|
301661
|
- |
|
metaways
|
tine
|
Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the f…
|
CWE-200
Information Exposure
|
CVE-2011-1666
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301662
|
- |
|
phpboost
|
phpboost
|
PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1665
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301663
|
- |
|
icanlocalize
|
translation_management
|
Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unk…
|
CWE-352
Origin Validation Error
|
CVE-2011-1664
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301664
|
- |
|
icanlocalize
|
translation_management
|
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2011-1663
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301665
|
- |
|
icanlocalize
|
translation_management
|
Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1662
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301666
|
- |
|
nicholas_thompson
|
node_quick_find
|
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1661
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301667
|
- |
|
grapecity
|
data_dynamics_reports
|
Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2011-1660
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301668
|
- |
|
gnu
|
glibc
|
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 stri…
|
CWE-189
Numeric Errors
|
CVE-2011-1659
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301669
|
- |
|
gnu
|
glibc
|
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileg…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1658
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301670
|
- |
|
roundcube
|
webmail
|
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote au…
|
CWE-20
Improper Input Validation
|
CVE-2011-1492
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
