257101
|
5.0 |
MEDIUM
|
adacore
|
ada_web_services
|
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a …
|
CWE-20
不適切な入力確認
|
CVE-2012-1035
|
2012-02-9 14:00 |
2012-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257102
|
7.5 |
HIGH
|
extensionsforjoomla
|
com_vikrealestate
|
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a re…
|
CWE-89
SQLインジェクション
|
CVE-2011-4823
|
2012-02-9 14:00 |
2011-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257103
|
6.8 |
MEDIUM
|
autosectools
|
v-cms
|
SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are…
|
CWE-89
SQLインジェクション
|
CVE-2011-4826
|
2012-02-9 14:00 |
2011-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257104
|
4.3 |
MEDIUM
|
autosectools
|
v-cms
|
Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parame…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4827
|
2012-02-9 14:00 |
2011-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257105
|
4.0 |
MEDIUM
|
david_azoulay
|
web_file_browser
|
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a d…
|
CWE-22
パス・トラバーサル
|
CVE-2011-4831
|
2012-02-9 14:00 |
2011-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257106
|
6.5 |
MEDIUM
|
sybase
|
m-business_anywhere
|
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-5078
|
2012-02-9 14:00 |
2012-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257107
|
6.8 |
MEDIUM
|
emobile
|
pocket_wifi_firmware pocket_wifi
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the aut…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-0314
|
2012-02-9 13:10 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257108
|
7.5 |
HIGH
|
hudong
|
hdwiki
|
Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dir…
|
NVD-CWE-Other
|
CVE-2011-5077
|
2012-02-9 00:21 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257109
|
7.5 |
HIGH
|
hudong
|
hdwiki
|
SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE:…
|
CWE-89
SQLインジェクション
|
CVE-2011-5076
|
2012-02-9 00:16 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257110
|
2.1 |
LOW
|
foswiki
|
foswiki
|
Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1004
|
2012-02-8 14:00 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257111
|
2.1 |
LOW
|
foswiki
|
foswiki
|
Per: http://foswiki.org/Support/SecurityAlert-CVE-2012-1004
'Vulnerable Software Versions - All versions 1.0.0 - 1.1.4 inclusive for sites that use the user registration process'
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1004
|
2012-02-8 14:00 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257112
|
4.3 |
MEDIUM
|
xwiki
|
xwiki_enterprise
|
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bi…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1019
|
2012-02-8 14:00 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257113
|
5.0 |
MEDIUM
|
dream-multimedia-tv
|
enigma2_webinterface
|
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
|
CWE-22
パス・トラバーサル
|
CVE-2012-1025
|
2012-02-8 14:00 |
2012-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257114
|
7.5 |
HIGH
|
whmcs
|
whmcompletesolution
|
functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to…
|
CWE-94
コード・インジェクション
|
CVE-2011-5061
|
2012-02-8 14:00 |
2012-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257115
|
2.1 |
LOW
|
ibm
|
websphere_application_server
|
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump o…
|
CWE-200
情報漏えい
|
CVE-2011-5066
|
2012-02-8 14:00 |
2012-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257116
|
5.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors …
|
NVD-CWE-noinfo
|
CVE-2011-3531
|
2012-02-7 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257117
|
4.6 |
MEDIUM
|
oracle
|
communications_unified
|
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server.
|
NVD-CWE-noinfo
|
CVE-2011-3565
|
2012-02-7 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257118
|
5.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vecto…
|
NVD-CWE-noinfo
|
CVE-2011-3569
|
2012-02-7 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257119
|
2.1 |
LOW
|
oracle
|
communications_unified
|
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.
|
NVD-CWE-noinfo
|
CVE-2011-3570
|
2012-02-7 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257120
|
4.0 |
MEDIUM
|
oracle
|
communications_unified
|
Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server.
|
NVD-CWE-noinfo
|
CVE-2011-3573
|
2012-02-7 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257121
|
3.3 |
LOW
|
oracle
|
communications_unified
|
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server.
|
NVD-CWE-noinfo
|
CVE-2011-3574
|
2012-02-7 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257122
|
9.3 |
HIGH
|
siemens
|
wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime
|
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panel…
|
CWE-287
不適切な認証
|
CVE-2011-4508
|
2012-02-7 14:00 |
2012-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257123
|
5.8 |
MEDIUM
|
tencent
|
qqpphoto
|
The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a cr…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4867
|
2012-02-7 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257124
|
7.5 |
HIGH
|
cafuego
|
simple_document_management_system
|
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-4986
|
2012-02-7 14:00 |
2011-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257125
|
7.5 |
HIGH
|
cafuego
|
simple_document_management_system
|
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list…
|
CWE-89
SQLインジェクション
|
CVE-2005-3877
|
2012-02-7 14:00 |
2005-11-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257126
|
4.3 |
MEDIUM
|
oscommerce
|
oscommerce
|
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0311
|
2012-02-6 14:00 |
2012-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257127
|
4.3 |
MEDIUM
|
oscommerce
|
online_merchant oscommerce
|
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified v…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0312
|
2012-02-6 14:00 |
2012-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257128
|
9.3 |
HIGH
|
emc
|
networker
|
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute ar…
|
CWE-119
バッファエラー
|
CVE-2012-0395
|
2012-02-6 14:00 |
2012-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257129
|
4.3 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an…
|
CWE-310
暗号の問題
|
CVE-2011-3444
|
2012-02-6 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257130
|
5.0 |
MEDIUM
|
rsa
|
envision
|
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2011-4143
|
2012-02-6 14:00 |
2012-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257131
|
10.0 |
HIGH
|
siemens
|
wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime
|
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4509
|
2012-02-6 14:00 |
2012-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257132
|
4.3 |
MEDIUM
|
siemens
|
wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime
|
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4510
|
2012-02-6 14:00 |
2012-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257133
|
4.3 |
MEDIUM
|
siemens
|
wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime
|
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4511
|
2012-02-6 14:00 |
2012-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257134
|
5.0 |
MEDIUM
|
siemens
|
wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime
|
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and…
|
CWE-94
コード・インジェクション
|
CVE-2011-4512
|
2012-02-6 14:00 |
2012-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257135
|
10.0 |
HIGH
|
siemens
|
wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime
|
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Run…
|
NVD-CWE-noinfo
|
CVE-2011-4513
|
2012-02-6 14:00 |
2012-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257136
|
10.0 |
HIGH
|
siemens
|
wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime
|
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; a…
|
CWE-287
不適切な認証
|
CVE-2011-4514
|
2012-02-6 14:00 |
2012-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257137
|
4.3 |
MEDIUM
|
mozilla
|
bugzilla
|
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3657
|
2012-02-4 13:01 |
2012-01-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257138
|
4.3 |
MEDIUM
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to t…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-2937
|
2012-02-4 13:00 |
2011-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257139
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embe…
|
CWE-189
数値処理の問題
|
CVE-2011-0200
|
2012-02-4 12:56 |
2011-06-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257140
|
4.3 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lac…
|
CWE-200
情報漏えい
|
CVE-2011-3452
|
2012-02-4 01:16 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257141
|
7.8 |
HIGH
|
freebsd netbsd
|
freebsd netbsd
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU cons…
|
CWE-399
リソース管理の問題
|
CVE-2011-2393
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257142
|
7.5 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (ap…
|
NVD-CWE-noinfo
|
CVE-2011-3446
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257143
|
4.3 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
|
CWE-200
情報漏えい
|
CVE-2011-3447
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257144
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file wit…
|
CWE-119
バッファエラー
|
CVE-2011-3448
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257145
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font…
|
CWE-399
リソース管理の問題
|
CVE-2011-3449
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257146
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory c…
|
CWE-399
リソース管理の問題
|
CVE-2011-3450
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257147
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Per http://support.apple.com/kb/HT5130 : This issue does not affect systems prior to OS X Lion.
'This issue does not affect systems prior to OS X Lion.'
|
CWE-399
リソース管理の問題
|
CVE-2011-3450
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257148
|
5.0 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in…
|
NVD-CWE-noinfo
|
CVE-2011-3462
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257149
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound direc…
|
CWE-287
不適切な認証
|
CVE-2011-3463
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257150
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Per: http://support.apple.com/kb/HT5130
'This issue does not affect systems prior to OS X Lion.'
|
CWE-287
不適切な認証
|
CVE-2011-3463
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|