|
296561
|
9.8 |
CRITICAL
Network
|
jcow
|
jcow_cms
|
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
|
CWE-20
Improper Input Validation
|
CVE-2011-3203
|
2024-11-21 10:29 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296562
|
5.5 |
MEDIUM
Local
|
linuxfoundation
debian
fedoraproject
|
foomatic-filters
debian_linux
fedora
|
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a loc…
|
CWE-59
Link Following
|
CVE-2011-2924
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296563
|
5.5 |
MEDIUM
Local
|
linuxfoundation
debian
|
foomatic-filters
debian_linux
|
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local …
|
CWE-59
Link Following
|
CVE-2011-2923
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296564
|
7.8 |
HIGH
Local
|
ktsuss_project
|
ktsuss
|
ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execut…
|
CWE-20
Improper Input Validation
|
CVE-2011-2922
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296565
|
9.8 |
CRITICAL
Network
|
ktsuss_project
|
ktsuss
|
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2011-2921
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296566
|
5.5 |
MEDIUM
Local
|
qtnx_project
|
qtnx
|
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key u…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2011-2916
|
2024-11-21 10:29 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296567
|
6.7 |
MEDIUM
Local
|
linux-ax25
debian
|
ax25-tools
debian_linux
|
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would …
|
CWE-269
Improper Privilege Management
|
CVE-2011-2910
|
2024-11-21 10:29 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296568
|
9.8 |
CRITICAL
Network
|
elgg
|
elgg
|
Elgg through 1.7.10 has a SQL injection vulnerability
|
CWE-89
SQL Injection
|
CVE-2011-2936
|
2024-11-21 10:29 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296569
|
6.1 |
MEDIUM
Network
|
elgg
|
elgg
|
Elgg through 1.7.10 has XSS
|
CWE-79
Cross-site Scripting
|
CVE-2011-2935
|
2024-11-21 10:29 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296570
|
9.8 |
CRITICAL
Network
|
gnome
redhat
debian
|
gdk-pixbuf
enterprise_linux
debian_linux
|
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
|
CWE-20
Improper Input Validation
|
CVE-2011-2897
|
2024-11-21 10:29 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
