264201
|
- |
|
proftpd
|
proftpd
|
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modi…
|
CWE-22
Path Traversal
|
CVE-2010-3867
|
2011-09-15 12:17 |
2010-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264202
|
- |
|
banshee-project
|
banshee
|
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse share…
|
NVD-CWE-Other
|
CVE-2010-3998
|
2011-09-15 12:17 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264203
|
- |
|
nick_copeland
|
bristol
|
startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directo…
|
NVD-CWE-Other
|
CVE-2010-3351
|
2011-09-15 12:16 |
2010-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264204
|
- |
|
kernel linux
|
linux_kernel
|
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of ser…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3288
|
2011-09-15 12:06 |
2009-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264205
|
- |
|
mark_stosberg
|
data\
|
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2201
|
2011-09-15 01:05 |
2011-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264206
|
- |
|
sage-mozdev
|
sage
|
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3384
|
2011-09-14 13:00 |
2011-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264207
|
- |
|
edgetechweb
|
event_registration
|
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
|
CWE-89
SQL Injection
|
CVE-2010-4839
|
2011-09-14 13:00 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264208
|
- |
|
hp
|
palm_pre_webos
|
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
|
CWE-94
Code Injection
|
CVE-2009-5097
|
2011-09-14 13:00 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264209
|
- |
|
webmin
|
usermin webmin
|
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2)…
|
CWE-79
Cross-site Scripting
|
CVE-2007-3156
|
2011-09-13 13:00 |
2007-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264210
|
- |
|
zwahlen_informatik
|
online_shop
|
Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2006-5534
|
2011-09-13 13:00 |
2006-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|