|
297401
|
- |
|
nicholas_thompson
|
node_quick_find
|
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1661
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297402
|
- |
|
grapecity
|
data_dynamics_reports
|
Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2011-1660
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297403
|
- |
|
gnu
|
glibc
|
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 stri…
|
CWE-189
Numeric Errors
|
CVE-2011-1659
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297404
|
- |
|
gnu
|
glibc
|
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileg…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1658
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297405
|
- |
|
roundcube
|
webmail
|
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote au…
|
CWE-20
Improper Input Validation
|
CVE-2011-1492
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297406
|
- |
|
roundcube
|
webmail
|
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensit…
|
CWE-20
Improper Input Validation
|
CVE-2011-1491
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297407
|
- |
|
apache
|
tomcat
|
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circu…
|
CWE-20
Improper Input Validation
|
CVE-2011-1475
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297408
|
- |
|
microsoft
|
windows_7
|
The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and…
|
CWE-16
Configuration
|
CVE-2011-1652
|
2024-11-21 10:26 |
2011-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297409
|
- |
|
realnetworks
|
realplayer
|
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary co…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-1525
|
2024-11-21 10:26 |
2011-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297410
|
- |
|
douran
|
portal
|
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileN…
|
CWE-200
Information Exposure
|
CVE-2011-1569
|
2024-11-21 10:26 |
2011-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
