|
305811
|
- |
|
celeryproject
|
celery
|
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4356
|
2024-11-21 10:32 |
2011-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305812
|
- |
|
oscommerce
|
oscommerce
|
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) O…
|
CWE-22
Path Traversal
|
CVE-2011-4543
|
2024-11-21 10:32 |
2011-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305813
|
- |
|
zabbix
|
zabbix
|
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
|
CWE-89
SQL Injection
|
CVE-2011-4674
|
2024-11-21 10:32 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305814
|
- |
|
automattic
|
jetpack
|
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2011-4673
|
2024-11-21 10:32 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305815
|
- |
|
valid
|
tiny-erp
|
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list…
|
CWE-89
SQL Injection
|
CVE-2011-4672
|
2024-11-21 10:32 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305816
|
- |
|
adrotateplugin
|
adrotate
|
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the…
|
CWE-89
SQL Injection
|
CVE-2011-4671
|
2024-11-21 10:32 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305817
|
- |
|
wordpress
|
wordpress-users
|
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.p…
|
CWE-89
SQL Injection
|
CVE-2011-4669
|
2024-11-21 10:32 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305818
|
- |
|
ibm
|
tivoli_netcool\/reporter
|
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
|
CWE-94
Code Injection
|
CVE-2011-4668
|
2024-11-21 10:32 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305819
|
- |
|
prestashop
|
prestashop
|
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name paramete…
|
CWE-94
Code Injection
|
CVE-2011-4545
|
2024-11-21 10:32 |
2011-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305820
|
- |
|
vtiger
|
vtiger_crm
|
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax acti…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4670
|
2024-11-21 10:32 |
2011-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
