Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0318 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122. | |||||
| CVE-2011-0319 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122. | |||||
| CVE-2011-0320 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122. | |||||
| CVE-2011-0335 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122. | |||||
| CVE-2010-4308 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309. | |||||
| CVE-2010-4309 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4308. | |||||
| CVE-2006-5656 | 1 Vilistextum | 1 Vilistextum | 2011-10-03 | 5.0 MEDIUM | N/A |
| Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_align variable. NOTE: it is not clear whether this is a vulnerability, due to the functionality of the product. | |||||
| CVE-2011-3867 | 2011-10-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2998. Reason: This candidate is a duplicate of CVE-2011-2998. Notes: All CVE users should reference CVE-2011-2998 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2004-2770 | 2011-09-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3389. Reason: This candidate is a duplicate of CVE-2011-3389. Notes: All CVE users should reference CVE-2011-3389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-2746 | 1 Otrs | 1 Otrs | 2011-09-23 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors. | |||||
| CVE-2011-3132 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2011-09-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3133 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2011-09-23 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2011-3134 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2011-09-23 | 7.5 HIGH | N/A |
| Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | |||||
| CVE-2011-3200 | 1 Rsyslog | 1 Rsyslog | 2011-09-23 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message. | |||||
| CVE-2011-3204 | 1 Geoff Wong | 1 Hammerhead | 2011-09-23 | 3.3 LOW | N/A |
| hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. | |||||
| CVE-2011-3211 | 1 Bcfg2 | 1 Bcfg2 | 2011-09-23 | 9.3 HIGH | N/A |
| The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client. | |||||
| CVE-2011-3576 | 1 Ibm | 1 Lotus Domino | 2011-09-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. | |||||
| CVE-2011-2745 | 1 Chyrp | 1 Chyrp | 2011-09-22 | 6.5 MEDIUM | N/A |
| upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/. | |||||
| CVE-2011-2882 | 1 Citrix | 1 Access Gateway | 2011-09-22 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. | |||||
| CVE-2011-1855 | 1 Hp | 1 Network Node Manager I | 2011-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors. | |||||
| CVE-2011-1931 | 3 Ffmpeg, Libav, Videolan | 4 Ffmpeg, Libavcodec, Libav and 1 more | 2011-09-22 | 6.8 MEDIUM | N/A |
| sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file. | |||||
| CVE-2011-1937 | 1 Webmin | 1 Webmin | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. | |||||
| CVE-2011-2076 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 5.0 MEDIUM | N/A |
| MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216. | |||||
| CVE-2011-2077 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 7.5 HIGH | N/A |
| The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session. | |||||
| CVE-2011-2078 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2079 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 7.5 HIGH | N/A |
| MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue. | |||||
| CVE-2011-2081 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 5.0 MEDIUM | N/A |
| MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree. | |||||
| CVE-2011-1498 | 1 Apache | 1 Httpclient | 2011-09-22 | 4.3 MEDIUM | N/A |
| Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header. | |||||
| CVE-2011-1523 | 1 Nagios | 1 Nagios | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. | |||||
| CVE-2011-1536 | 1 Hp | 1 Performance Insight | 2011-09-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2011-1537 | 1 Hp | 1 Proliant Support Pack | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1538 | 1 Hp | 1 Proliant Support Pack | 2011-09-22 | 4.9 MEDIUM | N/A |
| Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-1539 | 1 Hp | 1 Proliant Support Pack | 2011-09-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2011-1540 | 1 Hp | 1 System Management Homepage | 2011-09-22 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-1541 | 1 Hp | 1 System Management Homepage | 2011-09-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors. | |||||
| CVE-2011-1542 | 1 Hp | 1 Systems Insight Manager | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1543 | 1 Hp | 1 Systems Insight Manager | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-1544 | 1 Hp | 1 Insight Control Performance Management | 2011-09-22 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2011-1545 | 1 Hp | 1 Insight Control Performance Management | 2011-09-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-1563 | 1 Realflex | 1 Realwin | 2011-09-22 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910. | |||||
| CVE-2011-1564 | 1 Realflex | 1 Realwin | 2011-09-22 | 10.0 HIGH | N/A |
| Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow. | |||||
| CVE-2011-1565 | 1 7t | 1 Igss | 2011-09-22 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401. | |||||
| CVE-2011-1567 | 1 7t | 1 Igss | 2011-09-22 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401. | |||||
| CVE-2011-1568 | 1 7t | 1 Igss | 2011-09-22 | 10.0 HIGH | N/A |
| Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1724 | 1 Hp | 1 Virtual Server Environment | 2011-09-22 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2011-1840 | 2 Google, Martinicreations | 2 Android, Passmanlite Password Manager | 2011-09-22 | 2.1 LOW | N/A |
| The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access. | |||||
| CVE-2011-0892 | 1 Hp | 1 Diagnostics | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2011-0893 | 1 Hp | 1 Operations | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0894 | 1 Hp | 1 Operations | 2011-09-22 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2011-0354 | 1 Cisco | 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software | 2011-09-22 | 10.0 HIGH | N/A |
| The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. | |||||