|
295981
|
- |
|
ipswitch
|
tftp_server
|
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
|
CWE-22
Path Traversal
|
CVE-2011-4722
|
2024-11-21 10:32 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295982
|
- |
|
hillstone_software
|
hs_tftp_server
|
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.
|
CWE-20
Improper Input Validation
|
CVE-2011-4720
|
2024-11-21 10:32 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295983
|
- |
|
codeasily
|
grand_flagallery
|
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2011-4624
|
2024-11-21 10:32 |
2014-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295984
|
- |
|
apache
|
myfaces
|
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .…
|
CWE-22
Path Traversal
|
CVE-2011-4367
|
2024-11-21 10:32 |
2014-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295985
|
- |
|
canonical
|
ubuntu_linux
software-properties
|
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys fo…
|
CWE-20
Improper Input Validation
|
CVE-2011-4407
|
2024-11-21 10:32 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295986
|
- |
|
canonical
|
accountsservice
ubuntu_linux
|
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4406
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295987
|
- |
|
suse
|
studio_extension_for_system_z
studio_onsite
kiwi
|
kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in…
|
NVD-CWE-Other
|
CVE-2011-4195
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295988
|
- |
|
suse
|
studio_extension_for_system_z
studio_onsite
|
Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4193
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295989
|
- |
|
suse
|
studio_extension_for_system_z
kiwi
studio_onsite
|
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double q…
|
NVD-CWE-Other
|
CVE-2011-4192
|
2024-11-21 10:32 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295990
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4573
|
2024-11-21 10:32 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
