|
289051
|
- |
|
ibm
|
lotus_domino
lotus_notes_client
|
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authenticati…
|
NVD-CWE-Other
|
CVE-2003-0122
|
2017-12-13 02:05 |
2003-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289052
|
- |
|
puppet
|
puppet
|
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or…
|
CWE-59
Link Following
|
CVE-2010-0156
|
2017-12-9 11:29 |
2010-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289053
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2851
|
2017-12-8 06:36 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289054
|
- |
|
vtiger
|
vtiger_crm
|
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) asso…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3257
|
2017-12-8 06:36 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289055
|
- |
|
liferay
|
liferay_portal
|
Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-3742
|
2017-12-8 06:36 |
2010-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289056
|
- |
|
citrix
|
desktop_server
presentation_server
|
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these…
|
CWE-200
Information Exposure
|
CVE-2008-5107
|
2017-12-5 03:59 |
2008-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289057
|
- |
|
ipswitch
|
whatsup_professional
|
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified …
|
CWE-200
Information Exposure
|
CVE-2006-2356
|
2017-12-5 03:58 |
2006-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289058
|
- |
|
orionserver
|
orion_application_server
|
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a reque…
|
NVD-CWE-Other
|
CVE-2002-1859
|
2017-11-30 23:02 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289059
|
- |
|
orionserver
|
orion_application_server
|
Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error p…
|
CWE-79
Cross-site Scripting
|
CVE-2005-2981
|
2017-11-30 23:01 |
2005-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289060
|
- |
|
vtiger
|
vtiger_crm
|
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordte…
|
CWE-200
Information Exposure
|
CVE-2008-3458
|
2017-11-23 02:25 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
