|
297341
|
- |
|
mediawiki
|
mediawiki
|
The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafte…
|
CWE-20
Improper Input Validation
|
CVE-2011-1580
|
2024-11-21 10:26 |
2011-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297342
|
- |
|
mediawiki
|
mediawiki
|
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attacker…
|
CWE-20
Improper Input Validation
|
CVE-2011-1579
|
2024-11-21 10:26 |
2011-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297343
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file a…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1578
|
2024-11-21 10:26 |
2011-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297344
|
- |
|
digium
|
asterisk
|
Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number …
|
CWE-399
Resource Management Errors
|
CVE-2011-1507
|
2024-11-21 10:26 |
2011-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297345
|
- |
|
bestpractical
|
rt
|
Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2011-1690
|
2024-11-21 10:26 |
2011-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297346
|
- |
|
bestpractical
|
rt
|
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1689
|
2024-11-21 10:26 |
2011-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297347
|
- |
|
bestpractical
|
rt
|
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted …
|
CWE-22
Path Traversal
|
CVE-2011-1688
|
2024-11-21 10:26 |
2011-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297348
|
- |
|
bestpractical
|
rt
|
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as…
|
CWE-200
Information Exposure
|
CVE-2011-1687
|
2024-11-21 10:26 |
2011-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297349
|
- |
|
bestpractical
|
rt
|
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL…
|
CWE-89
SQL Injection
|
CVE-2011-1686
|
2024-11-21 10:26 |
2011-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297350
|
- |
|
bestpractical
|
rt
|
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to exe…
|
CWE-352
Origin Validation Error
|
CVE-2011-1685
|
2024-11-21 10:26 |
2011-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
