|
294501
|
- |
|
phpalbum
|
phpalbum
|
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
|
CWE-22
Path Traversal
|
CVE-2011-4807
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294502
|
- |
|
phpalbum
|
phpalbum
|
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4806
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294503
|
- |
|
sap
|
crystal_reports_server
|
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4805
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294504
|
- |
|
foobla
|
com_obsuggest
|
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to i…
|
CWE-22
Path Traversal
|
CVE-2011-4804
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294505
|
- |
|
bravenewcode
|
wptouch
|
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2011-4803
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294506
|
- |
|
dolibarr
|
dolibarr_erp\/crm
|
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall …
|
CWE-89
SQL Injection
|
CVE-2011-4802
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294507
|
- |
|
authenex
|
authenex_strong_authentication_system_server
|
SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute …
|
CWE-89
SQL Injection
|
CVE-2011-4801
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294508
|
- |
|
solarwinds
|
serv-u_file_server
|
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (do…
|
CWE-22
Path Traversal
|
CVE-2011-4800
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294509
|
9.8 |
CRITICAL
Network
|
polarssl
|
polarssl
|
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). T…
|
-
|
CVE-2011-4574
|
2024-11-21 10:32 |
2021-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294510
|
5.3 |
MEDIUM
Network
|
lexmark
|
x860_firmware
x862_firmware
x864_firmware
x734_firmware
x736_firmware
x738_firmware
x651_firmware
x652_firmware
x654_firmware
x656_firmware
x658_firmware
x543_firmwar…
|
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.
|
CWE-200
Information Exposure
|
CVE-2011-4538
|
2024-11-21 10:32 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
