|
299341
|
7.8 |
HIGH
Local
|
yast
|
yast2
|
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless network…
|
CWE-200
Information Exposure
|
CVE-2011-3177
|
2024-11-21 10:29 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299342
|
- |
|
megalab
|
the_uploader
|
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
CWE-89
SQL Injection
|
CVE-2011-2944
|
2024-11-21 10:29 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299343
|
- |
|
canonical
|
ubuntu_linux
update-manager
|
DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25…
|
CWE-310
Cryptographic Issues
|
CVE-2011-3152
|
2024-11-21 10:29 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299344
|
- |
|
canonical
|
ubuntu_linux
update-manager
|
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 d…
|
CWE-59
Link Following
|
CVE-2011-3154
|
2024-11-21 10:29 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299345
|
- |
|
suse
|
studio_extension_for_system_z
studio_onsite
kiwi
|
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in…
|
NVD-CWE-Other
|
CVE-2011-3180
|
2024-11-21 10:29 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299346
|
- |
|
gplhost
|
domain_technologie_control
|
Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3199
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299347
|
- |
|
gplhost
|
domain_technologie_control
|
Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its argum…
|
CWE-255
Credentials Management
|
CVE-2011-3198
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299348
|
- |
|
gplhost
|
domain_technologie_control
|
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain…
|
CWE-89
SQL Injection
|
CVE-2011-3197
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299349
|
- |
|
gplhost
|
domain_technologie_control
|
The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by r…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-3196
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299350
|
- |
|
gplhost
|
domain_technologie_control
|
shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
|
CWE-20
Improper Input Validation
|
CVE-2011-3195
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
