|
307821
|
- |
|
mikoviny
|
wp_custom_pages
|
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the u…
|
CWE-22
Path Traversal
|
CVE-2011-1669
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307822
|
- |
|
awcm-cms
|
ar_web_content_manager
|
Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the se…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1668
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307823
|
- |
|
xmedien
|
anzeigenmarkt
|
SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action.
|
CWE-89
SQL Injection
|
CVE-2011-1667
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307824
|
- |
|
metaways
|
tine
|
Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the f…
|
CWE-200
Information Exposure
|
CVE-2011-1666
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307825
|
- |
|
phpboost
|
phpboost
|
PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1665
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307826
|
- |
|
icanlocalize
|
translation_management
|
Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unk…
|
CWE-352
Origin Validation Error
|
CVE-2011-1664
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307827
|
- |
|
icanlocalize
|
translation_management
|
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2011-1663
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307828
|
- |
|
icanlocalize
|
translation_management
|
Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1662
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307829
|
- |
|
nicholas_thompson
|
node_quick_find
|
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1661
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307830
|
- |
|
grapecity
|
data_dynamics_reports
|
Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2011-1660
|
2024-11-21 10:26 |
2011-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
