Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5130 | 1 Haudenschilt | 1 Family Connections Cms | 2017-08-29 | 6.8 MEDIUM | N/A |
| dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter. | |||||
| CVE-2011-5131 | 1 Mybb | 1 Mybb | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. | |||||
| CVE-2011-5132 | 1 Mybb | 1 Mybb | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX." | |||||
| CVE-2011-5135 | 1 Docebo | 1 Docebolms | 2017-08-29 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php. | |||||
| CVE-2011-5136 | 1 Epractizelabs | 1 Subscription Manager | 2017-08-29 | 6.4 MEDIUM | N/A |
| showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter. | |||||
| CVE-2011-5137 | 1 Tforum | 1 Tforum | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php. | |||||
| CVE-2011-5138 | 1 Tforum | 1 Tforum | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action. | |||||
| CVE-2011-5139 | 1 Preprojects | 1 Business Cards Designer | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5140 | 1 Diy-cms | 2 Blog, Diy-cms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php. | |||||
| CVE-2011-5141 | 1 Obm | 1 Open Business Management | 2017-08-29 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action. | |||||
| CVE-2011-5142 | 1 Obm | 1 Open Business Management | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php. | |||||
| CVE-2011-5144 | 1 Obm | 1 Open Business Management | 2017-08-29 | 5.0 MEDIUM | N/A |
| Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function. | |||||
| CVE-2011-5145 | 1 Obm | 1 Open Business Management | 2017-08-29 | 5.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php. | |||||
| CVE-2011-5148 | 2 Joomla, Wasen | 2 Joomla\!, Mod Simplefileupload | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. | |||||
| CVE-2011-5149 | 1 Spamtitan | 1 Spamtitan | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php. | |||||
| CVE-2011-5157 | 1 Attachmate | 5 Reflection For Hp, Reflection For Ibm, Reflection For Regis Graphics Server and 2 more | 2017-08-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5160 | 1 Open-emr | 1 Openemr | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. | |||||
| CVE-2011-5161 | 1 Open-emr | 1 Openemr | 2017-08-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. | |||||
| CVE-2011-5162 | 1 Gomlab | 1 Gom Player | 2017-08-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression. | |||||
| CVE-2011-5166 | 1 Elif Keir | 1 Knftp | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands. | |||||
| CVE-2011-5167 | 2 Oracle, Tidestone | 2 Hyperion Strategic Finance, Formula One Activex Control | 2017-08-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter. | |||||
| CVE-2011-5170 | 1 Castillobueno | 1 Ccmplayer | 2017-08-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 allows remote attackers to execute arbitrary code via a long track name in an m3u playlist. | |||||
| CVE-2011-5171 | 1 Cyberlink | 1 Power2go | 2017-08-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file. | |||||
| CVE-2011-5172 | 1 Powerproduction | 1 Storyboard Quick | 2017-08-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and possibly StoryBoard Artist and StoryBoard Studio, allows remote attackers to execute arbitrary code via a long string in the string element field in a frame xml file. | |||||
| CVE-2011-5173 | 1 Bugbear | 1 Flatout | 2017-08-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field in a bed file. | |||||
| CVE-2011-5177 | 1 Esyndicat | 1 Esyndicat Pro | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page. | |||||
| CVE-2011-5187 | 2 Drupal, Tag1consulting | 2 Drupal, Support | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-5188 | 2 Drupal, Tag1consulting | 2 Drupal, Support Timer | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-5189 | 2 Drupal, Svendecabooter | 2 Drupal, Webform Validation | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-5190 | 1 Clonemonster | 1 Social Book Facebook Clone Monster | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) signup.php, (2) lostpass.php, (3) login.php, (4) index.php, (5) help_tos.php, (6) help_contact.php, or (7) help.php. | |||||
| CVE-2011-5194 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193. | |||||
| CVE-2011-5198 | 1 Neturf | 1 Ecommerce Shopping Cart | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5199 | 1 Steveyolam | 1 Tinyguestbook | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2011-5200 | 1 Dedecms | 1 Dedecms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | |||||
| CVE-2011-5201 | 1 Steveyolam | 1 Tinyguestbook | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5202 | 1 Sysprogs | 1 Wincdemu | 2017-08-29 | 2.1 LOW | N/A |
| BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe. | |||||
| CVE-2011-5203 | 1 Akiva | 1 Webboard | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5205 | 1 Rapidleech | 1 Rapidleech | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter. | |||||
| CVE-2011-5206 | 1 Rapidleech | 1 Rapidleech | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter. | |||||
| CVE-2011-5207 | 2 Thecartpress, Wordpress | 2 Thecartpress, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. | |||||
| CVE-2011-5209 | 1 Cloneforest | 1 Graphicsclone Script | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter. | |||||
| CVE-2011-5210 | 1 Limny | 1 Limny | 2017-08-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the theme parameter. | |||||
| CVE-2011-5213 | 1 Browsercrm | 1 Browsercrm | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php. | |||||
| CVE-2011-5214 | 1 Browsercrm | 1 Browsercrm | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php. | |||||
| CVE-2011-5215 | 1 2daybiz | 1 Video Community Portal Script | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5216 | 2 Troyef, Wordpress | 2 Scorm Cloud, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5217 | 1 Hitachi | 2 Jp1\/serverconductor\/deploymentmanager, Serverconductor\/deploymentmanager | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2011-5218 | 1 Neubivljiv | 1 Dota Openstats | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2011-5219 | 1 Mpdf1 | 1 Mpdf | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2011-5220 | 1 Cristopher Shi | 1 Php-scms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php. | |||||