|
301981
|
- |
|
pfsense
|
pfsense
|
Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-5047
|
2024-11-21 10:33 |
2012-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301982
|
- |
|
microsoft
|
windows_xp
windows_server_2008
windows_7
windows_server_2003
windows_vista
|
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, …
|
CWE-20
Improper Input Validation
|
CVE-2011-5046
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301983
|
- |
|
jjwdesign
|
php_booking_calendar
|
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-5045
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301984
|
- |
|
sopcast
|
sopcast
|
SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5044
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301985
|
- |
|
tomatosoft
|
free_mp3_player
|
TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow.
|
CWE-20
Improper Input Validation
|
CVE-2011-5043
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301986
|
- |
|
gphemsley
|
sasha
|
Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter. NOTE: the original discl…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5042
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301987
|
- |
|
pulsecms
|
pulse_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id par…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5041
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301988
|
- |
|
infoproject
|
biznis_heroj
|
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2)…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5040
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301989
|
- |
|
infoproject
|
biznis_heroj
|
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filt…
|
CWE-89
SQL Injection
|
CVE-2011-5039
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301990
|
- |
|
hitcode
|
hitappoint
|
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance …
|
CWE-89
SQL Injection
|
CVE-2011-5038
|
2024-11-21 10:33 |
2011-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
