|
296421
|
- |
|
f5
|
nginx
|
nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_al…
|
NVD-CWE-noinfo
|
CVE-2011-4963
|
2024-11-21 10:33 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296422
|
- |
|
avaya
|
aura_application_server_5300
|
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-5096
|
2024-11-21 10:33 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296423
|
- |
|
wordpress
|
wordpress
|
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a deni…
|
CWE-20
Improper Input Validation
|
CVE-2011-4957
|
2024-11-21 10:33 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296424
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4956
|
2024-11-21 10:33 |
2012-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296425
|
- |
|
python
|
python
|
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-T…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4940
|
2024-11-21 10:33 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296426
|
- |
|
linux
novell
|
linux_kernel
suse_linux_enterprise_server
|
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to o…
|
CWE-20
Improper Input Validation
|
CVE-2011-4914
|
2024-11-21 10:33 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296427
|
- |
|
novell
linux
|
suse_linux_enterprise_server
linux_kernel
|
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) c…
|
CWE-20
Improper Input Validation
|
CVE-2011-4913
|
2024-11-21 10:33 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296428
|
- |
|
openssl
|
openssl
|
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obt…
|
CWE-310
Cryptographic Issues
|
CVE-2011-5095
|
2024-11-21 10:33 |
2012-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296429
|
- |
|
mozilla
|
network_security_services
|
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, …
|
NVD-CWE-Other
|
CVE-2011-5094
|
2024-11-21 10:33 |
2012-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296430
|
- |
|
bestpractical
|
rt
|
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arb…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5093
|
2024-11-21 10:33 |
2012-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
