|
294931
|
- |
|
apache
|
myfaces
|
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .…
|
CWE-22
Path Traversal
|
CVE-2011-4367
|
2024-11-21 10:32 |
2014-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294932
|
- |
|
canonical
|
ubuntu_linux
software-properties
|
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys fo…
|
CWE-20
Improper Input Validation
|
CVE-2011-4407
|
2024-11-21 10:32 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294933
|
- |
|
canonical
|
accountsservice
ubuntu_linux
|
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4406
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294934
|
- |
|
suse
|
studio_extension_for_system_z
studio_onsite
kiwi
|
kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in…
|
NVD-CWE-Other
|
CVE-2011-4195
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294935
|
- |
|
suse
|
studio_extension_for_system_z
studio_onsite
|
Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4193
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294936
|
- |
|
suse
|
studio_extension_for_system_z
kiwi
studio_onsite
|
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double q…
|
NVD-CWE-Other
|
CVE-2011-4192
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294937
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4573
|
2024-11-21 10:32 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294938
|
- |
|
eye
|
eye-fi_helper
|
Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. (dot dot) in the filesignature in a GetPhotoStatus request.
|
CWE-22
Path Traversal
|
CVE-2011-4696
|
2024-11-21 10:32 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294939
|
- |
|
redhat
|
jboss_enterprise_portal_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4580
|
2024-11-21 10:32 |
2014-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294940
|
- |
|
redhat
|
jboss_enterprise_application_platform
jboss_enterprise_brms_platform
jboss_communications_platform
jboss_enterprise_web_platform
|
JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attacke…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4610
|
2024-11-21 10:32 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
