|
296351
|
- |
|
sitracker
|
support_incident_tracker
|
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installati…
|
NVD-CWE-noinfo
|
CVE-2011-5075
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296352
|
- |
|
sitracker
|
support_incident_tracker
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that c…
|
CWE-352
Origin Validation Error
|
CVE-2011-5074
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296353
|
- |
|
sitracker
|
support_incident_tracker
|
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) co…
|
CWE-89
SQL Injection
|
CVE-2011-5072
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296354
|
- |
|
sitracker
|
support_incident_tracker
|
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to cont…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5073
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296355
|
- |
|
sitracker
|
support_incident_tracker
|
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php,…
|
CWE-89
SQL Injection
|
CVE-2011-5071
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296356
|
- |
|
sitracker
|
support_incident_tracker
|
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachm…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5070
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296357
|
- |
|
sitracker
|
support_incident_tracker
|
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an …
|
NVD-CWE-Other
|
CVE-2011-5069
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296358
|
- |
|
sitracker
|
support_incident_tracker
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via …
|
CWE-352
Origin Validation Error
|
CVE-2011-5068
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296359
|
- |
|
sitracker
|
support_incident_tracker
|
move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error…
|
CWE-200
Information Exposure
|
CVE-2011-5067
|
2024-11-21 10:33 |
2012-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296360
|
- |
|
tencent
|
qqpphoto
|
The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a cr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4867
|
2024-11-21 10:33 |
2012-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
