|
298991
|
- |
|
ibm
|
lotus_mobile_connect
|
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4465
|
2024-11-21 10:32 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298992
|
- |
|
vmware
|
vcenter_update_manager
|
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directo…
|
CWE-16
Configuration
|
CVE-2011-4404
|
2024-11-21 10:32 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298993
|
- |
|
montala
|
resourcespace
|
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2011-4311
|
2024-11-21 10:32 |
2011-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298994
|
- |
|
owasp-java-html-sanitizer_project
|
owasp-java-html-sanitizer
|
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM eleme…
|
CWE-200
Information Exposure
|
CVE-2011-4457
|
2024-11-21 10:32 |
2011-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298995
|
- |
|
dell
|
kace_k2000_systems_deployment_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4436
|
2024-11-21 10:32 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298996
|
- |
|
ibm
|
db2_tools_for_z\/os
|
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4435
|
2024-11-21 10:32 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298997
|
- |
|
microsoft
|
windows_server_2008
windows_7
|
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4434
|
2024-11-21 10:32 |
2011-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298998
|
- |
|
merethis
|
centreon
|
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent at…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4432
|
2024-11-21 10:32 |
2011-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298999
|
- |
|
merethis
|
centreon
|
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
|
CWE-22
Path Traversal
|
CVE-2011-4431
|
2024-11-21 10:32 |
2011-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299000
|
- |
|
apache
|
http_server
|
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…
|
CWE-20
Improper Input Validation
|
CVE-2011-4415
|
2024-11-21 10:32 |
2011-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
