|
294741
|
- |
|
zenprise
|
zenprise_device_manager
|
Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2011-4498
|
2024-11-21 10:32 |
2011-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294742
|
- |
|
asus
|
rt-n56u_firmware
rt-n56u
|
QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.
|
CWE-200
Information Exposure
|
CVE-2011-4497
|
2024-11-21 10:32 |
2011-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294743
|
- |
|
aviosoft
|
dtv_player
|
Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4496
|
2024-11-21 10:32 |
2011-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294744
|
- |
|
ibm
|
lotus_mobile_connect
|
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4465
|
2024-11-21 10:32 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294745
|
- |
|
vmware
|
vcenter_update_manager
|
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directo…
|
CWE-16
Configuration
|
CVE-2011-4404
|
2024-11-21 10:32 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294746
|
- |
|
montala
|
resourcespace
|
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2011-4311
|
2024-11-21 10:32 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294747
|
- |
|
owasp-java-html-sanitizer_project
|
owasp-java-html-sanitizer
|
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM eleme…
|
CWE-200
Information Exposure
|
CVE-2011-4457
|
2024-11-21 10:32 |
2011-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294748
|
- |
|
dell
|
kace_k2000_systems_deployment_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4436
|
2024-11-21 10:32 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294749
|
- |
|
ibm
|
db2_tools_for_z\/os
|
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4435
|
2024-11-21 10:32 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294750
|
- |
|
microsoft
|
windows_server_2008
windows_7
|
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4434
|
2024-11-21 10:32 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
