Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0448 | 1 Mozilla | 1 Bugzilla | 2017-08-29 | 4.0 MEDIUM | N/A |
| Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address. | |||||
| CVE-2012-0563 | 1 Sun | 1 Sunos | 2017-08-29 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. | |||||
| CVE-2012-0696 | 1 Ibm | 2 Cognos Executive Viewer, Cognos Tm1 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js. | |||||
| CVE-2012-0697 | 1 Hp | 1 Storageworks P2000 G3 Msa | 2017-08-29 | 10.0 HIGH | N/A |
| HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788. | |||||
| CVE-2011-4113 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments." | |||||
| CVE-2011-4122 | 1 Freebsd | 1 Freebsd | 2017-08-29 | 6.9 MEDIUM | N/A |
| Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass. | |||||
| CVE-2011-4141 | 1 Rsa | 1 Securid | 2017-08-29 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file. | |||||
| CVE-2011-4157 | 1 Hp | 3 Centralized Management Console Software, San\/iq, Storageworks P4000 Virtual San Appliance | 2017-08-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request. | |||||
| CVE-2011-4162 | 1 Hp | 1 Protecttools Device Access Manager | 2017-08-29 | 7.5 HIGH | N/A |
| The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument. | |||||
| CVE-2011-4171 | 1 Ibm | 1 Websphere Ilog Rule Team Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp. | |||||
| CVE-2011-4197 | 1 Pfsense | 1 Pfsense | 2017-08-29 | 7.5 HIGH | N/A |
| etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. | |||||
| CVE-2011-4211 | 1 Google | 1 App Engine Python Sdk | 2017-08-29 | 7.2 HIGH | N/A |
| The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | |||||
| CVE-2011-4212 | 1 Google | 1 App Engine Python Sdk | 2017-08-29 | 7.2 HIGH | N/A |
| The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | |||||
| CVE-2011-4216 | 1 Investintech | 1 Slimpdf Reader | 2017-08-29 | 9.3 HIGH | N/A |
| Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2011-4218 | 1 Investintech | 1 Slimpdf Reader | 2017-08-29 | 9.3 HIGH | N/A |
| Investintech.com SlimPDF Reader does not prevent faulting-instruction data from affecting write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2011-4219 | 1 Investintech | 1 Slimpdf Reader | 2017-08-29 | 9.3 HIGH | N/A |
| Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2011-4221 | 1 Investintech | 1 Able2doc | 2017-08-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document. | |||||
| CVE-2011-4222 | 1 Investintech | 2 Able2extract, Able2extract Server | 2017-08-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document. | |||||
| CVE-2011-4223 | 1 Investintech | 1 Absolute Pdf Server | 2017-08-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Investintech.com Absolute PDF Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2011-4273 | 1 Goahead | 1 Goahead Webserver | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp. | |||||
| CVE-2011-4274 | 2 Ark-web, Sixapart | 3 A-form Pc, A-form Pc Mobile, Movabletype | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676. | |||||
| CVE-2011-4325 | 1 Linux | 1 Linux Kernel | 2017-08-29 | 4.9 MEDIUM | N/A |
| The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP. | |||||
| CVE-2011-4340 | 1 Symphony-cms | 1 Symphony Cms | 2017-08-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4341 | 1 Symphony-cms | 1 Symphony Cms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4357 | 1 Brandon Long | 1 Clearsilver | 2017-08-29 | 7.5 HIGH | N/A |
| Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function. | |||||
| CVE-2011-4405 | 1 Canonical | 1 Ubuntu Linux | 2017-08-29 | 7.5 HIGH | N/A |
| The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories. | |||||
| CVE-2011-4408 | 1 Canonical | 1 Ubuntu Linux | 2017-08-29 | 6.8 MEDIUM | N/A |
| The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack. | |||||
| CVE-2011-4409 | 1 Canonical | 1 Ubuntu Linux | 2017-08-29 | 7.5 HIGH | N/A |
| The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack. | |||||
| CVE-2011-4460 | 1 Bestpractical | 1 Rt | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account. | |||||
| CVE-2011-4462 | 1 Plone | 1 Plone | 2017-08-29 | 5.0 MEDIUM | N/A |
| Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2011-4465 | 1 Ibm | 1 Lotus Mobile Connect | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. | |||||
| CVE-2011-4537 | 1 7t | 1 Igss | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399. | |||||
| CVE-2011-4547 | 1 Zen-cart | 1 Zen Cart | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567. | |||||
| CVE-2011-4560 | 1 Drupal | 2 Drupal, Petition Node Module | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition. | |||||
| CVE-2011-4562 | 2 John Godley, Wordpress | 2 Redirection Plugin, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. | |||||
| CVE-2011-4565 | 1 Xoops | 1 Xoops | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4566 | 1 Php | 1 Php | 2017-08-29 | 6.4 MEDIUM | N/A |
| Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. | |||||
| CVE-2011-4567 | 1 Zen-cart | 1 Zen Cart | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547. | |||||
| CVE-2011-4569 | 2 Mybb, Tom K | 2 Mybb, Forum Userbar Plugin | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter. | |||||
| CVE-2011-4570 | 2 Joomla, Takeaweb | 2 Joomla\!, Com Timereturns | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. | |||||
| CVE-2011-4571 | 2 Eaimproved, Joomla | 2 Com Estateagent, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. | |||||
| CVE-2011-4572 | 1 Codefuture | 1 Cf Image Hosting Script | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate. | |||||
| CVE-2011-4608 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | 7.5 HIGH | N/A |
| mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. | |||||
| CVE-2011-4615 | 1 Zabbix | 1 Zabbix | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. | |||||
| CVE-2011-4618 | 2 Simplerealtytheme, Wordpress | 2 Advanced Text Widget Plugin, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2011-4643 | 1 Splunk | 1 Splunk | 2017-08-29 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. | |||||
| CVE-2011-4668 | 1 Ibm | 1 Tivoli Netcool\/reporter | 2017-08-29 | 7.5 HIGH | N/A |
| IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server. | |||||
| CVE-2011-4669 | 1 Wordpress | 2 Wordpress, Wordpress-users | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. | |||||
| CVE-2011-4673 | 2 Automattic, Wordpress | 2 Jetpack, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-4674 | 1 Zabbix | 1 Zabbix | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. | |||||