Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4920 | 1 E107 | 1 E107 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures. | |||||
| CVE-2011-4921 | 1 E107 | 1 E107 | 2017-08-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2011-4923 | 1 Craig Barratt | 1 Backuppc | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361. | |||||
| CVE-2011-4946 | 1 E107 | 1 E107 | 2017-08-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter. | |||||
| CVE-2011-4947 | 1 E107 | 1 E107 | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter. | |||||
| CVE-2011-5003 | 1 Avid | 1 Media Composer | 2017-08-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659. | |||||
| CVE-2011-5005 | 2 Claudio Klingler, Mads Brunn | 2 Quixplorer, T3quixplorer | 2017-08-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2011-5008 | 1 3ssoftware | 1 Codesys | 2017-08-29 | 7.5 HIGH | N/A |
| Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. | |||||
| CVE-2011-5009 | 1 3ssoftware | 1 Codesys | 2017-08-29 | 5.0 MEDIUM | N/A |
| The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. | |||||
| CVE-2011-5011 | 1 Xt-commerce | 1 Xt\ | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php. | |||||
| CVE-2011-5012 | 1 Attachmate | 5 Reflection, Reflection 2008, Reflection 2008r1 and 2 more | 2017-08-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. | |||||
| CVE-2011-5019 | 1 Textpattern | 1 Textpattern | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter. | |||||
| CVE-2011-5026 | 1 Winn | 1 Winn Guestbook | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5028 | 1 Novell | 1 Sentinel Log Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2011-5029 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php. | |||||
| CVE-2011-5030 | 2 Drupal, Valthbald | 2 Drupal, Meta Tags Quick | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." | |||||
| CVE-2011-5031 | 1 Shilpisoft | 1 Capexweb | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5032 | 1 Winmount | 1 Winmount | 2017-08-29 | 4.9 MEDIUM | N/A |
| WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device. | |||||
| CVE-2011-5033 | 2 Configserver, Directadmin | 2 Configserver Security Firewall, Directadmin Server | 2017-08-29 | 4.4 MEDIUM | N/A |
| Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file. | |||||
| CVE-2011-5038 | 1 Hitcode | 1 Hitappoint | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-5039 | 1 Infoproject | 1 Biznis Heroj | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php. | |||||
| CVE-2011-5040 | 1 Infoproject | 1 Biznis Heroj | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php. | |||||
| CVE-2011-5041 | 1 Pulsecms | 1 Pulse Cms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php. | |||||
| CVE-2011-5042 | 1 Gphemsley | 1 Sasha | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter. NOTE: the original disclosure also mentions the section_title parameter, but this was disputed by the vendor and retracted by the original researcher. | |||||
| CVE-2011-5043 | 1 Tomatosoft | 1 Free Mp3 Player | 2017-08-29 | 4.3 MEDIUM | N/A |
| TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow. | |||||
| CVE-2011-5044 | 1 Sopcast | 1 Sopcast | 2017-08-29 | 7.2 HIGH | N/A |
| SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program. | |||||
| CVE-2011-5045 | 1 Jjwdesign | 1 Php Booking Calendar | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter. | |||||
| CVE-2011-5047 | 1 Pfsense | 1 Pfsense | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter. | |||||
| CVE-2011-5048 | 1 Ibm | 1 Web Experience Factory | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo. | |||||
| CVE-2011-5050 | 1 Elitecore | 1 Cyberoam Unified Threat Management | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5051 | 2 Wordpress, Wpsymposium | 2 Wordpress, Wp Symposium | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. | |||||
| CVE-2011-5052 | 1 Cocsoft | 1 Stream Down | 2017-08-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request. | |||||
| CVE-2011-5054 | 1 Kde | 1 Kcheckpass | 2017-08-29 | 6.9 MEDIUM | N/A |
| kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." | |||||
| CVE-2011-5058 | 1 3ssoftware | 1 Codesys | 2017-08-29 | 6.4 MEDIUM | N/A |
| The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | |||||
| CVE-2011-5060 | 1 Roderich Schupp | 1 Par-packer Module | 2017-08-29 | 3.3 LOW | N/A |
| The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114. | |||||
| CVE-2011-5065 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. | |||||
| CVE-2011-5068 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs. | |||||
| CVE-2011-5069 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-29 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833. | |||||
| CVE-2011-5070 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php. | |||||
| CVE-2011-5081 | 1 Craig Barratt | 1 Backuppc | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi. | |||||
| CVE-2011-5082 | 2 S2member, Wordpress | 2 S2member, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field). | |||||
| CVE-2011-5089 | 1 Iconics | 2 Bizviz, Genesis32 | 2017-08-29 | 10.0 HIGH | N/A |
| Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. | |||||
| CVE-2011-5090 | 1 Grboard | 1 Grboard | 2017-08-29 | 6.4 MEDIUM | N/A |
| GR Board (aka grboard) 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to (1) mod_rewrite.php, (2) comment_write_ok.php, (3) poll/index.php, (4) update/index.php, (5) trackback.php, or (6) an arbitrary poll.php script under theme/. | |||||
| CVE-2011-5091 | 1 Grboard | 1 Grboard | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php. | |||||
| CVE-2011-5099 | 2 Chillcreations, Joomla | 2 Mod Ccnewsletter, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5101 | 1 Mcafee | 1 Saas Endpoint Protection | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam. | |||||
| CVE-2011-5103 | 1 Alurian | 1 Prismotube Video Script | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2011-5104 | 2 Getshopped, Wordpress | 2 Wp E-commerce, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5108 | 1 Adaptcms | 1 Adaptcms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-5111 | 1 Kajianwebsite | 1 Cms Balitbang | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php. | |||||