Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1670 | 1 A.kulikov | 1 Interra Blog Machine | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit. | |||||
| CVE-2011-1671 | 1 Getontracks | 1 Tracks | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1699 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url. | |||||
| CVE-2011-1700 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url. | |||||
| CVE-2011-1701 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url. | |||||
| CVE-2011-1702 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url. | |||||
| CVE-2011-1703 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url. | |||||
| CVE-2011-1704 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url. | |||||
| CVE-2011-1705 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url. | |||||
| CVE-2011-1706 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url. | |||||
| CVE-2011-1707 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url. | |||||
| CVE-2011-1708 | 1 Novell | 1 Iprint | 2018-10-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie. | |||||
| CVE-2011-1716 | 1 Xymon | 1 Xymon | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1720 | 1 Postfix | 1 Postfix | 2018-10-09 | 6.8 MEDIUM | N/A |
| The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. | |||||
| CVE-2011-1721 | 1 Obspm | 1 Webjaxe | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1723 | 1 Redmine | 1 Redmine | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1728 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message. | |||||
| CVE-2011-1729 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message. | |||||
| CVE-2011-1730 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message. | |||||
| CVE-2011-1731 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message. | |||||
| CVE-2011-1732 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message. | |||||
| CVE-2011-1733 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message. | |||||
| CVE-2011-1734 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message. | |||||
| CVE-2011-1735 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message. | |||||
| CVE-2011-1736 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. | |||||
| CVE-2011-0926 | 1 Cisco | 1 Secure Desktop | 2018-10-09 | 9.3 HIGH | N/A |
| A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589. | |||||
| CVE-2011-0975 | 1 Bmc | 6 Capacity Management Essentials, Performance Analysis For Servers, Performance Analyzer For Servers and 3 more | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768. | |||||
| CVE-2011-0994 | 1 Novell | 1 File Reporter | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data. | |||||
| CVE-2011-1026 | 1 Apache | 1 Archiva | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators. | |||||
| CVE-2011-1033 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. | |||||
| CVE-2011-1036 | 1 Ca | 3 Host-based Intrusion Prevention System, Internet Security Suite 2010, Internet Security Suite 2011 | 2018-10-09 | 8.8 HIGH | N/A |
| The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods. | |||||
| CVE-2011-1038 | 1 Ibm | 1 Lotus Sametime | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO. | |||||
| CVE-2011-1047 | 2 Vasthtml, Wordpress | 2 Forum Server, Wordpress | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | |||||
| CVE-2011-1060 | 1 Webmastersite | 1 Wsn Guest | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php. | |||||
| CVE-2011-1061 | 1 Webmastersite | 1 Wsn Guest | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter. | |||||
| CVE-2011-1063 | 1 Cherry-software | 1 Photopad | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php. | |||||
| CVE-2011-1071 | 1 Gnu | 2 Eglibc, Glibc | 2018-10-09 | 5.1 MEDIUM | N/A |
| The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. | |||||
| CVE-2011-1073 | 2 Apple, Freebsd | 2 Mac Os X, Freebsd | 2018-10-09 | 1.9 LOW | N/A |
| crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. | |||||
| CVE-2011-1074 | 1 Freebsd | 1 Freebsd | 2018-10-09 | 1.9 LOW | N/A |
| crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname. | |||||
| CVE-2011-1077 | 1 Apache | 1 Archiva | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1088 | 1 Apache | 1 Tomcat | 2018-10-09 | 5.8 MEDIUM | N/A |
| Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. | |||||
| CVE-2011-1090 | 1 Linux | 1 Linux Kernel | 2018-10-09 | 4.9 MEDIUM | N/A |
| The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. | |||||
| CVE-2011-1095 | 1 Gnu | 1 Glibc | 2018-10-09 | 6.2 MEDIUM | N/A |
| locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | |||||
| CVE-2011-1099 | 1 Focalmedia.net | 1 Quick Polls | 2018-10-09 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php. | |||||
| CVE-2011-1126 | 2 Linux, Vmware | 3 Linux Kernel, Vix Api, Workstation | 2018-10-09 | 6.9 MEDIUM | N/A |
| VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory. | |||||
| CVE-2011-1167 | 1 Libtiff | 1 Libtiff | 2018-10-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. | |||||
| CVE-2011-1168 | 1 Kde | 1 Kde Sc | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. | |||||
| CVE-2011-1183 | 1 Apache | 1 Tomcat | 2018-10-09 | 5.8 MEDIUM | N/A |
| Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. | |||||
| CVE-2011-1220 | 1 Ibm | 1 Tivoli Management Framework | 2018-10-09 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field. | |||||
| CVE-2011-1290 | 2 Apple, Rim | 3 Webkit, Blackberry Torch 9800, Blackberry Torch 9800 Firmware | 2018-10-09 | 10.0 HIGH | N/A |
| Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. | |||||