Total
12817 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4553 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | N/A |
| Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain. | ||||
| CVE-2011-4554 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | N/A |
| One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue. | ||||
| CVE-2011-4575 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-4582 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | ||||
| CVE-2011-4603 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. | ||||
| CVE-2011-4612 | 1 Xiph | 1 Icecast | 2025-04-11 | N/A |
| icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. | ||||
| CVE-2011-4685 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com. | ||||
| CVE-2011-4755 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | N/A |
| Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files. | ||||
| CVE-2011-4784 | 1 Nvidia | 1 Stereoscopic 3d Driver | 2025-04-11 | N/A |
| The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application. | ||||
| CVE-2011-4871 | 1 Opcsystems | 1 Opcsystems.net | 2025-04-11 | N/A |
| Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. | ||||
| CVE-2011-4883 | 1 Atvise | 1 Webmi2ads | 2025-04-11 | N/A |
| The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request. | ||||
| CVE-2011-4890 | 1 Ibm | 1 Soliddb | 2025-04-11 | N/A |
| The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery. | ||||
| CVE-2011-4911 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | ||||
| CVE-2011-4914 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2025-04-11 | N/A |
| The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. | ||||
| CVE-2011-4957 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls. | ||||
| CVE-2011-4962 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized. | ||||
| CVE-2011-5055 | 1 Maradns | 1 Maradns | 2025-04-11 | N/A |
| MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024. | ||||
| CVE-2011-5079 | 2 Netcreators, Typo3 | 2 Irfaq, Typo3 | 2025-04-11 | N/A |
| Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter." | ||||
| CVE-2011-5086 | 1 Nsoftware | 1 Unitronics Uniopc | 2025-04-11 | N/A |
| https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site. | ||||
| CVE-2011-5136 | 1 Epractizelabs | 1 Subscription Manager | 2025-04-11 | N/A |
| showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter. | ||||