|
296181
|
9.8 |
CRITICAL
Network
|
guidestar
|
wec_discussion_forum
|
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
|
CWE-89
SQL Injection
|
CVE-2011-3584
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296182
|
9.8 |
CRITICAL
Network
|
typo3
|
typo3
|
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only …
|
CWE-89
SQL Injection
|
CVE-2011-3583
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296183
|
3.7 |
LOW
Network
|
debian
|
advanced_package_tool
debian_linux
|
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2011-3374
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296184
|
6.1 |
MEDIUM
Network
|
drupal
|
views_builk_operations
|
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3373
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296185
|
7.3 |
HIGH
Network
|
gnome
|
evolution-data-server3
|
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server.…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2011-3355
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296186
|
7.1 |
HIGH
Local
|
openvas
|
openvas-scanner
|
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this fla…
|
CWE-59
Link Following
|
CVE-2011-3351
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296187
|
4.8 |
MEDIUM
Network
|
ziku
|
zikula
|
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula adm…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3352
|
2024-11-21 10:30 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296188
|
9.8 |
CRITICAL
Network
|
marmaro
|
masqmail
|
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2011-3350
|
2024-11-21 10:30 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296189
|
7.8 |
HIGH
Local
|
lightdm_project
|
lightdm
|
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can a…
|
CWE-269
Improper Privilege Management
|
CVE-2011-3349
|
2024-11-21 10:30 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296190
|
7.8 |
HIGH
Local
|
atop_project
debian
|
atop
debian_linux
|
atop: symlink attack possible due to insecure tempfile handling
|
CWE-59
Link Following
|
CVE-2011-3618
|
2024-11-21 10:30 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
