|
296531
|
7.5 |
HIGH
Network
|
apache
|
ofbiz
|
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of fi…
|
CWE-611
XXE
|
CVE-2011-3600
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296532
|
8.8 |
HIGH
Network
|
hardlink_project
redhat
debian
|
hardlink
enterprise_linux
debian_linux
|
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2011-3631
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296533
|
8.8 |
HIGH
Network
|
hardlink_project
redhat
debian
|
hardlink
enterprise_linux
debian_linux
|
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a special…
|
CWE-787
Out-of-bounds Write
|
CVE-2011-3630
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296534
|
7.5 |
HIGH
Network
|
polipo_project
debian
|
polipo
debian_linux
|
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.
|
CWE-617
Reachable Assertion
|
CVE-2011-3596
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296535
|
9.8 |
CRITICAL
Network
|
guidestar
|
wec_discussion_forum
|
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
|
CWE-89
SQL Injection
|
CVE-2011-3584
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296536
|
9.8 |
CRITICAL
Network
|
typo3
|
typo3
|
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only …
|
CWE-89
SQL Injection
|
CVE-2011-3583
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296537
|
3.7 |
LOW
Network
|
debian
|
advanced_package_tool
debian_linux
|
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2011-3374
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296538
|
6.1 |
MEDIUM
Network
|
drupal
|
views_builk_operations
|
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3373
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296539
|
7.3 |
HIGH
Network
|
gnome
|
evolution-data-server3
|
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server.…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2011-3355
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296540
|
7.1 |
HIGH
Local
|
openvas
|
openvas-scanner
|
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this fla…
|
CWE-59
Link Following
|
CVE-2011-3351
|
2024-11-21 10:30 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
