|
302551
|
- |
|
advanced_forum_signatures_project
|
advanced_forum_signatures
|
SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right para…
|
CWE-89
SQL Injection
|
CVE-2011-5278
|
2024-11-21 10:34 |
2014-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302552
|
- |
|
advanced_forum_signatures_project
|
advanced_forum_signatures
|
Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) …
|
CWE-89
SQL Injection
|
CVE-2011-5277
|
2024-11-21 10:34 |
2014-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302553
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0032
|
2024-11-21 10:34 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302554
|
- |
|
gplhost
|
domain_technologie_control
|
SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to ex…
|
CWE-89
SQL Injection
|
CVE-2011-5276
|
2024-11-21 10:34 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302555
|
- |
|
gplhost
|
domain_technologie_control
|
The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5275
|
2024-11-21 10:34 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302556
|
- |
|
gplhost
|
domain_technologie_control
|
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metach…
|
NVD-CWE-noinfo
|
CVE-2011-5274
|
2024-11-21 10:34 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302557
|
- |
|
gplhost
|
domain_technologie_control
|
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in t…
|
CWE-22
Path Traversal
|
CVE-2011-5273
|
2024-11-21 10:34 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302558
|
- |
|
gplhost
|
domain_technologie_control
|
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php…
|
CWE-89
SQL Injection
|
CVE-2011-5272
|
2024-11-21 10:34 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302559
|
- |
|
csounds
|
csound
|
Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-0270
|
2024-11-21 10:34 |
2014-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302560
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
|
CWE-287
Improper Authentication
|
CVE-2012-0062
|
2024-11-21 10:34 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
