258451
|
7.5 |
HIGH
|
simplemachines
|
smf
|
The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote …
|
CWE-310
暗号の問題
|
CVE-2011-1128
|
2011-06-29 13:00 |
2011-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258452
|
3.5 |
LOW
|
simplemachines
|
smf
|
Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inj…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-1129
|
2011-06-29 13:00 |
2011-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258453
|
5.0 |
MEDIUM
|
simplemachines
|
smf
|
The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even th…
|
CWE-200
情報漏えい
|
CVE-2011-1131
|
2011-06-28 13:00 |
2011-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258454
|
5.0 |
MEDIUM
|
brad_fitzpatrick
|
djabberd
|
DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML documen…
|
CWE-399
リソース管理の問題
|
CVE-2011-1757
|
2011-06-28 13:00 |
2011-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258455
|
5.5 |
MEDIUM
|
brad_fitzpatrick
|
djabberd
|
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consum…
|
CWE-399
リソース管理の問題
|
CVE-2011-2206
|
2011-06-28 13:00 |
2011-06-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258456
|
4.3 |
MEDIUM
|
prosody
|
prosody
|
Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation)…
|
CWE-399
リソース管理の問題
|
CVE-2011-2531
|
2011-06-28 13:00 |
2011-06-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258457
|
5.0 |
MEDIUM
|
prosody
|
prosody
|
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated d…
|
CWE-399
リソース管理の問題
|
CVE-2011-2532
|
2011-06-28 13:00 |
2011-06-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258458
|
6.8 |
MEDIUM
|
apple
|
mac_os_x imageio mac_os_x_server
|
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.
|
CWE-189
数値処理の問題
|
CVE-2011-0181
|
2011-06-27 13:00 |
2011-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258459
|
7.8 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.
|
CWE-399
リソース管理の問題
|
CVE-2011-0196
|
2011-06-27 13:00 |
2011-06-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258460
|
6.2 |
MEDIUM
|
metasploit
|
metasploit_framework
|
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replac…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1056
|
2011-06-20 13:00 |
2011-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258461
|
5.0 |
MEDIUM
|
wikkawiki
|
wikkawiki
|
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
|
CWE-200
情報漏えい
|
CVE-2007-2552
|
2011-06-16 13:00 |
2007-05-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258462
|
7.5 |
HIGH
|
amarok
|
amarok
|
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbi…
|
CWE-20
不適切な入力確認
|
CVE-2006-6979
|
2011-06-16 13:00 |
2007-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258463
|
5.8 |
MEDIUM
|
mediawiki
|
mediawiki
|
includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypa…
|
CWE-287
不適切な認証
|
CVE-2011-1766
|
2011-06-16 11:56 |
2011-05-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258464
|
5.0 |
MEDIUM
|
sybase
|
easerver
|
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.
|
CWE-22
パス・トラバーサル
|
CVE-2011-2474
|
2011-06-14 13:00 |
2011-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258465
|
10.0 |
HIGH
|
sybase
|
onebridge_mobile_data_suite
|
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote a…
|
CWE-134
書式文字列の問題
|
CVE-2011-2475
|
2011-06-14 13:00 |
2011-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258466
|
5.0 |
MEDIUM
|
nlnetlabs
|
unbound
|
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
|
CWE-399
リソース管理の問題
|
CVE-2009-4008
|
2011-06-14 13:00 |
2011-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258467
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote atta…
|
CWE-200
情報漏えい
|
CVE-2006-6637
|
2011-06-14 13:00 |
2006-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258468
|
10.0 |
HIGH
|
sun
|
sparc_enterprise_server
|
The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2009-0171
|
2011-06-13 13:00 |
2009-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258469
|
5.0 |
MEDIUM
|
isc
|
dhcpd
|
The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-ide…
|
CWE-399
リソース管理の問題
|
CVE-2006-3122
|
2011-06-13 13:00 |
2006-08-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258470
|
5.1 |
MEDIUM
|
asbru_software
|
asbru_web_content_management asbru_website_manager
|
The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to exec…
|
CWE-94
コード・インジェクション
|
CVE-2006-5258
|
2011-06-13 13:00 |
2006-10-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258471
|
6.6 |
MEDIUM
|
apple freebsd
|
mac_os_x freebsd
|
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX…
|
CWE-399
リソース管理の問題
|
CVE-2007-0267
|
2011-06-10 13:00 |
2007-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258472
|
4.3 |
MEDIUM
|
apache
|
struts
|
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-2087
|
2011-06-2 13:00 |
2011-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258473
|
5.0 |
MEDIUM
|
nlnetlabs
|
unbound
|
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
|
CWE-399
リソース管理の問題
|
CVE-2010-0969
|
2011-06-2 13:00 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258474
|
5.0 |
MEDIUM
|
trustwave
|
webdefend
|
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote cons…
|
CWE-255
証明書・パスワード管理
|
CVE-2011-0756
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258475
|
3.5 |
LOW
|
liferay
|
portal
|
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-1504
|
2011-05-31 13:00 |
2011-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258476
|
7.5 |
HIGH
|
doctrine-project
|
doctrine1.2.0 doctrine1.2.1 doctrine1.2.2 doctrine1.2.3 doctrine
|
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute a…
|
CWE-89
SQLインジェクション
|
CVE-2011-1522
|
2011-05-31 13:00 |
2011-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258477
|
10.0 |
HIGH
|
indusoft
|
web_studio
|
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.
|
CWE-22
パス・トラバーサル
|
CVE-2011-1900
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258478
|
7.5 |
HIGH
|
proofpoint
|
messaging_security_gateway protection_server
|
The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attac…
|
CWE-287
不適切な認証
|
CVE-2011-1901
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258479
|
5.0 |
MEDIUM
|
proofpoint
|
messaging_security_gateway protection_server
|
Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and …
|
CWE-22
パス・トラバーサル
|
CVE-2011-1902
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258480
|
7.5 |
HIGH
|
proofpoint
|
messaging_security_gateway protection_server
|
SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and …
|
CWE-89
SQLインジェクション
|
CVE-2011-1903
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258481
|
7.5 |
HIGH
|
proofpoint
|
messaging_security_gateway protection_server
|
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allo…
|
CWE-78
OSコマンド・インジェクション
|
CVE-2011-1904
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258482
|
6.8 |
MEDIUM
|
proofpoint
|
messaging_security_gateway protection_server
|
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Serv…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2011-1905
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258483
|
5.0 |
MEDIUM
|
trustwave
|
webdefend
|
Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via …
|
CWE-255
証明書・パスワード管理
|
CVE-2011-1906
|
2011-05-31 13:00 |
2011-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258484
|
4.3 |
MEDIUM
|
bravenewcode
|
wptouch
|
Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wp…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-4779
|
2011-05-31 13:00 |
2011-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258485
|
4.3 |
MEDIUM
|
vmware
|
vcenter virtualcenter
|
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbit…
|
CWE-22
パス・トラバーサル
|
CVE-2011-0426
|
2011-05-27 13:00 |
2011-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258486
|
7.8 |
HIGH
|
yamaha nec
|
rt100i rt102i rt103i rt105e rt105i rt105p rt107e rt140e rt140f rt140i rt140p rt200i rt250i rt300i rt56v rt57i rt58i rt60w rt80i rta50i rta5…
|
Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allo…
|
CWE-20
不適切な入力確認
|
CVE-2011-1323
|
2011-05-27 13:00 |
2011-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258487
|
5.8 |
MEDIUM
|
buffalotech
|
bbr-4hg_firmware bbr-4mg_firmware bhr-4rv_firmware fs-g54_firmware wer-a54g54_firmware wer-ag54_firmware wer-am54g54_firmware wer-amg54_firmware whr-am54g54_firmware whr-am…
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2011-1324
|
2011-05-27 13:00 |
2011-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258488
|
7.5 |
HIGH
|
samsung
|
data_management_server
|
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to…
|
CWE-89
SQLインジェクション
|
CVE-2010-4284
|
2011-05-27 13:00 |
2011-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258489
|
4.0 |
MEDIUM
|
ibm
|
web_content_manager
|
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain r…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-4806
|
2011-05-27 01:55 |
2011-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258490
|
5.8 |
MEDIUM
|
lockon
|
ec-cube
|
Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2011-1325
|
2011-05-26 13:00 |
2011-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258491
|
5.0 |
MEDIUM
|
vmware
|
esx esxi vcenter
|
The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1…
|
CWE-310
暗号の問題
|
CVE-2011-1789
|
2011-05-26 13:00 |
2011-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258492
|
8.5 |
HIGH
|
skype
|
skype
|
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a cr…
|
NVD-CWE-noinfo
|
CVE-2011-2074
|
2011-05-26 13:00 |
2011-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258493
|
8.5 |
HIGH
|
skype
|
skype
|
Per: http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html
'Please note, Skype's other clients, e.g. Windows and Linux, are not susceptible to this vulnerability.'
|
NVD-CWE-noinfo
|
CVE-2011-2074
|
2011-05-26 13:00 |
2011-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258494
|
5.0 |
MEDIUM
|
adobe
|
flash_media_server
|
Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors.
|
CWE-399
リソース管理の問題
|
CVE-2011-0612
|
2011-05-25 13:00 |
2011-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258495
|
4.3 |
MEDIUM
|
adobe
|
robohelp robohelp_server
|
Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-0613
|
2011-05-25 13:00 |
2011-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258496
|
9.3 |
HIGH
|
adobe
|
audition
|
Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data …
|
CWE-119
バッファエラー
|
CVE-2011-0615
|
2011-05-25 13:00 |
2011-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258497
|
7.2 |
HIGH
|
google
|
chrome_os
|
Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-2169
|
2011-05-25 13:00 |
2011-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258498
|
4.3 |
MEDIUM
|
monkeysaudio
|
monkey\'s_audio
|
Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination.
|
CWE-399
リソース管理の問題
|
CVE-2006-7245
|
2011-05-25 13:00 |
2011-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258499
|
2.1 |
LOW
|
trendmicro
|
trend_micro_internet_security
|
The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive i…
|
CWE-310
暗号の問題
|
CVE-2011-1327
|
2011-05-24 13:00 |
2011-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258500
|
10.0 |
HIGH
|
adobe
|
photoshop
|
Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2011-2164
|
2011-05-24 13:00 |
2011-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|