|
304581
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsin…
|
CWE-20
Improper Input Validation
|
CVE-2011-2150
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304582
|
- |
|
smartertools
|
smarterstats
|
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) D…
|
CWE-89
SQL Injection
|
CVE-2011-2149
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304583
|
- |
|
openswan
|
openswan
|
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2147
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304584
|
- |
|
tibco
|
iprocess_engine
iprocess_workspace
|
Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2011-2021
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304585
|
- |
|
tibco
|
iprocess_engine
iprocess_workspace
|
Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2020
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304586
|
- |
|
smartertools
|
smarterstats
|
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) …
|
CWE-78
OS Command
|
CVE-2011-2148
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304587
|
- |
|
twiki
|
twiki
|
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view scr…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1838
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304588
|
- |
|
keepalived
|
keepalived
|
The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows loca…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1784
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304589
|
- |
|
ibm
|
datacap_taskmaster_capture
|
The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service (batch abort) via a long subject line in a…
|
CWE-399
Resource Management Errors
|
CVE-2011-2144
|
2024-11-21 10:27 |
2011-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304590
|
- |
|
ibm
|
datacap_taskmaster_capture
|
IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account n…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2143
|
2024-11-21 10:27 |
2011-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
