|
296651
|
- |
|
asterisk
|
open_source
|
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authent…
|
CWE-20
Improper Input Validation
|
CVE-2011-4063
|
2024-11-21 10:31 |
2011-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296652
|
- |
|
mit
|
kerberos_5
|
The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to ca…
|
CWE-20
Improper Input Validation
|
CVE-2011-4151
|
2024-11-21 10:31 |
2011-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296653
|
- |
|
djangoproject
|
django
|
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers …
|
CWE-352
Origin Validation Error
|
CVE-2011-4140
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296654
|
- |
|
djangoproject
|
django
|
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a c…
|
CWE-20
Improper Input Validation
|
CVE-2011-4139
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296655
|
- |
|
djangoproject
|
django
|
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for …
|
CWE-20
Improper Input Validation
|
CVE-2011-4138
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296656
|
- |
|
djangoproject
|
django
|
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which …
|
CWE-399
Resource Management Errors
|
CVE-2011-4137
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296657
|
- |
|
djangoproject
|
django
|
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which …
|
CWE-20
Improper Input Validation
|
CVE-2011-4136
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296658
|
- |
|
freebsd
|
freebsd
|
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4062
|
2024-11-21 10:31 |
2011-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296659
|
- |
|
ibm
|
db2
tivoli_monitoring_for_databases
|
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain…
|
NVD-CWE-Other
|
CVE-2011-4061
|
2024-11-21 10:31 |
2011-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296660
|
- |
|
qnx
|
neutrino_rtos
|
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, whi…
|
CWE-59
Link Following
|
CVE-2011-4060
|
2024-11-21 10:31 |
2011-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
