Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-11-30
Updated
2011-12-01
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
Max CVSS
6.0
EPSS Score
0.18%
Published
2011-11-30
Updated
2011-12-01
Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate.
Max CVSS
4.3
EPSS Score
0.42%
Published
2011-11-29
Updated
2017-08-29
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-11-29
Updated
2017-08-29
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2011-11-29
Updated
2017-08-29
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-11-29
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.
Max CVSS
4.3
EPSS Score
0.14%
Published
2011-11-29
Updated
2011-11-30
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-11-29
Updated
2017-08-29
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
Max CVSS
6.4
EPSS Score
88.17%
Published
2011-11-29
Updated
2022-08-29
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.35%
Published
2011-11-28
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-11-28
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.14%
Published
2011-11-28
Updated
2011-11-29
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
Max CVSS
4.3
EPSS Score
0.41%
Published
2011-11-28
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.37%
Published
2011-11-28
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.
Max CVSS
3.5
EPSS Score
0.13%
Published
2011-11-28
Updated
2017-08-29
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2011-11-28
Updated
2018-10-09
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.11%
Published
2011-11-24
Updated
2017-09-19
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-11-29
Updated
2017-08-29

CVE-2011-4542

Public exploit
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
Max CVSS
7.5
EPSS Score
75.55%
Published
2011-11-30
Updated
2018-01-06
Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-11-29
Updated
2018-01-06
The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device.
Max CVSS
7.5
EPSS Score
0.24%
Published
2011-11-22
Updated
2011-11-22
The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Max CVSS
7.5
EPSS Score
0.34%
Published
2011-11-22
Updated
2012-03-08
The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Max CVSS
7.5
EPSS Score
0.34%
Published
2011-11-22
Updated
2012-03-08
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Max CVSS
7.5
EPSS Score
0.34%
Published
2011-11-22
Updated
2012-03-08
The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Max CVSS
7.5
EPSS Score
0.37%
Published
2011-11-22
Updated
2013-01-24
309 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!