|
299291
|
- |
|
php
|
php
|
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent…
|
CWE-20
Improper Input Validation
|
CVE-2011-0752
|
2024-11-21 10:24 |
2011-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299292
|
- |
|
novell
|
zenworks_handheld_management
|
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-0742
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299293
|
- |
|
modxcms
|
evolution
|
Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.
|
CWE-79
Cross-site Scripting
|
CVE-2011-0741
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299294
|
- |
|
pleer
|
rss_feed_reader
|
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url para…
|
CWE-79
Cross-site Scripting
|
CVE-2011-0740
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299295
|
- |
|
mikel_lindsaar
|
mail
|
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell…
|
CWE-20
Improper Input Validation
|
CVE-2011-0739
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299296
|
- |
|
ncsa
globus
|
myproxy
globus_toolkit
|
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote …
|
CWE-20
Improper Input Validation
|
CVE-2011-0738
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299297
|
- |
|
adobe
|
coldfusion
|
Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the v…
|
CWE-200
Information Exposure
|
CVE-2011-0737
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299298
|
- |
|
adobe
|
coldfusion
|
Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id…
|
CWE-200
Information Exposure
|
CVE-2011-0736
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299299
|
- |
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."
|
CWE-79
Cross-site Scripting
|
CVE-2011-0735
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299300
|
- |
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event …
|
CWE-79
Cross-site Scripting
|
CVE-2011-0734
|
2024-11-21 10:24 |
2011-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
