|
297691
|
- |
|
opera
|
opera_browser
|
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Sa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4681
|
2024-11-21 10:32 |
2011-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297692
|
- |
|
vtiger
|
vtiger_crm
|
Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4680
|
2024-11-21 10:32 |
2011-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297693
|
- |
|
vtiger
|
vtiger_crm
|
vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a pre…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4679
|
2024-11-21 10:32 |
2011-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297694
|
- |
|
apc
|
powerchute
|
Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4263
|
2024-11-21 10:32 |
2011-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297695
|
- |
|
oneclickorgs
|
one_click_orgs
|
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attac…
|
CWE-255
Credentials Management
|
CVE-2011-4678
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297696
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2011-4677
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297697
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comme…
|
CWE-255
Credentials Management
|
CVE-2011-4555
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297698
|
- |
|
oneclickorgs
|
one_click_orgs
|
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e…
|
CWE-20
Improper Input Validation
|
CVE-2011-4554
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297699
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and…
|
CWE-20
Improper Input Validation
|
CVE-2011-4553
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297700
|
- |
|
oneclickorgs
|
one_click_orgs
|
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4552
|
2024-11-21 10:32 |
2011-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
