|
305851
|
- |
|
openbsd
|
openbsd
|
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APP…
|
CWE-189
Numeric Errors
|
CVE-2011-2168
|
2024-11-21 10:27 |
2011-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305852
|
- |
|
dovecot
|
dovecot
|
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a scrip…
|
CWE-22
Path Traversal
|
CVE-2011-2167
|
2024-11-21 10:27 |
2011-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305853
|
- |
|
dovecot
|
dovecot
|
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveragin…
|
CWE-16
Configuration
|
CVE-2011-2166
|
2024-11-21 10:27 |
2011-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305854
|
- |
|
dovecot
|
dovecot
|
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of se…
|
CWE-20
Improper Input Validation
|
CVE-2011-1929
|
2024-11-21 10:27 |
2011-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305855
|
- |
|
apache
|
apr-util
http_server
|
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infi…
|
CWE-399
Resource Management Errors
|
CVE-2011-1928
|
2024-11-21 10:27 |
2011-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305856
|
- |
|
watchguard
|
xcs
|
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2165
|
2024-11-21 10:27 |
2011-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305857
|
- |
|
cmu
|
cyrus_imap_server
|
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1926
|
2024-11-21 10:27 |
2011-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305858
|
- |
|
netbsd
ihji
|
netbsd
pmake
|
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, re…
|
CWE-59
Link Following
|
CVE-2011-1920
|
2024-11-21 10:27 |
2011-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305859
|
- |
|
mediawiki
|
mediawiki
|
includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypa…
|
CWE-287
Improper Authentication
|
CVE-2011-1766
|
2024-11-21 10:27 |
2011-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305860
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file a…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1765
|
2024-11-21 10:27 |
2011-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
