|
300531
|
- |
|
cisco
|
sa500_software
sa520
sa520w
sa540
|
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2547
|
2024-11-21 10:28 |
2011-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300532
|
- |
|
cisco
|
sa500_software
sa520
sa520w
sa540
|
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via …
|
CWE-89
SQL Injection
|
CVE-2011-2546
|
2024-11-21 10:28 |
2011-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300533
|
- |
|
linux
redhat
|
linux_kernel
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_desktop
enterprise_linux_eus
enterprise_linux_aus
|
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memor…
|
CWE-200
Information Exposure
|
CVE-2011-2492
|
2024-11-21 10:28 |
2011-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300534
|
- |
|
google
|
picasa
|
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
|
CWE-94
Code Injection
|
CVE-2011-2747
|
2024-11-21 10:28 |
2011-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300535
|
- |
|
mod_authnz_external_project
debian
|
mod_authnz_external
debian_linux
|
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the use…
|
CWE-89
SQL Injection
|
CVE-2011-2688
|
2024-11-21 10:28 |
2011-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300536
|
- |
|
joomla
|
joomla\!
|
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable throug…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2710
|
2024-11-21 10:28 |
2011-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300537
|
- |
|
joomla
|
joomla\!
|
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2011-2488
|
2024-11-21 10:28 |
2011-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300538
|
- |
|
chyrp
|
chyrp
|
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2745
|
2024-11-21 10:28 |
2011-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300539
|
- |
|
mega-nerd
|
libsndfile
|
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file th…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-2696
|
2024-11-21 10:28 |
2011-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300540
|
- |
|
drupal
|
drupal
|
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2687
|
2024-11-21 10:28 |
2011-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
