|
302051
|
- |
|
icanlocalize
|
translation_management
|
Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unk…
|
CWE-352
Origin Validation Error
|
CVE-2011-1664
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302052
|
- |
|
icanlocalize
|
translation_management
|
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2011-1663
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302053
|
- |
|
icanlocalize
|
translation_management
|
Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1662
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302054
|
- |
|
nicholas_thompson
|
node_quick_find
|
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1661
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302055
|
- |
|
grapecity
|
data_dynamics_reports
|
Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2011-1660
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302056
|
- |
|
gnu
|
glibc
|
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 stri…
|
CWE-189
Numeric Errors
|
CVE-2011-1659
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302057
|
- |
|
gnu
|
glibc
|
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileg…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1658
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302058
|
- |
|
roundcube
|
webmail
|
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote au…
|
CWE-20
Improper Input Validation
|
CVE-2011-1492
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302059
|
- |
|
roundcube
|
webmail
|
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensit…
|
CWE-20
Improper Input Validation
|
CVE-2011-1491
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302060
|
- |
|
apache
|
tomcat
|
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circu…
|
CWE-20
Improper Input Validation
|
CVE-2011-1475
|
2024-11-21 10:26 |
2011-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
