All CVEs — 2011 (Page 20/22)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2011-02-10

Medium

CVE-2011-0587

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2011-0586

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrar…

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2011-0567

AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of servi…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0566

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corru…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0563

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption)…

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2010-4022

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child proces…

CVSS: 5.0 CWE: CWE-20

Critical

CVE-2011-0608

Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0607

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2011-0583

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2011-0581

Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2011-0580

Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified ve…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2011-0578

Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified A…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0574

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0573

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0572

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0571

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0569

The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0561

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0560

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0559

Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cau…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0556

The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PFR1 chunk that leads to…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0555

The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2011-0093

ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a f…

CVSS: 9.3 CWE: CWE-94

Critical

CVE-2011-0092

The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed Visi…

CVSS: 9.3 CWE: CWE-94

Medium

CVE-2011-0091

Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network…

CVSS: 6.4 CWE: CWE-287

Critical

CVE-2011-0036

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialize…

CVSS: 9.3 CWE: CWE-94

Critical

CVE-2011-0035

CVSS: 9.3 CWE: CWE-94

Critical

CVE-2011-0033

The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not pr…

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2010-4307

Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4306

Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4196

The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2010-4195

The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2010-4194

The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2010-4193

Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2010-4192

Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type reco…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4191

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4190

Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4189

The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie containing a GIF image wi…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4188

The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk w…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4187

Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed chunk in a Director file, a different vulnerabilit…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-4093

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-2588

The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vuln…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-2587

CVSS: 9.3 CWE: CWE-119

2011-02-09

Critical

CVE-2011-0924

The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with…

CVSS: 10.0 CWE: CWE-20

Critical

CVE-2011-0923

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

CVSS: 10.0 CWE: CWE-20

Critical

CVE-2011-0922

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.

CVSS: 10.0 CWE: CWE-20

Critical

CVE-2011-0921

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to exec…

CVSS: 10.0 CWE: CWE-20

Medium

CVE-2011-0277

Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new admini…

CVSS: 6.8 CWE: CWE-352

High

CVE-2011-0090

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly v…

CVSS: 7.2 CWE: CWE-20

High

CVE-2011-0089

CVSS: 7.2 CWE: CWE-20

High

CVE-2011-0088

CVSS: 7.2 CWE: CWE-20

High

CVE-2011-0087

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows lo…

CVSS: 7.2 CWE: CWE-20

High

CVE-2011-0086

CVSS: 7.2 CWE: CWE-20

High

CVE-2011-0045

The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a b…

CVSS: 7.2 CWE: CWE-119

Medium

CVE-2011-0040

The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of s…

CVSS: 5.0 CWE: CWE-20

High

CVE-2011-0039

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain priv…

CVSS: 7.2 CWE: CWE-287

Medium

CVE-2011-0031

The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attacker…

CVSS: 4.3 CWE: CWE-200

2011-02-08

Critical

CVE-2011-0920

The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via…

CVSS: 9.3 CWE: CWE-287

Critical

CVE-2011-0919

Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender add…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2011-0918

Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID head…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2011-0917

Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2011-0916

Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, ak…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2011-0915

Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes c…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2011-0913

Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2011-0912

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.librar…

CVSS: 9.3 CWE: CWE-20

Medium

CVE-2011-0911

Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2011-0886

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hija…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2011-0538

Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial…

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2011-0535

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account priv…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2010-4729

Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of passwor…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2011-0909

Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2011-0908

Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an uns…

CVSS: 5.8 CWE: CWE-20

Medium

CVE-2011-0526

Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.

CVSS: 4.3 CWE: CWE-79

2011-02-07

Medium

CVE-2011-0903

Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (…

CVSS: 6.8 CWE: CWE-22

Medium

CVE-2011-0901

Multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers t…

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2011-0900

Stack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute…

CVSS: 6.8 CWE: CWE-119

Critical

CVE-2011-0531

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted…

CVSS: 9.3 CWE: CWE-20

Medium

CVE-2011-0522

The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows…

CVSS: 6.8 CWE: CWE-119

Critical

CVE-2011-0324

Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyStr…

CVSS: 9.3 CWE: CWE-119

2011-02-04

Medium

CVE-2011-0025

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows rem…

CVSS: 6.8 CWE: CWE-20

Medium

CVE-2011-0784

Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.

CVSS: 6.8 CWE: CWE-362

High

CVE-2011-0781

Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2011-0779

Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.

CVSS: 5.0 CWE: CWE-20

High

CVE-2011-0777

Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.

CVSS: 7.5 CWE: CWE-416

Medium

CVE-2011-0776

The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat sy…

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2011-0775

pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error…

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2011-0774

PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an erro…

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2011-0773

Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2011-0772

Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color paramete…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2011-0771

The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and p…

CVSS: 6.8 CWE: CWE-20

High

CVE-2011-0537

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly No…

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2011-0049

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the h…

CVSS: 5.0 CWE: CWE-22

Medium

CVE-2011-0047

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injectio…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2004-0694

Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a di…

CVSS: 6.8 CWE: CWE-119

2011-02-03

Critical

CVE-2010-4727

Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.

CVSS: 10.0 CWE: CWE-20

Medium

CVE-2011-0451

Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote…

CVSS: 4.3 CWE: CWE-79

2011-02-02

High

CVE-2011-0521

The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial o…

CVSS: 7.2 CWE: CWE-119

Medium

CVE-2010-3270

Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted…

CVSS: 6.8 CWE: CWE-119

Critical

CVE-2010-3269

Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execu…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-3044

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-3043

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-3042

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2010-3041

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2011-0754

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to con…

CVSS: 4.4 CWE: CWE-59

Medium

CVE-2011-0753

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a la…

CVSS: 4.3 CWE: CWE-362

Medium

CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent…

CVSS: 5.0 CWE: CWE-20

Critical

CVE-2011-0742

Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.

CVSS: 10.0 CWE: CWE-119

Medium

CVE-2011-0741

Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2011-0740

Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url para…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2011-0739

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell…

CVSS: 6.8 CWE: CWE-20

Medium

CVE-2011-0738

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote…

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2011-0017

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via…

CVSS: 6.9 CWE: CWE-20

Medium

CVE-2010-4652

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and po…

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2010-3930

Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE…

CVSS: 5.0 CWE: CWE-22

High

CVE-2010-3929

SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2010-3854

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79

High

CVE-2010-3719

Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified param…

CVSS: 8.5 CWE: CWE-94

2011-02-01

High

CVE-2010-4721

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89

High

CVE-2010-4720

SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the v…

CVSS: 7.5 CWE: CWE-89

High

CVE-2010-4719

Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller paramet…

CVSS: 7.5 CWE: CWE-22