Lista CVE - 2011 / Settembre
Visualizzazione 301 - 387 di 387 CVE per Settembre 2011 (Pagina 4 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2011-3800 | 2011-09-24 | Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php... |
| CVE-2011-3801 | 2011-09-24 | SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php... |
| CVE-2011-3802 | 2011-09-24 | StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php... |
| CVE-2011-3803 | 2011-09-24 | SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php... |
| CVE-2011-3804 | 2011-09-24 | SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php. |
| CVE-2011-3805 | 2011-09-24 | TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php... |
| CVE-2011-3806 | 2011-09-24 | TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php... |
| CVE-2011-3807 | 2011-09-24 | Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php... |
| CVE-2011-3808 | 2011-09-24 | The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated... |
| CVE-2011-3809 | 2011-09-24 | TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by... |
| CVE-2011-3810 | 2011-09-24 | TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by... |
| CVE-2011-3811 | 2011-09-24 | TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php... |
| CVE-2011-3812 | 2011-09-24 | Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php... |
| CVE-2011-3813 | 2011-09-24 | Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as... |
| CVE-2011-3815 | 2011-09-24 | WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php... |
| CVE-2011-3816 | 2011-09-24 | WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as... |
| CVE-2011-3817 | 2011-09-24 | Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by... |
| CVE-2011-3818 | 2011-09-24 | WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated... |
| CVE-2011-3819 | 2011-09-24 | WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated... |
| CVE-2011-3820 | 2011-09-24 | WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by... |
| CVE-2011-3821 | 2011-09-24 | xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by... |
| CVE-2011-3822 | 2011-09-24 | XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php... |
| CVE-2011-3823 | 2011-09-24 | Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php... |
| CVE-2011-3824 | 2011-09-24 | Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message,... |
| CVE-2011-3825 | 2011-09-24 | Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an... |
| CVE-2011-3826 | 2011-09-24 | Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php... |
| CVE-2010-4843 | 2011-09-27 | SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. |
| CVE-2010-4844 | 2011-09-27 | SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter. |
| CVE-2010-4845 | 2011-09-27 | Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter... |
| CVE-2010-4846 | 2011-09-27 | SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. |
| CVE-2010-4847 | 2011-09-27 | SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. |
| CVE-2010-4848 | 2011-09-27 | Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter. |
| CVE-2010-4850 | 2011-09-27 | Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2)... |
| CVE-2010-4851 | 2011-09-27 | Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter... |
| CVE-2010-4852 | 2011-09-27 | Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action. |
| CVE-2010-4842 | 2011-09-27 | SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these... |
| CVE-2010-4849 | 2011-09-27 | SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter. |
| CVE-2010-4840 | 2011-09-27 | Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via... |
| CVE-2010-4841 | 2011-09-27 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile,... |
| CVE-2011-3645 | 2011-09-27 | Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter... |
| CVE-2011-3687 | 2011-09-27 | Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter... |
| CVE-2011-3688 | 2011-09-27 | Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp. |
| CVE-2011-3684 | 2011-09-27 | Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp,... |
| CVE-2011-3685 | 2011-09-27 | Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat... |
| CVE-2011-3686 | 2011-09-27 | Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3)... |
| CVE-2011-3689 | 2011-09-27 | Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. |
| CVE-2011-3690 | 2011-09-27 | Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 allows local users to gain privileges via a Trojan horse mfc70enu.dll or mfc80loc.dll in the current working directory. |
| CVE-2011-3691 | 2011-09-27 | Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory. |
| CVE-2011-3692 | 2011-09-27 | NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step. |
| CVE-2011-3693 | 2011-09-27 | NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. |
| CVE-2011-3694 | 2011-09-27 | The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL. |
| CVE-2011-3850 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3854 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3860 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3862 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. |
| CVE-2011-3851 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. |
| CVE-2011-3852 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3853 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. |
| CVE-2011-3855 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3856 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3857 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3858 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3859 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. |
| CVE-2011-3861 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. |
| CVE-2011-3863 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2011-3864 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. |
| CVE-2011-3865 | 2011-09-28 | Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. |
| CVE-2011-2372 | 2011-09-29 | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the... |
| CVE-2011-2995 | 2011-09-29 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial... |
| CVE-2011-2996 | 2011-09-29 | Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary... |
| CVE-2011-2997 | 2011-09-29 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and... |
| CVE-2011-2999 | 2011-09-29 | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers... |
| CVE-2011-3000 | 2011-09-29 | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which... |
| CVE-2011-3001 | 2011-09-29 | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted... |
| CVE-2011-3002 | 2011-09-29 | Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows... |
| CVE-2011-3003 | 2011-09-29 | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case... |
| CVE-2011-3004 | 2011-09-29 | The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier... |
| CVE-2011-3005 | 2011-09-29 | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary... |
| CVE-2011-3232 | 2011-09-29 | YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary... |
| CVE-2011-3504 | 2011-09-29 | The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. |
| CVE-2011-3866 | 2011-09-29 | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript... |
| CVE-2011-2998 | 2011-09-30 | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large... |
| CVE-2011-3010 | 2011-09-30 | Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to... |
| CVE-2011-3579 | 2011-09-30 | server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of... |
| CVE-2011-3580 | 2011-09-30 | IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo... |
| CVE-2011-3369 | 2011-09-30 | The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to... |
| CVE-2011-0552 | 2011-10-02 | Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter... |
| CVE-2011-0553 | 2011-10-02 | SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-0554 | 2011-10-02 | The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." |
| CVE-2011-2673 | 2011-10-02 | Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-2674 | 2011-10-02 | BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. |
| CVE-2011-3973 | 2011-10-02 | cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream... |
| CVE-2011-3974 | 2011-10-02 | Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write... |
| CVE-2011-2411 | 2011-10-02 | Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors. |
| CVE-2011-3362 | 2011-10-02 | Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial... |
| CVE-2011-3371 | 2011-10-02 | Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4)... |
| CVE-2011-3975 | 2011-10-03 | A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk... |
| CVE-2011-2072 | 2011-10-03 | Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and... |
| CVE-2011-3272 | 2011-10-03 | The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and... |
| CVE-2011-3279 | 2011-10-03 | The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload)... |