|
302201
|
- |
|
canonical
|
ubuntu_linux
|
The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or re…
|
NVD-CWE-Other
|
CVE-2011-4408
|
2024-11-21 10:32 |
2012-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302202
|
- |
|
gnu
|
gnash
|
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4328
|
2024-11-21 10:32 |
2012-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302203
|
- |
|
bestpractical
|
rt
|
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a…
|
CWE-89
SQL Injection
|
CVE-2011-4460
|
2024-11-21 10:32 |
2012-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302204
|
- |
|
bestpractical
|
rt
|
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic ci…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4459
|
2024-11-21 10:32 |
2012-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302205
|
- |
|
bestpractical
|
rt
|
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via u…
|
CWE-94
Code Injection
|
CVE-2011-4458
|
2024-11-21 10:32 |
2012-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302206
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes co…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2011-4621
|
2024-11-21 10:32 |
2012-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302207
|
- |
|
linux
|
linux_kernel
|
Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhan…
|
CWE-189
Numeric Errors
|
CVE-2011-4611
|
2024-11-21 10:32 |
2012-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302208
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an inc…
|
CWE-476
NULL Pointer Dereference
|
CVE-2011-4594
|
2024-11-21 10:32 |
2012-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302209
|
- |
|
linux
avaya
|
linux_kernel
96x1_ip_deskphone_firmware
|
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial …
|
CWE-399
Resource Management Errors
|
CVE-2011-4326
|
2024-11-21 10:32 |
2012-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302210
|
- |
|
cisco
|
ciscoworks_common_services
|
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary H…
|
CWE-94
Code Injection
|
CVE-2011-4237
|
2024-11-21 10:32 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
