|
295131
|
- |
|
oneclickorgs
|
one_click_orgs
|
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attac…
|
CWE-255
Credentials Management
|
CVE-2011-4678
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295132
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2011-4677
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295133
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comme…
|
CWE-255
Credentials Management
|
CVE-2011-4555
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295134
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e…
|
CWE-20
Improper Input Validation
|
CVE-2011-4554
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295135
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and…
|
CWE-20
Improper Input Validation
|
CVE-2011-4553
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295136
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4552
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295137
|
- |
|
widelands
|
widelands
|
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these…
|
CWE-22
Path Traversal
|
CVE-2011-4675
|
2024-11-21 10:32 |
2011-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295138
|
- |
|
celeryproject
|
celery
|
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4356
|
2024-11-21 10:32 |
2011-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295139
|
- |
|
oscommerce
|
oscommerce
|
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) O…
|
CWE-22
Path Traversal
|
CVE-2011-4543
|
2024-11-21 10:32 |
2011-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295140
|
- |
|
zabbix
|
zabbix
|
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
|
CWE-89
SQL Injection
|
CVE-2011-4674
|
2024-11-21 10:32 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
