|
296491
|
- |
|
newgensoft
|
omnidocs
|
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a m…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-3645
|
2024-11-21 10:30 |
2011-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296492
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to b…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3578
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296493
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3358
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296494
|
- |
|
mantisbt
|
mantisbt
|
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parame…
|
CWE-22
Path Traversal
|
CVE-2011-3357
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296495
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrate…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3356
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296496
|
- |
|
cisco
|
identity_services_engine
identity_services_engine_software
|
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via…
|
CWE-255
Credentials Management
|
CVE-2011-3290
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296497
|
- |
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
|
CWE-287
Improper Authentication
|
CVE-2011-3577
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296498
|
- |
|
wireshark
|
wireshark
|
The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2011-3484
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296499
|
- |
|
wireshark
|
wireshark
|
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-3483
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296500
|
- |
|
wireshark
|
wireshark
|
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers t…
|
CWE-399
Resource Management Errors
|
CVE-2011-3482
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
