|
299251
|
- |
|
tembria
|
server_monitor
|
Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1)…
|
CWE-310
Cryptographic Issues
|
CVE-2011-3685
|
2024-11-21 10:30 |
2011-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299252
|
- |
|
tembria
|
server_monitor
|
Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to log…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3684
|
2024-11-21 10:30 |
2011-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299253
|
- |
|
newgensoft
|
omnidocs
|
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a m…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-3645
|
2024-11-21 10:30 |
2011-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299254
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to b…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3578
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299255
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3358
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299256
|
- |
|
mantisbt
|
mantisbt
|
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parame…
|
CWE-22
Path Traversal
|
CVE-2011-3357
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299257
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrate…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3356
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299258
|
- |
|
cisco
|
identity_services_engine
identity_services_engine_software
|
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via…
|
CWE-255
Credentials Management
|
CVE-2011-3290
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299259
|
- |
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
|
CWE-287
Improper Authentication
|
CVE-2011-3577
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299260
|
- |
|
wireshark
|
wireshark
|
The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2011-3484
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
