|
295401
|
6.5 |
MEDIUM
Network
|
redhat
|
jboss_application_server
|
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP…
|
CWE-352
Origin Validation Error
|
CVE-2011-3609
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295402
|
5.4 |
MEDIUM
Network
|
redhat
|
jboss_application_server
|
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick th…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3606
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295403
|
7.5 |
HIGH
Network
|
apache
|
ofbiz
|
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of fi…
|
CWE-611
XXE
|
CVE-2011-3600
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295404
|
8.8 |
HIGH
Network
|
hardlink_project
redhat
debian
|
hardlink
enterprise_linux
debian_linux
|
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2011-3631
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295405
|
8.8 |
HIGH
Network
|
hardlink_project
redhat
debian
|
hardlink
enterprise_linux
debian_linux
|
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a special…
|
CWE-787
Out-of-bounds Write
|
CVE-2011-3630
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295406
|
7.5 |
HIGH
Network
|
polipo_project
debian
|
polipo
debian_linux
|
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.
|
CWE-617
Reachable Assertion
|
CVE-2011-3596
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295407
|
9.8 |
CRITICAL
Network
|
guidestar
|
wec_discussion_forum
|
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
|
CWE-89
SQL Injection
|
CVE-2011-3584
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295408
|
9.8 |
CRITICAL
Network
|
typo3
|
typo3
|
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only …
|
CWE-89
SQL Injection
|
CVE-2011-3583
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295409
|
3.7 |
LOW
Network
|
debian
|
advanced_package_tool
debian_linux
|
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2011-3374
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295410
|
6.1 |
MEDIUM
Network
|
drupal
|
views_builk_operations
|
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3373
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
