257001
|
3.2 |
LOW
|
hp
|
operations_agent performance_agent
|
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unk…
|
NVD-CWE-noinfo
|
CVE-2011-4160
|
2012-02-17 13:09 |
2011-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257002
|
9.3 |
HIGH
|
emc
|
rsa_key_manager_appliance
|
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attacker…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-2740
|
2012-02-17 13:08 |
2011-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257003
|
5.0 |
MEDIUM
|
hp
|
tcp_ip_services_openvms
|
Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-3168
|
2012-02-17 13:08 |
2011-11-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257004
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif…
|
CWE-119
バッファエラー
|
CVE-2012-0757
|
2012-02-16 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257005
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2012-0758
|
2012-02-16 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257006
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif…
|
CWE-119
バッファエラー
|
CVE-2012-0760
|
2012-02-16 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257007
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif…
|
CWE-119
バッファエラー
|
CVE-2012-0763
|
2012-02-16 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257008
|
6.8 |
MEDIUM
|
emc centos
|
documentum_content_server centos
|
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveragi…
|
NVD-CWE-noinfo
|
CVE-2011-4144
|
2012-02-16 14:00 |
2012-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257009
|
2.6 |
LOW
|
htc
|
desire_hd desire_s droid_incredible evo_3d evo_4g glacier sensation_4g sensation_z710e thunderbolt_4g
|
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI4…
|
CWE-200
情報漏えい
|
CVE-2011-4872
|
2012-02-16 14:00 |
2012-02-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257010
|
5.0 |
MEDIUM
|
apache
|
tomcat
|
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain uninten…
|
CWE-200
情報漏えい
|
CVE-2011-3375
|
2012-02-16 13:16 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257011
|
5.0 |
MEDIUM
|
glpi-project
|
glpi
|
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST reques…
|
CWE-200
情報漏えい
|
CVE-2011-2720
|
2012-02-16 13:15 |
2011-08-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257012
|
7.5 |
HIGH
|
cacti
|
cacti
|
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a va…
|
CWE-89
SQLインジェクション
|
CVE-2010-2092
|
2012-02-16 13:04 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257013
|
6.5 |
MEDIUM
|
cacti
|
cacti
|
Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters…
|
CWE-20
不適切な入力確認
|
CVE-2010-1645
|
2012-02-16 13:03 |
2010-08-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257014
|
7.5 |
HIGH
|
cacti
|
cacti
|
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-1431
|
2012-02-16 13:02 |
2010-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257015
|
4.3 |
MEDIUM
|
netcreators
|
irfaq
|
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1070
|
2012-02-16 03:18 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257016
|
7.5 |
HIGH
|
manfred_egger
|
bc_post2facebook
|
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2012-1077
|
2012-02-15 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257017
|
4.3 |
MEDIUM
|
juergen_furrer
|
jftcaforms
|
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary w…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-5080
|
2012-02-15 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257018
|
6.0 |
MEDIUM
|
e107
|
e107
|
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2010-5084
|
2012-02-15 14:00 |
2012-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257019
|
7.2 |
HIGH
|
apple
|
iphone_os
|
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
|
CWE-399
リソース管理の問題
|
CVE-2011-3442
|
2012-02-15 13:10 |
2011-11-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257020
|
7.2 |
HIGH
|
apple
|
iphone_os
|
Per: http://support.apple.com/kb/HT5052
'This issue does not affect devices running iOS prior to version 4.3.'
|
CWE-399
リソース管理の問題
|
CVE-2011-3442
|
2012-02-15 13:10 |
2011-11-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257021
|
10.0 |
HIGH
|
hp
|
openview_network_node_manager
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
|
NVD-CWE-noinfo
|
CVE-2011-3165
|
2012-02-15 13:09 |
2011-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257022
|
10.0 |
HIGH
|
hp
|
openview_network_node_manager
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
|
NVD-CWE-noinfo
|
CVE-2011-3166
|
2012-02-15 13:09 |
2011-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257023
|
10.0 |
HIGH
|
hp
|
openview_network_node_manager
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
|
NVD-CWE-noinfo
|
CVE-2011-3167
|
2012-02-15 13:09 |
2011-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257024
|
5.0 |
MEDIUM
|
hp
|
tcp_ip_services_openvms
|
Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-3169
|
2012-02-15 13:09 |
2011-11-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257025
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnera…
|
CWE-119
バッファエラー
|
CVE-2011-2446
|
2012-02-15 13:08 |
2011-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257026
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2011-2447
|
2012-02-15 13:08 |
2011-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257027
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnera…
|
CWE-119
バッファエラー
|
CVE-2011-2448
|
2012-02-15 13:08 |
2011-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257028
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2011-2449
|
2012-02-15 13:08 |
2011-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257029
|
2.1 |
LOW
|
rik_de_boer
|
revisioning
|
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authe…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1060
|
2012-02-14 14:00 |
2012-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257030
|
4.3 |
MEDIUM
|
dreamreport invensys
|
dream_report wonderware_hmi_reports
|
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attacker…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4038
|
2012-02-14 14:00 |
2012-02-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257031
|
9.3 |
HIGH
|
dreamreport invensys
|
dream_report wonderware_hmi_reports
|
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code vi…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4039
|
2012-02-14 14:00 |
2012-02-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257032
|
4.3 |
MEDIUM
|
sourcefabric
|
campsite
|
Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provena…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-4973
|
2012-02-14 14:00 |
2011-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257033
|
6.0 |
MEDIUM
|
episerver
|
episerver_cms
|
Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit M…
|
NVD-CWE-noinfo
|
CVE-2012-1031
|
2012-02-14 13:11 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257034
|
4.3 |
MEDIUM
|
episerver
|
episerver_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1034
|
2012-02-14 13:11 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257035
|
4.3 |
MEDIUM
|
sonexis
|
conferencemanager
|
Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLo…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3687
|
2012-02-14 13:09 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257036
|
7.5 |
HIGH
|
sonexis
|
conferencemanager
|
Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContaine…
|
CWE-89
SQLインジェクション
|
CVE-2011-3688
|
2012-02-14 13:09 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257037
|
4.3 |
MEDIUM
|
hp
|
network_node_manager_i
|
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerab…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4155
|
2012-02-14 13:09 |
2011-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257038
|
4.3 |
MEDIUM
|
hp
|
network_node_manager_i
|
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerab…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4156
|
2012-02-14 13:09 |
2011-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257039
|
6.5 |
MEDIUM
|
merethis
|
centreon
|
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
|
CWE-22
パス・トラバーサル
|
CVE-2011-4431
|
2012-02-14 13:09 |
2011-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257040
|
5.0 |
MEDIUM
|
merethis
|
centreon
|
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent at…
|
CWE-310
暗号の問題
|
CVE-2011-4432
|
2012-02-14 13:09 |
2011-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257041
|
9.3 |
HIGH
|
realnetworks
|
realplayer realplayer_sp
|
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary co…
|
CWE-119
バッファエラー
|
CVE-2011-2950
|
2012-02-14 13:08 |
2011-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257042
|
6.4 |
MEDIUM
|
hp
|
onboard_administrator
|
Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-3155
|
2012-02-14 13:08 |
2011-10-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257043
|
1.2 |
LOW
|
hp
|
multifunction_peripheral_digital_sending_software
|
HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2011-3163
|
2012-02-14 13:08 |
2011-10-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257044
|
4.3 |
MEDIUM
|
myrephp
|
myre_real_estate_software
|
Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3393
|
2012-02-14 13:08 |
2011-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257045
|
7.5 |
HIGH
|
myrephp
|
myre_real_estate_software
|
SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
CWE-89
SQLインジェクション
|
CVE-2011-3394
|
2012-02-14 13:08 |
2011-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257046
|
10.0 |
HIGH
|
measuresoft
|
scadapro
|
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a lo…
|
CWE-119
バッファエラー
|
CVE-2011-3490
|
2012-02-14 13:08 |
2011-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257047
|
10.0 |
HIGH
|
measuresoft
|
scadapro
|
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF,…
|
CWE-22
パス・トラバーサル
|
CVE-2011-3495
|
2012-02-14 13:08 |
2011-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257048
|
10.0 |
HIGH
|
measuresoft
|
scadapro
|
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
|
CWE-20
不適切な入力確認
|
CVE-2011-3496
|
2012-02-14 13:08 |
2011-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257049
|
10.0 |
HIGH
|
measuresoft
|
scadapro
|
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
|
CWE-200
情報漏えい
|
CVE-2011-3497
|
2012-02-14 13:08 |
2011-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257050
|
7.5 |
HIGH
|
newgensoft
|
omnidocs
|
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a m…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3645
|
2012-02-14 13:08 |
2011-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|