems_deployment_appliance
|
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.
|
CWE-94
Code Injection
|
CVE-2011-4047
|
2011-11-14 14:00 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263607
|
- |
|
dell
|
kace_k2000_systems_deployment_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4436
|
2011-11-14 14:00 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263608
|
- |
|
plume-cms
|
plume_cms
|
Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-3985
|
2011-11-10 14:00 |
2011-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263609
|
- |
|
plume-cms
|
plume_cms
|
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, …
|
CWE-94
Code Injection
|
CVE-2006-4533
|
2011-11-10 14:00 |
2006-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263610
|
- |
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm…
|
CWE-79
Cross-site Scripting
|
CVE-2011-0733
|
2011-11-8 13:18 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
