|
295951
|
- |
|
dolibarr
|
dolibarr_erp\/crm
|
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall …
|
CWE-89
SQL Injection
|
CVE-2011-4802
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295952
|
- |
|
authenex
|
authenex_strong_authentication_system_server
|
SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute …
|
CWE-89
SQL Injection
|
CVE-2011-4801
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295953
|
- |
|
solarwinds
|
serv-u_file_server
|
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (do…
|
CWE-22
Path Traversal
|
CVE-2011-4800
|
2024-11-21 10:33 |
2011-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295954
|
9.8 |
CRITICAL
Network
|
polarssl
|
polarssl
|
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). T…
|
-
|
CVE-2011-4574
|
2024-11-21 10:32 |
2021-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295955
|
5.3 |
MEDIUM
Network
|
lexmark
|
x860_firmware
x862_firmware
x864_firmware
x734_firmware
x736_firmware
x738_firmware
x651_firmware
x652_firmware
x654_firmware
x656_firmware
x658_firmware
x543_firmwar…
|
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.
|
CWE-200
Information Exposure
|
CVE-2011-4538
|
2024-11-21 10:32 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295956
|
7.8 |
HIGH
Local
|
shaman_project
|
shaman
|
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact t…
|
CWE-287
Improper Authentication
|
CVE-2011-4338
|
2024-11-21 10:32 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295957
|
7.5 |
HIGH
Network
|
cisco
|
ios
|
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2011-4661
|
2024-11-21 10:32 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295958
|
7.2 |
HIGH
Network
|
tiki
|
tiki
|
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
|
CWE-74
Injection
|
CVE-2011-4558
|
2024-11-21 10:32 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295959
|
7.5 |
HIGH
Network
|
websitebaker
|
websitebaker
|
websitebaker prior to and including 2.8.1 has an authentication error in backup module.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2011-4322
|
2024-11-21 10:32 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295960
|
6.1 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4336
|
2024-11-21 10:32 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
