256951
|
7.5 |
HIGH
|
infor
|
eclient enspire_distribution_management_solution
|
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2011-1915
|
2012-02-29 14:00 |
2011-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256952
|
9.3 |
HIGH
|
investintech
|
slimpdf_reader
|
Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4217
|
2012-02-29 14:00 |
2011-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256953
|
4.0 |
MEDIUM
|
process-one
|
ejabberd
|
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a …
|
CWE-399
リソース管理の問題
|
CVE-2011-4320
|
2012-02-29 14:00 |
2012-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256954
|
6.8 |
MEDIUM
|
typo3
|
typo3
|
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.…
|
CWE-94
コード・インジェクション
|
CVE-2011-4614
|
2012-02-29 14:00 |
2012-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256955
|
5.8 |
MEDIUM
|
tencent
|
mobileqq
|
The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted appli…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4864
|
2012-02-29 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256956
|
5.8 |
MEDIUM
|
tencent
|
microblogpad wblog
|
The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search key…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4865
|
2012-02-29 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256957
|
5.8 |
MEDIUM
|
netcreators
|
irfaq
|
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing a…
|
CWE-20
不適切な入力確認
|
CVE-2011-5079
|
2012-02-29 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256958
|
10.0 |
HIGH
|
utc
|
utc_fire_\&_security_ge-mc100-ntp\/gps-zb_master_clock_device
|
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP sessi…
|
CWE-255
証明書・パスワード管理
|
CVE-2012-1288
|
2012-02-27 14:00 |
2012-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256959
|
5.0 |
MEDIUM
|
sap
|
netweaver
|
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vector…
|
NVD-CWE-noinfo
|
CVE-2012-1292
|
2012-02-27 14:00 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256960
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif…
|
CWE-119
バッファエラー
|
CVE-2012-0766
|
2012-02-25 13:21 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256961
|
9.3 |
HIGH
|
realnetworks
|
realplayer realplayer_sp
|
The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to ex…
|
CWE-94
コード・インジェクション
|
CVE-2012-0923
|
2012-02-25 13:21 |
2012-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256962
|
9.3 |
HIGH
|
realnetworks
|
realplayer realplayer_sp
|
RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in …
|
CWE-94
コード・インジェクション
|
CVE-2012-0924
|
2012-02-25 13:21 |
2012-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256963
|
9.3 |
HIGH
|
realnetworks
|
realplayer realplayer_sp
|
The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to…
|
CWE-94
コード・インジェクション
|
CVE-2012-0926
|
2012-02-25 13:21 |
2012-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256964
|
9.3 |
HIGH
|
realnetworks
|
realplayer realplayer_sp
|
Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving…
|
NVD-CWE-noinfo CWE-94
コード・インジェクション
|
CVE-2012-0927
|
2012-02-25 13:21 |
2012-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256965
|
7.5 |
HIGH
|
cyberoam
|
cyberoam_central_console
|
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (d…
|
CWE-22
パス・トラバーサル
|
CVE-2012-1047
|
2012-02-25 13:21 |
2012-02-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256966
|
5.0 |
MEDIUM
|
11in1
|
11in1
|
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/in…
|
CWE-22
パス・トラバーサル
|
CVE-2012-0996
|
2012-02-24 22:55 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256967
|
6.8 |
MEDIUM
|
11in1
|
11in1
|
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new to…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-0997
|
2012-02-24 22:55 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256968
|
7.5 |
HIGH
|
lepton-cms
|
lepton
|
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.
|
CWE-22
パス・トラバーサル
|
CVE-2012-0998
|
2012-02-24 22:55 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256969
|
7.5 |
HIGH
|
lepton-cms
|
lepton
|
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter.
|
CWE-89
SQLインジェクション
|
CVE-2012-0999
|
2012-02-24 22:55 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256970
|
4.3 |
MEDIUM
|
lepton-cms
|
lepton
|
Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admi…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1000
|
2012-02-24 22:55 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256971
|
7.5 |
HIGH
|
alanft
|
relocate-upload
|
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath param…
|
CWE-94
コード・インジェクション
|
CVE-2012-1205
|
2012-02-24 22:55 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256972
|
4.3 |
MEDIUM
|
fork-cms
|
fork_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1208
|
2012-02-24 22:55 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256973
|
9.3 |
HIGH
|
7t
|
aquis
|
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabili…
|
NVD-CWE-Other
|
CVE-2012-0224
|
2012-02-24 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256974
|
9.3 |
HIGH
|
7t
|
aquis
|
Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02.pdf
'This vulnerability may be exploitable from a remote machine'
|
NVD-CWE-Other
|
CVE-2012-0224
|
2012-02-24 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256975
|
9.3 |
HIGH
|
7t
|
aquis
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2012-0224
|
2012-02-24 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256976
|
4.3 |
MEDIUM
|
boonex
|
dolphin
|
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or th…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0873
|
2012-02-24 14:00 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256977
|
6.8 |
MEDIUM
|
pbboard
|
pbboard
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-1216
|
2012-02-24 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256978
|
6.8 |
MEDIUM
|
pluck-cms
|
pluck
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-1227
|
2012-02-24 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256979
|
4.3 |
MEDIUM
|
sap
|
netweaver
|
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via th…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1290
|
2012-02-24 14:00 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256980
|
5.0 |
MEDIUM
|
sap
|
netweaver
|
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecifie…
|
NVD-CWE-noinfo
|
CVE-2012-1291
|
2012-02-24 14:00 |
2012-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256981
|
10.0 |
HIGH
|
novell
|
iprint
|
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different v…
|
CWE-119
バッファエラー
|
CVE-2011-4187
|
2012-02-24 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256982
|
6.5 |
MEDIUM
|
advantech
|
advantech_webaccess
|
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an…
|
CWE-89
SQLインジェクション
|
CVE-2012-1234
|
2012-02-23 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256983
|
6.0 |
MEDIUM
|
advantech
|
advantech_webaccess
|
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: t…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-1235
|
2012-02-23 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256984
|
10.0 |
HIGH
|
advantech
|
adam_opc_server modbus_rtu_opc_server modbus_tcp_opc_server
|
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before …
|
CWE-119
バッファエラー
|
CVE-2011-1914
|
2012-02-23 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256985
|
9.3 |
HIGH
|
7t
|
termis
|
Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi…
|
NVD-CWE-Other
|
CVE-2012-0223
|
2012-02-22 22:54 |
2012-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256986
|
9.3 |
HIGH
|
7t
|
termis
|
Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02A.pdf
'This vulnerability may be exploitable from a remote machine.'
|
NVD-CWE-Other
|
CVE-2012-0223
|
2012-02-22 22:54 |
2012-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256987
|
9.3 |
HIGH
|
7t
|
termis
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2012-0223
|
2012-02-22 22:54 |
2012-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256988
|
4.3 |
MEDIUM
|
contentlion
|
contentlion_alpha
|
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1224
|
2012-02-22 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256989
|
10.0 |
HIGH
|
novell
|
iprint
|
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) …
|
CWE-119
バッファエラー
|
CVE-2011-4185
|
2012-02-22 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256990
|
9.3 |
HIGH
|
novell
|
iprint
|
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a…
|
CWE-119
バッファエラー
|
CVE-2011-4186
|
2012-02-22 14:00 |
2012-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256991
|
9.3 |
HIGH
|
plotsoft
|
pdfill_pdf_editor
|
Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 allows local users to gain privileges via a Trojan horse mfc70enu.dll or mfc80loc.dll in the current working directory.
|
NVD-CWE-Other
|
CVE-2011-3690
|
2012-02-21 14:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256992
|
9.3 |
HIGH
|
plotsoft
|
pdfill_pdf_editor
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2011-3690
|
2012-02-21 14:00 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256993
|
9.3 |
HIGH
|
ffftp
|
ffftp
|
Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, a…
|
NVD-CWE-Other
|
CVE-2011-4266
|
2012-02-21 14:00 |
2011-12-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256994
|
9.3 |
HIGH
|
ffftp
|
ffftp
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2011-4266
|
2012-02-21 14:00 |
2011-12-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256995
|
6.4 |
MEDIUM
|
d.j.bernstein
|
djbdns
|
The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote a…
|
CWE-20
不適切な入力確認
|
CVE-2012-1191
|
2012-02-20 14:00 |
2012-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256996
|
6.4 |
MEDIUM
|
unbound
|
unbound
|
The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger co…
|
NVD-CWE-Other
|
CVE-2012-1192
|
2012-02-20 14:00 |
2012-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256997
|
6.4 |
MEDIUM
|
microsoft
|
windows_server_2008
|
The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query,…
|
NVD-CWE-Other
|
CVE-2012-1194
|
2012-02-20 14:00 |
2012-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256998
|
7.8 |
HIGH
|
cisco
|
nx-os nexus_1000v nexus_5000 nexus_5010 nexus_5020 nexus_5548p nexus_5548up nexus_5596up nexus_7000 nexus_7000_10-slot nexus_7000_18-slot nexus_7000_9-slot
|
Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.…
|
CWE-399
リソース管理の問題
|
CVE-2012-0352
|
2012-02-17 14:00 |
2012-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256999
|
10.0 |
HIGH
|
finaldraft
|
finaldraft
|
Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Exte…
|
CWE-119
バッファエラー
|
CVE-2011-5002
|
2012-02-17 13:10 |
2011-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257000
|
6.0 |
MEDIUM
|
fabrikar
|
com_fabrikar
|
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbit…
|
NVD-CWE-Other
|
CVE-2011-5004
|
2012-02-17 13:10 |
2011-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|