|
263651
|
- |
|
bst
|
bestshoppro
|
Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4812
|
2012-02-10 14:00 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263652
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows rem…
|
CWE-94
Code Injection
|
CVE-2012-0928
|
2012-02-9 14:00 |
2012-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263653
|
- |
|
adacore
|
ada_web_services
|
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a …
|
CWE-20
Improper Input Validation
|
CVE-2012-1035
|
2012-02-9 14:00 |
2012-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263654
|
- |
|
extensionsforjoomla
|
com_vikrealestate
|
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a re…
|
CWE-89
SQL Injection
|
CVE-2011-4823
|
2012-02-9 14:00 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263655
|
- |
|
autosectools
|
v-cms
|
SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are…
|
CWE-89
SQL Injection
|
CVE-2011-4826
|
2012-02-9 14:00 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263656
|
- |
|
autosectools
|
v-cms
|
Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parame…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4827
|
2012-02-9 14:00 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263657
|
- |
|
david_azoulay
|
web_file_browser
|
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a d…
|
CWE-22
Path Traversal
|
CVE-2011-4831
|
2012-02-9 14:00 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263658
|
- |
|
sybase
|
m-business_anywhere
|
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5078
|
2012-02-9 14:00 |
2012-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263659
|
- |
|
emobile
|
pocket_wifi_firmware
pocket_wifi
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the aut…
|
CWE-352
Origin Validation Error
|
CVE-2012-0314
|
2012-02-9 13:10 |
2012-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263660
|
- |
|
hudong
|
hdwiki
|
Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dir…
|
NVD-CWE-Other
|
CVE-2011-5077
|
2012-02-9 00:21 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
