|
298631
|
6.1 |
MEDIUM
Network
|
phpshop
|
phpshop
|
PHPShop through 0.8.1 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1069
|
2024-11-21 10:25 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298632
|
6.1 |
MEDIUM
Network
|
vanillaforums
|
vanilla
|
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1009
|
2024-11-21 10:25 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298633
|
9.8 |
CRITICAL
Network
|
smarty
debian
|
smarty
debian_linux
|
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
|
CWE-20
Improper Input Validation
|
CVE-2011-1028
|
2024-11-21 10:25 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298634
|
7.8 |
HIGH
Local
|
unixodbc
debian
opensuse
redhat
|
unixodbc
debian_linux
opensuse
enterprise_linux
|
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
|
CWE-120
Classic Buffer Overflow
|
CVE-2011-1145
|
2024-11-21 10:25 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298635
|
4.7 |
MEDIUM
Local
|
tesseract_project
debian
|
tesseract
debian_linux
|
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
|
CWE-59
Link Following
|
CVE-2011-1136
|
2024-11-21 10:25 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298636
|
7.8 |
HIGH
Local
|
v86d_project
debian
|
v86d
debian_linux
|
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
|
CWE-863
Incorrect Authorization
|
CVE-2011-1070
|
2024-11-21 10:25 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298637
|
6.1 |
MEDIUM
Network
|
s9y
|
serendipity
|
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/Imag…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1135
|
2024-11-21 10:25 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298638
|
9.8 |
CRITICAL
Network
|
s9y
|
serendipity
|
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2011-1134
|
2024-11-21 10:25 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298639
|
6.1 |
MEDIUM
Network
|
s9y
|
serendipity
|
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1133
|
2024-11-21 10:25 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298640
|
- |
|
novell
|
suse_lifecycle_management_server
|
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-0993
|
2024-11-21 10:25 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
