|
297681
|
- |
|
thegr
|
dl
|
Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header.
|
CWE-287
Improper Authentication
|
CVE-2011-5253
|
2024-11-21 10:33 |
2013-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297682
|
- |
|
orchardproject
|
orchard
|
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbi…
|
CWE-20
Improper Input Validation
|
CVE-2011-5252
|
2024-11-21 10:33 |
2013-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297683
|
- |
|
vbulletin
|
vbulletin
|
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a …
|
CWE-20
Improper Input Validation
|
CVE-2011-5251
|
2024-11-21 10:33 |
2013-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297684
|
- |
|
redhat
|
resteasy
|
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Bi…
|
CWE-200
Information Exposure
|
CVE-2011-5245
|
2024-11-21 10:33 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297685
|
- |
|
tetex
gnome
t1lib
|
tetex
evince
t1lib
|
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote at…
|
CWE-189
Numeric Errors
|
CVE-2011-5244
|
2024-11-21 10:33 |
2012-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297686
|
- |
|
abraham_williams
|
twitteroauth
|
TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacker…
|
CWE-20
Improper Input Validation
|
CVE-2011-5243
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297687
|
- |
|
themattharris
|
tmhoauth
|
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle …
|
CWE-20
Improper Input Validation
|
CVE-2011-5242
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297688
|
- |
|
services_twitter_group
|
services_twitter
|
Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…
|
CWE-20
Improper Input Validation
|
CVE-2011-5241
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297689
|
- |
|
magentocommerce
|
magento
|
Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle…
|
CWE-20
Improper Input Validation
|
CVE-2011-5240
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297690
|
- |
|
civicrm
|
civicrm
|
CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…
|
CWE-20
Improper Input Validation
|
CVE-2011-5239
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
