|
294361
|
8.8 |
HIGH
Network
|
labwiki_project
|
labwiki
|
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the use…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2011-4334
|
2024-11-21 10:32 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294362
|
6.1 |
MEDIUM
Network
|
scilico
|
labwiki
|
Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4333
|
2024-11-21 10:32 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294363
|
5.9 |
MEDIUM
Network
|
cisco
|
ios
nx-os
|
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4667
|
2024-11-21 10:32 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294364
|
7.5 |
HIGH
Network
|
apache
|
myfaces
|
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
|
CWE-200
Information Exposure
|
CVE-2011-4343
|
2024-11-21 10:32 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294365
|
7.5 |
HIGH
Network
|
cisco
|
data_center_network_manager
|
Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then th…
|
CWE-399
Resource Management Errors
|
CVE-2011-4650
|
2024-11-21 10:32 |
2017-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294366
|
5.9 |
MEDIUM
Network
|
canonical
redhat
|
ubuntu_linux
libvirt
|
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow rem…
|
CWE-284
Improper Access Control
|
CVE-2011-4600
|
2024-11-21 10:32 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294367
|
- |
|
zen-cart
|
zen_cart
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete…
|
CWE-352
Origin Validation Error
|
CVE-2011-4403
|
2024-11-21 10:32 |
2015-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294368
|
- |
|
ipswitch
|
tftp_server
|
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
|
CWE-22
Path Traversal
|
CVE-2011-4722
|
2024-11-21 10:32 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294369
|
- |
|
hillstone_software
|
hs_tftp_server
|
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.
|
CWE-20
Improper Input Validation
|
CVE-2011-4720
|
2024-11-21 10:32 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294370
|
- |
|
codeasily
|
grand_flagallery
|
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2011-4624
|
2024-11-21 10:32 |
2014-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
