|
295351
|
9.8 |
CRITICAL
Network
|
packetfence
|
packetfence
|
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
|
CWE-90
LDAP Injection
|
CVE-2011-4069
|
2024-11-21 10:31 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295352
|
9.8 |
CRITICAL
Network
|
packetfence
|
packetfence
|
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
|
CWE-287
Improper Authentication
|
CVE-2011-4068
|
2024-11-21 10:31 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295353
|
- |
|
djangoproject
|
tastypie
|
The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to …
|
CWE-20
Improper Input Validation
|
CVE-2011-4104
|
2024-11-21 10:31 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295354
|
- |
|
djangoproject
|
piston
|
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the y…
|
CWE-20
Improper Input Validation
|
CVE-2011-4103
|
2024-11-21 10:31 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295355
|
- |
|
bzip
|
bzip2
|
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by prec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4089
|
2024-11-21 10:31 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295356
|
- |
|
redhat
qemu
|
enterprise_linux_server_supplementary
enterprise_linux
qemu
|
Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) an…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4111
|
2024-11-21 10:31 |
2014-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295357
|
- |
|
redhat
|
sos
|
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4083
|
2024-11-21 10:31 |
2014-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295358
|
- |
|
oracle
armin_burgmeier
opensuse_project
opensuse
|
solaris
net6
opensuse
|
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections un…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2011-4093
|
2024-11-21 10:31 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295359
|
- |
|
ubuntu_developers
|
obby
|
obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate.
|
CWE-20
Improper Input Validation
|
CVE-2011-4092
|
2024-11-21 10:31 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295360
|
- |
|
opensuse
oracle
armin_burgmeier
|
opensuse
solaris
net6
|
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information s…
|
CWE-287
Improper Authentication
|
CVE-2011-4091
|
2024-11-21 10:31 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
