257151
|
5.0 |
MEDIUM
|
linux
|
linux_kernel
|
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo…
|
CWE-200
情報漏えい
|
CVE-2010-4563
|
2012-02-3 14:00 |
2012-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257152
|
7.5 |
HIGH
|
sitracker
|
support_incident_tracker
|
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in …
|
CWE-94
コード・インジェクション
|
CVE-2011-4337
|
2012-02-2 14:00 |
2012-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257153
|
7.5 |
HIGH
|
sitracker
|
support_incident_tracker
|
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php,…
|
CWE-89
SQLインジェクション
|
CVE-2011-5071
|
2012-02-2 14:00 |
2012-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257154
|
7.5 |
HIGH
|
sitracker
|
support_incident_tracker
|
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) co…
|
CWE-89
SQLインジェクション
|
CVE-2011-5072
|
2012-02-2 14:00 |
2012-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257155
|
4.3 |
MEDIUM
|
sitracker
|
support_incident_tracker
|
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to cont…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-5073
|
2012-02-2 14:00 |
2012-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257156
|
6.8 |
MEDIUM
|
sitracker
|
support_incident_tracker
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that c…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2011-5074
|
2012-02-2 14:00 |
2012-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257157
|
5.0 |
MEDIUM
|
sitracker
|
support_incident_tracker
|
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installati…
|
NVD-CWE-noinfo
|
CVE-2011-5075
|
2012-02-2 14:00 |
2012-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257158
|
10.0 |
HIGH
|
sitracker
|
support_incident_tracker
|
Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2007-5635
|
2012-02-2 14:00 |
2007-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257159
|
4.9 |
MEDIUM
|
cluster_resources clusterresources
|
torque_resource_manager
|
Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user account…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4925
|
2012-02-2 13:09 |
2012-01-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257160
|
10.0 |
HIGH
|
hp
|
database_archiving_software
|
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.
|
NVD-CWE-noinfo
|
CVE-2011-4163
|
2012-02-2 13:08 |
2011-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257161
|
10.0 |
HIGH
|
hp
|
database_archiving_software
|
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.
|
NVD-CWE-noinfo
|
CVE-2011-4164
|
2012-02-2 13:08 |
2011-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257162
|
10.0 |
HIGH
|
hp
|
database_archiving_software
|
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.
|
NVD-CWE-noinfo
|
CVE-2011-4165
|
2012-02-2 13:08 |
2011-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257163
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4368
|
2012-02-2 13:08 |
2011-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257164
|
6.8 |
MEDIUM
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that c…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2011-3668
|
2012-02-2 13:07 |
2012-01-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257165
|
6.8 |
MEDIUM
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2011-3669
|
2012-02-2 13:07 |
2012-01-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257166
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-2463
|
2012-02-2 13:06 |
2011-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257167
|
5.0 |
MEDIUM
|
gnome
|
libsoup
|
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
|
CWE-22
パス・トラバーサル
|
CVE-2011-2524
|
2012-02-2 13:06 |
2011-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257168
|
6.9 |
MEDIUM
|
linux-ha
|
ocf_resource_agents
|
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allow…
|
NVD-CWE-Other
|
CVE-2010-3389
|
2012-02-2 12:58 |
2010-10-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257169
|
1.2 |
LOW
|
python
|
virtualenv
|
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
|
CWE-59
リンク解釈の問題
|
CVE-2011-4617
|
2012-02-1 13:12 |
2011-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257170
|
4.3 |
MEDIUM
|
zabbix
|
zabbix
|
Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-5027
|
2012-02-1 13:12 |
2011-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257171
|
9.0 |
HIGH
|
cisco
|
digital_media_manager
|
Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878.
|
CWE-94
コード・インジェクション
|
CVE-2012-0329
|
2012-01-31 13:08 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257172
|
7.5 |
HIGH
|
drusus kerry_thompson
|
logsurfer logsurfer\+
|
Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted s…
|
CWE-399
リソース管理の問題
|
CVE-2011-3626
|
2012-01-30 14:00 |
2012-01-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257173
|
5.0 |
MEDIUM
|
duckcorp
|
bip
|
bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command.
|
NVD-CWE-Other
|
CVE-2010-3071
|
2012-01-28 02:43 |
2010-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257174
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability …
|
CWE-20
不適切な入力確認
|
CVE-2012-0193
|
2012-01-27 13:04 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257175
|
10.0 |
HIGH
|
oneorzero
|
aims
|
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.
|
CWE-287
不適切な認証
|
CVE-2011-4214
|
2012-01-27 13:03 |
2011-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257176
|
7.5 |
HIGH
|
oneorzero
|
aims
|
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variabl…
|
CWE-89
SQLインジェクション
|
CVE-2011-4215
|
2012-01-27 13:03 |
2011-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257177
|
4.3 |
MEDIUM
|
horde
|
groupware_webmail_edition
|
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0909
|
2012-01-27 01:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257178
|
4.3 |
MEDIUM
|
asterisk
|
open_source
|
chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial …
|
NVD-CWE-noinfo
|
CVE-2012-0885
|
2012-01-26 23:50 |
2012-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257179
|
4.3 |
MEDIUM
|
google
|
android
|
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.
|
CWE-200
情報漏えい
|
CVE-2011-4276
|
2012-01-26 14:00 |
2012-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257180
|
9.3 |
HIGH
|
splunk
|
splunk
|
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote …
|
CWE-287
不適切な認証
|
CVE-2011-4644
|
2012-01-26 14:00 |
2012-01-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257181
|
6.4 |
MEDIUM
|
kaixin001
|
kaixin001
|
The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext pass…
|
CWE-200
情報漏えい
|
CVE-2011-4866
|
2012-01-26 04:45 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257182
|
6.4 |
MEDIUM
|
ubermedia
|
twidroyd_legacy
|
The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted app…
|
CWE-200
情報漏えい
|
CVE-2011-4699
|
2012-01-26 04:43 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257183
|
6.4 |
MEDIUM
|
androidapptools
|
easy_filter
|
The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call re…
|
CWE-200
情報漏えい
|
CVE-2011-4698
|
2012-01-26 04:41 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257184
|
9.3 |
HIGH
|
renren
|
renren_talk
|
Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file.
|
CWE-119
バッファエラー
|
CVE-2012-0916
|
2012-01-26 03:48 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257185
|
4.3 |
MEDIUM
|
oetiker
|
smokeping
|
Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0790
|
2012-01-25 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257186
|
9.3 |
HIGH
|
renren
|
renren_talk
|
Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a B…
|
CWE-189
数値処理の問題
|
CVE-2012-0915
|
2012-01-25 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257187
|
6.4 |
MEDIUM
|
xiaomi
|
mitalk_messenger
|
The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a cra…
|
CWE-200
情報漏えい
|
CVE-2011-4697
|
2012-01-25 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257188
|
5.8 |
MEDIUM
|
hatena
|
callconfirm
|
The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted appl…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4701
|
2012-01-25 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257189
|
5.8 |
MEDIUM
|
nimbuzz
|
nimbuzz
|
The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4702
|
2012-01-25 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257190
|
5.8 |
MEDIUM
|
voxofon
|
voxofon
|
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4704
|
2012-01-25 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257191
|
5.8 |
MEDIUM
|
ming
|
blacklist_free
|
The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4705
|
2012-01-25 14:00 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257192
|
7.5 |
HIGH
|
stone-ware
|
webnetwork
|
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2012-0912
|
2012-01-25 01:56 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257193
|
6.8 |
MEDIUM
|
stone-ware
|
webnetwork
|
Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accoun…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-0286
|
2012-01-25 01:53 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257194
|
4.3 |
MEDIUM
|
stone-ware
|
webnetwork
|
Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0285
|
2012-01-25 00:55 |
2012-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257195
|
4.3 |
MEDIUM
|
glucose
|
glucose_2
|
Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-0313
|
2012-01-24 14:00 |
2012-01-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257196
|
6.8 |
MEDIUM
|
emc
|
rsa_adaptive_authentication_on-premise
|
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-2741
|
2012-01-24 13:00 |
2011-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257197
|
6.8 |
MEDIUM
|
emc
|
rsa_adaptive_authentication_on-premise
|
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile a…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-2742
|
2012-01-24 13:00 |
2011-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257198
|
5.1 |
MEDIUM
|
yahoo
|
messenger
|
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafte…
|
CWE-189
数値処理の問題
|
CVE-2012-0268
|
2012-01-23 14:00 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257199
|
9.3 |
HIGH
|
7t
|
igss
|
Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current wor…
|
NVD-CWE-Other
|
CVE-2011-4053
|
2012-01-23 14:00 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257200
|
9.3 |
HIGH
|
7t
|
igss
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2011-4053
|
2012-01-23 14:00 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|