|
298141
|
- |
|
smartertools
|
smarterstats
|
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discov…
|
CWE-200
Information Exposure
|
CVE-2011-2153
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298142
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups…
|
CWE-200
Information Exposure
|
CVE-2011-2152
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298143
|
- |
|
smartertools
|
smarterstats
|
The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web s…
|
CWE-310
Cryptographic Issues
|
CVE-2011-2151
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298144
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsin…
|
CWE-20
Improper Input Validation
|
CVE-2011-2150
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298145
|
- |
|
smartertools
|
smarterstats
|
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) D…
|
CWE-89
SQL Injection
|
CVE-2011-2149
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298146
|
- |
|
openswan
|
openswan
|
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2147
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298147
|
- |
|
tibco
|
iprocess_engine
iprocess_workspace
|
Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2011-2021
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298148
|
- |
|
tibco
|
iprocess_engine
iprocess_workspace
|
Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2020
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298149
|
- |
|
smartertools
|
smarterstats
|
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) …
|
CWE-78
OS Command
|
CVE-2011-2148
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298150
|
- |
|
twiki
|
twiki
|
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view scr…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1838
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
