|
295301
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolin…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4626
|
2024-11-21 10:32 |
2019-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295302
|
7.5 |
HIGH
Network
|
simplesamlphp
debian
|
simplesamlphp
debian_linux
|
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2011-4625
|
2024-11-21 10:32 |
2019-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295303
|
8.8 |
HIGH
Network
|
labwiki_project
|
labwiki
|
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the use…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2011-4334
|
2024-11-21 10:32 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295304
|
6.1 |
MEDIUM
Network
|
scilico
|
labwiki
|
Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4333
|
2024-11-21 10:32 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295305
|
5.9 |
MEDIUM
Network
|
cisco
|
ios
nx-os
|
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4667
|
2024-11-21 10:32 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295306
|
7.5 |
HIGH
Network
|
apache
|
myfaces
|
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
|
CWE-200
Information Exposure
|
CVE-2011-4343
|
2024-11-21 10:32 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295307
|
7.5 |
HIGH
Network
|
cisco
|
data_center_network_manager
|
Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then th…
|
CWE-399
Resource Management Errors
|
CVE-2011-4650
|
2024-11-21 10:32 |
2017-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295308
|
5.9 |
MEDIUM
Network
|
canonical
redhat
|
ubuntu_linux
libvirt
|
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow rem…
|
CWE-284
Improper Access Control
|
CVE-2011-4600
|
2024-11-21 10:32 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295309
|
- |
|
zen-cart
|
zen_cart
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete…
|
CWE-352
Origin Validation Error
|
CVE-2011-4403
|
2024-11-21 10:32 |
2015-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295310
|
- |
|
ipswitch
|
tftp_server
|
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
|
CWE-22
Path Traversal
|
CVE-2011-4722
|
2024-11-21 10:32 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
