|
296901
|
7.8 |
HIGH
Local
|
redhat
fedoraproject
|
system-config-firewall
fedora
|
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privil…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2011-2520
|
2024-11-21 10:28 |
2011-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296902
|
- |
|
chyrp
|
chyrp
|
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability t…
|
CWE-22
Path Traversal
|
CVE-2011-2780
|
2024-11-21 10:28 |
2011-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296903
|
- |
|
hp
|
arcsight_c5400_appliance
arcsight_c5200_appliance
arcsight_c3200_appliance
arcsight_c3400_appliance
arcsight_c1300_appliance
arcsight_c1000_appliance
windows_event_log_smartconnector
|
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2779
|
2024-11-21 10:28 |
2011-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296904
|
- |
|
chyrp
|
chyrp
|
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2743
|
2024-11-21 10:28 |
2011-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296905
|
- |
|
chyrp
|
chyrp
|
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the defa…
|
CWE-22
Path Traversal
|
CVE-2011-2744
|
2024-11-21 10:28 |
2011-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296906
|
- |
|
plone
zope
|
plone_hotfix_20110720
plone
zope
|
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privi…
|
NVD-CWE-noinfo
|
CVE-2011-2528
|
2024-11-21 10:28 |
2011-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296907
|
- |
|
otrs
|
iphonehandle
otrs
|
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2385
|
2024-11-21 10:28 |
2011-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296908
|
- |
|
google
|
chrome
|
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via …
|
CWE-399
Resource Management Errors
|
CVE-2011-2761
|
2024-11-21 10:28 |
2011-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296909
|
- |
|
brocade
|
bigiron_rx_switch
|
Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2760
|
2024-11-21 10:28 |
2011-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296910
|
- |
|
ibm
|
tivoli_directory_server
|
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication field…
|
CWE-200
Information Exposure
|
CVE-2011-2759
|
2024-11-21 10:28 |
2011-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
