257201
|
10.0 |
HIGH
|
flexerasoftware
|
flexnet_publisher
|
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to s…
|
CWE-22
パス・トラバーサル
|
CVE-2011-4135
|
2012-01-23 14:00 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257202
|
5.0 |
MEDIUM
|
atvise
|
atvise
|
Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.
|
NVD-CWE-noinfo
|
CVE-2011-4873
|
2012-01-21 01:19 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257203
|
10.0 |
HIGH
|
flexerasoftware
|
flexnet_publisher
|
Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet.
|
CWE-119
バッファエラー
|
CVE-2011-4134
|
2012-01-20 14:00 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257204
|
2.1 |
LOW
|
flexerasoftware
|
installshield
|
Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow loca…
|
CWE-200
情報漏えい
|
CVE-2007-6744
|
2012-01-20 14:00 |
2012-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257205
|
5.5 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and int…
|
NVD-CWE-noinfo
|
CVE-2011-3568
|
2012-01-20 00:57 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257206
|
2.1 |
LOW
|
oracle
|
sun_glassfish_enterprise_server
|
Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.
|
NVD-CWE-noinfo
|
CVE-2011-3564
|
2012-01-20 00:35 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257207
|
2.1 |
LOW
|
emc
|
sourceone_email_management
|
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to…
|
CWE-255
証明書・パスワード管理
|
CVE-2011-4142
|
2012-01-19 20:55 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257208
|
3.5 |
LOW
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to …
|
NVD-CWE-noinfo
|
CVE-2011-2271
|
2012-01-19 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257209
|
1.5 |
LOW
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related…
|
NVD-CWE-noinfo
|
CVE-2011-2318
|
2012-01-19 14:00 |
2011-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257210
|
5.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vect…
|
NVD-CWE-noinfo
|
CVE-2011-3566
|
2012-01-19 14:00 |
2012-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257211
|
7.5 |
HIGH
|
openttd
|
openttd
|
Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDE…
|
CWE-189
数値処理の問題
|
CVE-2011-3341
|
2012-01-19 12:59 |
2011-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257212
|
7.5 |
HIGH
|
openttd
|
openttd
|
Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) …
|
CWE-119
バッファエラー
|
CVE-2011-3342
|
2012-01-19 12:59 |
2011-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257213
|
4.6 |
MEDIUM
|
openttd
|
openttd
|
Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) craf…
|
CWE-119
バッファエラー
|
CVE-2011-3343
|
2012-01-19 12:59 |
2011-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257214
|
6.9 |
MEDIUM
|
gnome
|
ifcfg-rh_plug-in
|
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, whe…
|
NVD-CWE-Other
|
CVE-2011-3364
|
2012-01-19 12:59 |
2011-11-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257215
|
6.9 |
MEDIUM
|
gnome
|
ifcfg-rh_plug-in
|
Per: http://cwe.mitre.org/data/definitions/184.html
'CWE-184: Incomplete Blacklist'
|
NVD-CWE-Other
|
CVE-2011-3364
|
2012-01-19 12:59 |
2011-11-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257216
|
9.3 |
HIGH
|
libreoffice
|
libreoffice
|
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
|
CWE-119
バッファエラー
|
CVE-2011-2685
|
2012-01-19 12:58 |
2011-07-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257217
|
5.0 |
MEDIUM
|
ruby-lang
|
ruby
|
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependen…
|
CWE-20
不適切な入力確認
|
CVE-2011-2705
|
2012-01-19 12:58 |
2011-08-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257218
|
5.8 |
MEDIUM
|
tor
|
tor
|
Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by r…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-2768
|
2012-01-19 12:58 |
2011-12-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257219
|
4.3 |
MEDIUM
|
tor
|
tor
|
Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enu…
|
CWE-200
情報漏えい
|
CVE-2011-2769
|
2012-01-19 12:58 |
2011-12-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257220
|
7.6 |
HIGH
|
tor
|
tor
|
Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS conn…
|
CWE-119
バッファエラー
|
CVE-2011-2778
|
2012-01-19 12:58 |
2011-12-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257221
|
2.6 |
LOW
|
apache opensymphony
|
struts webwork xwork
|
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script o…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-1772
|
2012-01-19 12:57 |
2011-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257222
|
2.1 |
LOW
|
gnome
|
networkmanager
|
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vect…
|
CWE-287
不適切な認証
|
CVE-2011-2176
|
2012-01-19 12:57 |
2011-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257223
|
7.6 |
HIGH
|
redhat
|
evince
|
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary …
|
CWE-20
不適切な入力確認
|
CVE-2010-2640
|
2012-01-19 12:49 |
2011-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257224
|
7.6 |
HIGH
|
redhat
|
evince
|
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary …
|
CWE-20
不適切な入力確認
|
CVE-2010-2641
|
2012-01-19 12:49 |
2011-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257225
|
7.6 |
HIGH
|
redhat
|
evince
|
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file tha…
|
CWE-189
数値処理の問題
|
CVE-2010-2643
|
2012-01-19 12:49 |
2011-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257226
|
7.5 |
HIGH
|
kde
|
kdelibs
|
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle atta…
|
CWE-310
暗号の問題
|
CVE-2009-2702
|
2012-01-19 12:40 |
2009-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257227
|
4.4 |
MEDIUM
|
google
|
chrome_os
|
Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors.
|
CWE-20
不適切な入力確認
|
CVE-2011-2170
|
2012-01-18 14:00 |
2011-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257228
|
10.0 |
HIGH
|
google
|
chrome_os
|
Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2011-2171
|
2012-01-18 14:00 |
2011-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257229
|
5.0 |
MEDIUM
|
wibu
|
codemeter_runtime
|
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP p…
|
CWE-399
リソース管理の問題
|
CVE-2011-4057
|
2012-01-16 14:00 |
2012-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257230
|
7.6 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows ma…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3213
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257231
|
4.6 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3214
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257232
|
2.1 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and dis…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3215
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257233
|
2.1 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink syst…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3216
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257234
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
|
CWE-119
バッファエラー
|
CVE-2011-3217
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257235
|
2.6 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduc…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3218
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257236
|
4.3 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations…
|
CWE-200
情報漏えい
|
CVE-2011-3220
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257237
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application…
|
CWE-94
コード・インジェクション
|
CVE-2011-3221
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257238
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
|
CWE-119
バッファエラー
|
CVE-2011-3222
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257239
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
|
CWE-119
バッファエラー
|
CVE-2011-3223
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257240
|
2.6 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by s…
|
NVD-CWE-Other
|
CVE-2011-3224
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257241
|
5.0 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers t…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3225
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257242
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of a…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3226
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257243
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execu…
|
CWE-20
不適切な入力確認
|
CVE-2011-3227
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257244
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
|
CWE-94
コード・インジェクション
|
CVE-2011-3228
|
2012-01-14 12:55 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257245
|
4.3 |
MEDIUM
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors rela…
|
NVD-CWE-noinfo
|
CVE-2011-2308
|
2012-01-14 12:54 |
2011-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257246
|
7.5 |
HIGH
|
hp
|
easy_printer_care_software
|
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program,…
|
CWE-94
コード・インジェクション
|
CVE-2011-2404
|
2012-01-14 12:54 |
2011-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257247
|
4.4 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
|
CWE-134
書式文字列の問題
|
CVE-2011-0185
|
2012-01-14 12:51 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257248
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
|
CWE-94
コード・インジェクション
|
CVE-2011-0224
|
2012-01-14 12:51 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257249
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers…
|
CWE-119
バッファエラー
|
CVE-2011-0229
|
2012-01-14 12:51 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257250
|
7.5 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application c…
|
CWE-119
バッファエラー
|
CVE-2011-0230
|
2012-01-14 12:51 |
2011-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|