Security Vulnerabilities, CVEs, Published In December 2011 (Bypass)

CVE-2011-4860

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.
Max CVSS
10.0
EPSS Score
0.31%
Published
2011-12-17
Updated
2011-12-19

CVE-2011-4677

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Max CVSS
7.5
EPSS Score
0.34%
Published
2011-12-06
Updated
2011-12-06

CVE-2011-4051

Public exploit
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
Max CVSS
10.0
EPSS Score
41.38%
Published
2011-12-05
Updated
2011-12-08

CVE-2011-3372

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Max CVSS
7.5
EPSS Score
1.37%
Published
2011-12-24
Updated
2011-12-26
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close