|
299711
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3358
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299712
|
- |
|
mantisbt
|
mantisbt
|
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parame…
|
CWE-22
Path Traversal
|
CVE-2011-3357
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299713
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrate…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3356
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299714
|
- |
|
cisco
|
identity_services_engine
identity_services_engine_software
|
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via…
|
CWE-255
Credentials Management
|
CVE-2011-3290
|
2024-11-21 10:30 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299715
|
- |
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
|
CWE-287
Improper Authentication
|
CVE-2011-3577
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299716
|
- |
|
wireshark
|
wireshark
|
The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2011-3484
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299717
|
- |
|
wireshark
|
wireshark
|
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-3483
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299718
|
- |
|
wireshark
|
wireshark
|
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers t…
|
CWE-399
Resource Management Errors
|
CVE-2011-3482
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299719
|
- |
|
wireshark
|
wireshark
|
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
|
NVD-CWE-Other
|
CVE-2011-3360
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299720
|
- |
|
apache
redhat
|
http_server
jboss_enterprise_web_server
|
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error s…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2011-3348
|
2024-11-21 10:30 |
2011-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
