256601
|
5.0 |
MEDIUM
|
pligg
|
pligg_cms
|
Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statis…
|
CWE-200
情報漏えい
|
CVE-2011-3794
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256602
|
5.0 |
MEDIUM
|
betella
|
podcast_generator
|
Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/the…
|
CWE-200
情報漏えい
|
CVE-2011-3795
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256603
|
5.0 |
MEDIUM
|
prestashop
|
prestashop
|
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sor…
|
CWE-200
情報漏えい
|
CVE-2011-3796
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256604
|
5.0 |
MEDIUM
|
projectpier
|
projectpier
|
ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upg…
|
CWE-200
情報漏えい
|
CVE-2011-3797
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256605
|
5.0 |
MEDIUM
|
elazos
|
reos
|
ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/verga…
|
CWE-200
情報漏えい
|
CVE-2011-3799
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256606
|
5.0 |
MEDIUM
|
s9y
|
serendipity
|
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/ne…
|
CWE-200
情報漏えい
|
CVE-2011-3800
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256607
|
5.0 |
MEDIUM
|
simpletest
|
simpletest
|
SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_t…
|
CWE-200
情報漏えい
|
CVE-2011-3801
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256608
|
5.0 |
MEDIUM
|
status
|
statusnet
|
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php …
|
CWE-200
情報漏えい
|
CVE-2011-3802
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256609
|
5.0 |
MEDIUM
|
sugarcrm
|
sugarcrm
|
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/l…
|
CWE-200
情報漏えい
|
CVE-2011-3803
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256610
|
5.0 |
MEDIUM
|
basic-cms
|
sweetrice
|
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_m…
|
CWE-200
情報漏えい
|
CVE-2011-3804
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256611
|
5.0 |
MEDIUM
|
taskfreak
|
taskfreak\!_multi-mysql
|
TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc…
|
CWE-200
情報漏えい
|
CVE-2011-3805
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256612
|
5.0 |
MEDIUM
|
tecnick
|
tcexam
|
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tc…
|
CWE-200
情報漏えい
|
CVE-2011-3806
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256613
|
5.0 |
MEDIUM
|
textpattern
|
textpattern
|
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_d…
|
CWE-200
情報漏えい
|
CVE-2011-3807
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256614
|
5.0 |
MEDIUM
|
thebuggenie
|
the_bug_genie
|
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/sv…
|
CWE-200
情報漏えい
|
CVE-2011-3808
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256615
|
5.0 |
MEDIUM
|
thehostingtool
|
thehostingtool
|
TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc…
|
CWE-200
情報漏えい
|
CVE-2011-3809
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256616
|
5.0 |
MEDIUM
|
tinywebgallery
|
tinywebgallery
|
TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_f…
|
CWE-200
情報漏えい
|
CVE-2011-3810
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256617
|
5.0 |
MEDIUM
|
tomatocart
|
tomatocart
|
TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/sys…
|
CWE-200
情報漏えい
|
CVE-2011-3811
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256618
|
5.0 |
MEDIUM
|
vanillaforums
|
vanilla
|
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/…
|
CWE-200
情報漏えい
|
CVE-2011-3812
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256619
|
5.0 |
MEDIUM
|
vwar
|
virtual_war
|
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated b…
|
CWE-200
情報漏えい
|
CVE-2011-3813
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256620
|
5.0 |
MEDIUM
|
webidsupport
|
webid
|
WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php an…
|
CWE-200
情報漏えい
|
CVE-2011-3815
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256621
|
5.0 |
MEDIUM
|
webinsta
|
mailing_list_manager
|
WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrate…
|
CWE-200
情報漏えい
|
CVE-2011-3816
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256622
|
5.0 |
MEDIUM
|
websitebaker2
|
website_baker
|
Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/medi…
|
CWE-200
情報漏えい
|
CVE-2011-3817
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256623
|
5.0 |
MEDIUM
|
wordpress
|
wordpress
|
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-a…
|
CWE-200
情報漏えい
|
CVE-2011-3818
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256624
|
5.0 |
MEDIUM
|
53x11
|
wow_server_status
|
WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.p…
|
CWE-200
情報漏えい
|
CVE-2011-3819
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256625
|
5.0 |
MEDIUM
|
webmastersite
|
wsn_software
|
WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pr…
|
CWE-200
情報漏えい
|
CVE-2011-3820
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256626
|
5.0 |
MEDIUM
|
xajax-project
|
xajax
|
xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plu…
|
CWE-200
情報漏えい
|
CVE-2011-3821
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256627
|
5.0 |
MEDIUM
|
xoops
|
xoops
|
XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoo…
|
CWE-200
情報漏えい
|
CVE-2011-3822
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256628
|
5.0 |
MEDIUM
|
yamamah
|
yamamah
|
Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/ind…
|
CWE-200
情報漏えい
|
CVE-2011-3823
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256629
|
5.0 |
MEDIUM
|
yourls
|
yourls
|
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrat…
|
CWE-200
情報漏えい
|
CVE-2011-3824
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256630
|
5.0 |
MEDIUM
|
zend
|
framework server
|
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as …
|
CWE-200
情報漏えい
|
CVE-2011-3825
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256631
|
5.0 |
MEDIUM
|
zikula
|
zikula
|
Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodoll…
|
CWE-200
情報漏えい
|
CVE-2011-3826
|
2012-05-21 13:00 |
2011-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256632
|
7.5 |
HIGH
|
mhproducts
|
download_center
|
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: som…
|
CWE-89
SQLインジェクション
|
CVE-2010-4842
|
2012-05-21 13:00 |
2011-09-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256633
|
7.8 |
HIGH
|
cisco
|
ios ios_xe
|
Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID…
|
NVD-CWE-noinfo
|
CVE-2011-0939
|
2012-05-18 13:00 |
2011-10-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256634
|
7.8 |
HIGH
|
cisco
|
ios
|
Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.
|
CWE-399
リソース管理の問題
|
CVE-2011-0944
|
2012-05-18 13:00 |
2011-10-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256635
|
4.3 |
MEDIUM
|
twiki
|
twiki
|
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, r…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3010
|
2012-05-18 13:00 |
2011-09-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256636
|
5.0 |
MEDIUM
|
juan_toledo
|
etherape
|
The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, rel…
|
NVD-CWE-Other
|
CVE-2011-3369
|
2012-05-18 13:00 |
2011-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256637
|
5.0 |
MEDIUM
|
juan_toledo
|
etherape
|
Per: http://cwe.mitre.org/data/definitions/476.html
'CWE-476: NULL Pointer Dereference'
|
NVD-CWE-Other
|
CVE-2011-3369
|
2012-05-18 13:00 |
2011-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256638
|
4.3 |
MEDIUM
|
punbb
|
punbb
|
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csr…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3371
|
2012-05-18 13:00 |
2011-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256639
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3458
|
2012-05-18 12:43 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256640
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie fil…
|
CWE-189
数値処理の問題
|
CVE-2011-3459
|
2012-05-18 12:43 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256641
|
7.5 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
|
CWE-119
バッファエラー
|
CVE-2011-3460
|
2012-05-18 12:43 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256642
|
10.0 |
HIGH
|
novell
|
groupwise
|
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbit…
|
CWE-119
バッファエラー
|
CVE-2011-0333
|
2012-05-14 13:00 |
2011-10-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256643
|
10.0 |
HIGH
|
novell
|
groupwise
|
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.
|
CWE-119
バッファエラー
|
CVE-2011-0334
|
2012-05-14 13:00 |
2011-10-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256644
|
4.3 |
MEDIUM
|
cyber-ark
|
password_vault_web_access
|
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrar…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-0459
|
2012-05-14 13:00 |
2011-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256645
|
7.8 |
HIGH
|
cisco
|
ios ios_xe
|
Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Se…
|
CWE-399
リソース管理の問題
|
CVE-2011-0945
|
2012-05-14 13:00 |
2011-10-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256646
|
2.1 |
LOW
|
tedfelix
|
acpid
|
acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service …
|
CWE-20
不適切な入力確認
|
CVE-2011-1159
|
2012-05-14 13:00 |
2011-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256647
|
4.3 |
MEDIUM
|
realnetworks
|
realplayer realplayer_sp
|
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-1221
|
2012-05-14 13:00 |
2011-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256648
|
9.3 |
HIGH
|
checkpoint
|
connectra_ngx vpn-1 vpn-1_firewall-1_vsx
|
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow re…
|
NVD-CWE-noinfo
|
CVE-2011-1827
|
2012-05-14 13:00 |
2011-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256649
|
5.0 |
MEDIUM
|
cisco
|
ciscoworks_common_services
|
The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and dat…
|
CWE-200
情報漏えい
|
CVE-2011-2042
|
2012-05-14 13:00 |
2011-10-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256650
|
2.1 |
LOW
|
cherokee-project
|
cherokee
|
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords vi…
|
CWE-310
暗号の問題
|
CVE-2011-2190
|
2012-05-14 13:00 |
2011-10-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|