|
294251
|
- |
|
sopcast
|
sopcast
|
SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5044
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294252
|
- |
|
tomatosoft
|
free_mp3_player
|
TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow.
|
CWE-20
Improper Input Validation
|
CVE-2011-5043
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294253
|
- |
|
gphemsley
|
sasha
|
Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter. NOTE: the original discl…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5042
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294254
|
- |
|
pulsecms
|
pulse_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id par…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5041
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294255
|
- |
|
infoproject
|
biznis_heroj
|
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2)…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5040
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294256
|
- |
|
infoproject
|
biznis_heroj
|
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filt…
|
CWE-89
SQL Injection
|
CVE-2011-5039
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294257
|
- |
|
hitcode
|
hitappoint
|
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance …
|
CWE-89
SQL Injection
|
CVE-2011-5038
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294258
|
- |
|
google
|
v8
|
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption)…
|
CWE-20
Improper Input Validation
|
CVE-2011-5037
|
2024-11-21 10:33 |
2011-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294259
|
- |
|
rack_project
|
rack
|
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote atta…
|
CWE-310
Cryptographic Issues
|
CVE-2011-5036
|
2024-11-21 10:33 |
2011-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294260
|
- |
|
oracle
|
glassfish_server
|
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters w…
|
CWE-20
Improper Input Validation
|
CVE-2011-5035
|
2024-11-21 10:33 |
2011-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
