Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
1.34%
Published
2011-01-31
Updated
2017-08-17
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
Max CVSS
9.3
EPSS Score
4.86%
Published
2011-01-31
Updated
2018-08-13
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.
Max CVSS
6.8
EPSS Score
28.49%
Published
2011-01-28
Updated
2017-08-17
Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value.
Max CVSS
7.5
EPSS Score
8.87%
Published
2011-01-28
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.
Max CVSS
6.8
EPSS Score
0.30%
Published
2011-01-28
Updated
2018-10-09
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2011-01-25
Updated
2017-08-17
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
Max CVSS
7.5
EPSS Score
0.05%
Published
2011-01-25
Updated
2017-08-17
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
Max CVSS
7.5
EPSS Score
0.24%
Published
2011-01-25
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action.
Max CVSS
6.8
EPSS Score
0.53%
Published
2011-01-25
Updated
2017-08-17
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-01-25
Updated
2022-06-03
Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-01-25
Updated
2011-04-28
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
Max CVSS
6.9
EPSS Score
0.06%
Published
2011-01-25
Updated
2017-09-19
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
Max CVSS
6.0
EPSS Score
2.62%
Published
2011-01-22
Updated
2018-10-09
The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
13.07%
Published
2011-01-28
Updated
2017-08-17
SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2011-01-20
Updated
2011-01-24

CVE-2011-0517

Public exploit
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
Max CVSS
9.3
EPSS Score
96.02%
Published
2011-01-20
Updated
2017-08-17
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2011-01-20
Updated
2017-08-17
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
Max CVSS
7.2
EPSS Score
0.05%
Published
2011-01-20
Updated
2011-01-21
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
Max CVSS
6.8
EPSS Score
0.09%
Published
2011-01-20
Updated
2017-08-17
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2011-01-20
Updated
2017-08-17
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-01-20
Updated
2017-08-17
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] parameter.
Max CVSS
6.8
EPSS Score
7.03%
Published
2011-01-20
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.55%
Published
2011-01-20
Updated
2018-10-09
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file.
Max CVSS
9.3
EPSS Score
1.89%
Published
2011-01-20
Updated
2011-01-21
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file.
Max CVSS
9.3
EPSS Score
1.44%
Published
2011-01-20
Updated
2011-01-24
212 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!