|
299801
|
- |
|
suse
|
studio_extension_for_system_z
studio_onsite
kiwi
|
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in…
|
NVD-CWE-Other
|
CVE-2011-3180
|
2024-11-21 10:29 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299802
|
- |
|
gplhost
|
domain_technologie_control
|
Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3199
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299803
|
- |
|
gplhost
|
domain_technologie_control
|
Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its argum…
|
CWE-255
Credentials Management
|
CVE-2011-3198
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299804
|
- |
|
gplhost
|
domain_technologie_control
|
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain…
|
CWE-89
SQL Injection
|
CVE-2011-3197
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299805
|
- |
|
gplhost
|
domain_technologie_control
|
The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by r…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-3196
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299806
|
- |
|
gplhost
|
domain_technologie_control
|
shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
|
CWE-20
Improper Input Validation
|
CVE-2011-3195
|
2024-11-21 10:29 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299807
|
- |
|
canonical
robert_ancell
|
ubuntu_linux
lightdm
|
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
|
CWE-59
Link Following
|
CVE-2011-3153
|
2024-11-21 10:29 |
2014-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299808
|
- |
|
redhat
|
jboss_enterprise_portal_platform
|
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ini…
|
CWE-20
Improper Input Validation
|
CVE-2011-2941
|
2024-11-21 10:29 |
2014-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299809
|
- |
|
linux
|
linux_kernel
|
The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string.
|
CWE-200
Information Exposure
|
CVE-2011-2909
|
2024-11-21 10:29 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299810
|
- |
|
redhat
|
spacewalk
network_satellite
|
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to …
|
CWE-79
Cross-site Scripting
|
CVE-2011-2927
|
2024-11-21 10:29 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
