|
301911
|
- |
|
x3cms
|
x3_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or …
|
CWE-79
Cross-site Scripting
|
CVE-2011-5255
|
2024-11-21 10:33 |
2013-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301912
|
- |
|
connections_project
|
connections
|
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2011-5254
|
2024-11-21 10:33 |
2013-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301913
|
- |
|
thegr
|
dl
|
Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header.
|
CWE-287
Improper Authentication
|
CVE-2011-5253
|
2024-11-21 10:33 |
2013-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301914
|
- |
|
orchardproject
|
orchard
|
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbi…
|
CWE-20
Improper Input Validation
|
CVE-2011-5252
|
2024-11-21 10:33 |
2013-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301915
|
- |
|
vbulletin
|
vbulletin
|
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a …
|
CWE-20
Improper Input Validation
|
CVE-2011-5251
|
2024-11-21 10:33 |
2013-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301916
|
- |
|
redhat
|
resteasy
|
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Bi…
|
CWE-200
Information Exposure
|
CVE-2011-5245
|
2024-11-21 10:33 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301917
|
- |
|
tetex
gnome
t1lib
|
tetex
evince
t1lib
|
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote at…
|
CWE-189
Numeric Errors
|
CVE-2011-5244
|
2024-11-21 10:33 |
2012-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301918
|
- |
|
abraham_williams
|
twitteroauth
|
TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacker…
|
CWE-20
Improper Input Validation
|
CVE-2011-5243
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301919
|
- |
|
themattharris
|
tmhoauth
|
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle …
|
CWE-20
Improper Input Validation
|
CVE-2011-5242
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301920
|
- |
|
services_twitter_group
|
services_twitter
|
Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…
|
CWE-20
Improper Input Validation
|
CVE-2011-5241
|
2024-11-21 10:33 |
2012-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
