|
306071
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x b…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2931
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306072
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before …
|
CWE-89
SQL Injection
|
CVE-2011-2930
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306073
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which…
|
CWE-20
Improper Input Validation
|
CVE-2011-2929
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306074
|
- |
|
pidgin
|
pidgin
|
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
|
CWE-20
Improper Input Validation
|
CVE-2011-3185
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306075
|
- |
|
pidgin
|
pidgin
|
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause …
|
CWE-399
Resource Management Errors
|
CVE-2011-3184
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306076
|
- |
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3181
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306077
|
- |
|
pidgin
|
pidgin
libpurple
|
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted r…
|
NVD-CWE-Other
|
CVE-2011-2943
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306078
|
- |
|
linux
|
linux_kernel
|
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (…
|
CWE-476
NULL Pointer Dereference
|
CVE-2011-2928
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306079
|
- |
|
apache
suse
opensuse
canonical
|
http_server
linux_enterprise_server
opensuse
linux_enterprise_software_development_kit
ubuntu_linux
|
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2011-3192
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306080
|
- |
|
google
|
chrome
|
The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have uns…
|
CWE-20
Improper Input Validation
|
CVE-2011-2839
|
2024-11-21 10:29 |
2011-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
