258551
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0…
|
CWE-399
リソース管理の問題
|
CVE-2010-4789
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258552
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memo…
|
CWE-399
リソース管理の問題
|
CVE-2009-5072
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258553
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested g…
|
CWE-399
リソース管理の問題
|
CVE-2009-5073
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258554
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cau…
|
CWE-399
リソース管理の問題
|
CVE-2008-7287
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258555
|
5.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operati…
|
CWE-399
リソース管理の問題
|
CVE-2008-7288
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258556
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to …
|
CWE-20
不適切な入力確認
|
CVE-2008-7289
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258557
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consump…
|
CWE-399
リソース管理の問題
|
CVE-2008-7290
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258558
|
6.8 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to c…
|
CWE-399
リソース管理の問題
|
CVE-2007-6742
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258559
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that tri…
|
CWE-399
リソース管理の問題
|
CVE-2007-6743
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258560
|
6.4 |
MEDIUM
|
novell
|
opensuse_build_service
|
The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspec…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-0466
|
2011-04-21 13:00 |
2011-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258561
|
2.6 |
LOW
|
microsoft
|
windows_azure_sdk
|
Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for…
|
CWE-20
不適切な入力確認
|
CVE-2011-1068
|
2011-04-21 13:00 |
2011-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258562
|
2.1 |
LOW
|
ibm
|
websphere_application_server
|
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standar…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1307
|
2011-04-21 13:00 |
2011-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258563
|
6.8 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is use…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1683
|
2011-04-21 13:00 |
2011-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258564
|
4.3 |
MEDIUM
|
lightneasy
|
lightneasy
|
Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-4753
|
2011-04-21 13:00 |
2011-03-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258565
|
7.2 |
HIGH
|
pwhois
|
layer_four_traceroute
|
Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) 3.x before 3.3 allows local users to gain privileges via a crafted command line.
|
NVD-CWE-noinfo
|
CVE-2011-0765
|
2011-04-21 11:33 |
2011-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258566
|
4.4 |
MEDIUM
|
hp
|
hp-ux
|
Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-0891
|
2011-04-21 11:33 |
2011-04-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258567
|
10.0 |
HIGH
|
cisco
|
ios
|
The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by…
|
CWE-310
暗号の問題
|
CVE-2011-0935
|
2011-04-21 11:33 |
2011-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258568
|
10.0 |
HIGH
|
cisco
|
ios
|
CVSS score derived from:
http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_2s.html
|
CWE-310
暗号の問題
|
CVE-2011-0935
|
2011-04-21 11:33 |
2011-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258569
|
6.9 |
MEDIUM
|
gentoo
|
logrotate
|
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated…
|
CWE-20
不適切な入力確認
|
CVE-2011-1154
|
2011-04-21 11:33 |
2011-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258570
|
1.9 |
LOW
|
gentoo
|
logrotate
|
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash…
|
CWE-399
リソース管理の問題
|
CVE-2011-1155
|
2011-04-21 11:33 |
2011-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258571
|
6.3 |
MEDIUM
|
gentoo
|
logrotate
|
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1548
|
2011-04-21 11:33 |
2011-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258572
|
6.3 |
MEDIUM
|
gentoo
|
logrotate
|
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard lin…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1549
|
2011-04-21 11:33 |
2011-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258573
|
5.0 |
MEDIUM
|
oracle
|
enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm
|
Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrast…
|
NVD-CWE-noinfo
|
CVE-2011-0810
|
2011-04-20 19:55 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258574
|
5.0 |
MEDIUM
|
oracle
|
enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm
|
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infr…
|
NVD-CWE-noinfo
|
CVE-2011-0818
|
2011-04-20 19:55 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258575
|
4.3 |
MEDIUM
|
oracle
|
database_server fusion_middleware
|
Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.…
|
NVD-CWE-noinfo
|
CVE-2011-0785
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258576
|
4.3 |
MEDIUM
|
oracle
|
database_server fusion_middleware
|
Per: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
'Fixed in all supported Releases and Patchsets.'
|
NVD-CWE-noinfo
|
CVE-2011-0785
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258577
|
5.5 |
MEDIUM
|
oracle
|
database_server enterprise_manager_grid_control
|
Unspecified vulnerability in the Application Service Level Management component in Oracle Database Server 11.1.0.7 and Enterprise Manager Grid Control allows remote authenticated users to affect conf…
|
NVD-CWE-noinfo
|
CVE-2011-0787
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258578
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-0789
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258579
|
1.7 |
LOW
|
sun
|
sunos
|
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
|
NVD-CWE-noinfo
|
CVE-2011-0790
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258580
|
4.3 |
MEDIUM
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via un…
|
NVD-CWE-noinfo
|
CVE-2011-0791
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258581
|
3.6 |
LOW
|
oracle
|
database_server
|
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and avai…
|
NVD-CWE-noinfo
|
CVE-2011-0793
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258582
|
3.5 |
LOW
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and …
|
NVD-CWE-noinfo
|
CVE-2011-0795
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258583
|
1.7 |
LOW
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vecto…
|
NVD-CWE-noinfo
|
CVE-2011-0796
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258584
|
2.1 |
LOW
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality vi…
|
NVD-CWE-noinfo
|
CVE-2011-0797
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258585
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure.
|
NVD-CWE-noinfo
|
CVE-2011-0798
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258586
|
6.5 |
MEDIUM
|
oracle
|
database_server warehouse_builder
|
Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integ…
|
NVD-CWE-noinfo
|
CVE-2011-0799
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258587
|
6.5 |
MEDIUM
|
sun
|
sunos
|
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to …
|
NVD-CWE-noinfo
|
CVE-2011-0800
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258588
|
3.6 |
LOW
|
sun
|
sunos
|
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
|
NVD-CWE-noinfo
|
CVE-2011-0801
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258589
|
5.8 |
MEDIUM
|
oracle
|
enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm
|
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.9 GA through 8.98.4.1, and OneWorld Tools through 24.1.3, allows remote attackers to affect i…
|
NVD-CWE-noinfo
|
CVE-2011-0803
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258590
|
3.6 |
LOW
|
oracle
|
database_server
|
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confiden…
|
NVD-CWE-noinfo
|
CVE-2011-0804
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258591
|
4.3 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-0805
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258592
|
5.0 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attacker…
|
NVD-CWE-noinfo
|
CVE-2011-0806
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258593
|
5.0 |
MEDIUM
|
oracle
|
database_server
|
Per: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
'Applicable to Windows servers only.'
|
NVD-CWE-noinfo
|
CVE-2011-0806
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258594
|
4.3 |
MEDIUM
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2011-0809
|
2011-04-20 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258595
|
3.5 |
LOW
|
ikiwiki
|
ikiwiki
|
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-1401
|
2011-04-20 13:00 |
2011-04-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258596
|
4.3 |
MEDIUM
|
rim
|
blackberry_enterprise_server blackberry_enterprise_server_express
|
Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-0286
|
2011-04-19 03:55 |
2011-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258597
|
3.3 |
LOW
|
redhat
|
spice-xpi
|
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictabl…
|
CWE-59
リンク解釈の問題
|
CVE-2011-0012
|
2011-04-19 02:55 |
2011-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258598
|
9.3 |
HIGH
|
honeywell
|
scanserver_activex_control
|
Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.
|
CWE-399
リソース管理の問題
|
CVE-2011-0331
|
2011-04-9 12:32 |
2011-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258599
|
7.9 |
HIGH
|
cisco
|
adaptive_security_appliance_software 5500_series_adaptive_security_appliance asa_5500 telepresence_multipoint_switch_software telepresence_multipoint_switch telepresence_system_softwar…
|
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; …
|
CWE-119
バッファエラー
|
CVE-2011-0379
|
2011-04-9 12:32 |
2011-02-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258600
|
10.0 |
HIGH
|
cisco
|
telepresence_recording_server_software telepresence_recording_server
|
The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "co…
|
CWE-78
OSコマンド・インジェクション
|
CVE-2011-0382
|
2011-04-9 12:32 |
2011-02-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|