|
298071
|
- |
|
lockon
|
ec-cube
|
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2011-3988
|
2024-11-21 10:31 |
2011-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298072
|
- |
|
asterisk
|
open_source
|
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authent…
|
CWE-20
Improper Input Validation
|
CVE-2011-4063
|
2024-11-21 10:31 |
2011-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298073
|
- |
|
mit
|
kerberos_5
|
The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to ca…
|
CWE-20
Improper Input Validation
|
CVE-2011-4151
|
2024-11-21 10:31 |
2011-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298074
|
- |
|
djangoproject
|
django
|
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers …
|
CWE-352
Origin Validation Error
|
CVE-2011-4140
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298075
|
- |
|
djangoproject
|
django
|
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a c…
|
CWE-20
Improper Input Validation
|
CVE-2011-4139
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298076
|
- |
|
djangoproject
|
django
|
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for …
|
CWE-20
Improper Input Validation
|
CVE-2011-4138
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298077
|
- |
|
djangoproject
|
django
|
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which …
|
CWE-399
Resource Management Errors
|
CVE-2011-4137
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298078
|
- |
|
djangoproject
|
django
|
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which …
|
CWE-20
Improper Input Validation
|
CVE-2011-4136
|
2024-11-21 10:31 |
2011-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298079
|
- |
|
freebsd
|
freebsd
|
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4062
|
2024-11-21 10:31 |
2011-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298080
|
- |
|
ibm
|
db2
tivoli_monitoring_for_databases
|
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain…
|
NVD-CWE-Other
|
CVE-2011-4061
|
2024-11-21 10:31 |
2011-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
