|
296911
|
6.1 |
MEDIUM
Network
|
jcow
|
jcow_cms
|
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.
|
CWE-79
Cross-site Scripting
|
CVE-2011-3202
|
2024-11-21 10:29 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296912
|
6.1 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.
|
CWE-79
Cross-site Scripting
|
CVE-2011-3183
|
2024-11-21 10:29 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296913
|
8.8 |
HIGH
Network
|
websitebaker
|
websitebaker
|
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
|
CWE-352
Origin Validation Error
|
CVE-2011-2934
|
2024-11-21 10:29 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296914
|
7.2 |
HIGH
Network
|
websitebaker
|
websitebaker
|
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extension…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2011-2933
|
2024-11-21 10:29 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296915
|
9.8 |
CRITICAL
Network
|
jcow
|
jcow_cms
|
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
|
CWE-20
Improper Input Validation
|
CVE-2011-3203
|
2024-11-21 10:29 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296916
|
5.5 |
MEDIUM
Local
|
linuxfoundation
debian
fedoraproject
|
foomatic-filters
debian_linux
fedora
|
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a loc…
|
CWE-59
Link Following
|
CVE-2011-2924
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296917
|
5.5 |
MEDIUM
Local
|
linuxfoundation
debian
|
foomatic-filters
debian_linux
|
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local …
|
CWE-59
Link Following
|
CVE-2011-2923
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296918
|
7.8 |
HIGH
Local
|
ktsuss_project
|
ktsuss
|
ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execut…
|
CWE-20
Improper Input Validation
|
CVE-2011-2922
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296919
|
9.8 |
CRITICAL
Network
|
ktsuss_project
|
ktsuss
|
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2011-2921
|
2024-11-21 10:29 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296920
|
5.5 |
MEDIUM
Local
|
qtnx_project
|
qtnx
|
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key u…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2011-2916
|
2024-11-21 10:29 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
