CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-1105 79 XSS 2011-02-28 2011-03-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allow remote attackers to inject arbitrary web script or HTML via (1) a delivery address and possibly (2) a PIN.
2 CVE-2011-1104 352 CSRF 2011-02-28 2011-03-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address.
3 CVE-2011-1103 200 +Info 2011-02-25 2011-03-10
5.0
None Remote Low Not required Partial None None
The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.
4 CVE-2011-1102 79 XSS 2011-02-25 2011-03-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5 CVE-2011-1101 DoS 2011-02-25 2011-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors.
6 CVE-2011-1100 89 1 Exec Code Sql 2011-02-25 2011-04-21
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
7 CVE-2011-1068 20 +Info 2011-02-23 2011-04-21
2.6
None Remote High Not required Partial None None
Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps.
8 CVE-2011-1067 20 DoS 2011-02-23 2011-03-10
5.0
None Remote Low Not required None None Partial
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.
9 CVE-2011-1066 79 XSS 2011-02-22 2011-03-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors.
10 CVE-2011-1065 119 Exec Code Overflow 2011-02-22 2011-04-21
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods.
11 CVE-2011-1064 89 Exec Code Sql 2011-02-22 2011-04-21
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.
12 CVE-2011-1063 79 XSS 2011-02-22 2011-09-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php.
13 CVE-2011-1062 79 1 XSS 2011-02-22 2011-03-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
14 CVE-2011-1061 89 1 Exec Code Sql 2011-02-22 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.
15 CVE-2011-1060 89 Exec Code Sql 2011-02-22 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
16 CVE-2011-1059 399 DoS 2011-02-22 2012-01-26
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.
17 CVE-2011-1058 79 XSS 2011-02-22 2013-04-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
18 CVE-2011-1057 264 +Priv 2011-02-21 2011-06-20
6.2
None Local High Not required Complete Complete Complete
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
19 CVE-2011-1056 264 +Priv 2011-02-21 2011-06-20
6.2
None Local High Not required Complete Complete Complete
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
20 CVE-2011-1055 89 1 Exec Code Sql 2011-02-21 2011-02-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
21 CVE-2011-1054 2011-02-21 2011-03-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.
22 CVE-2011-1053 DoS 2011-02-21 2011-03-10
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file.
23 CVE-2011-1052 189 Overflow 2011-02-21 2011-03-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
24 CVE-2011-1051 189 Overflow 2011-02-21 2011-03-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
25 CVE-2011-1050 2011-02-21 2011-03-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."
26 CVE-2011-1049 119 DoS Exec Code Overflow 2011-02-21 2011-02-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file.
27 CVE-2011-1048 89 1 Exec Code Sql 2011-02-21 2011-02-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.
28 CVE-2011-1047 89 Exec Code Sql 2011-02-21 2011-09-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
29 CVE-2011-1046 264 2011-02-21 2011-02-22
5.0
None Remote Low Not required None Partial None
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.
30 CVE-2011-1045 +Priv 2011-02-21 2011-02-22
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors.
31 CVE-2011-1044 119 Overflow +Info 2011-02-18 2014-01-13
1.9
None Local Medium Not required Partial None None
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.
32 CVE-2011-1042 399 DoS 2011-02-18 2013-01-22
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to connection attempts.
33 CVE-2011-1038 79 XSS 2011-02-22 2011-09-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.
34 CVE-2011-1036 2011-02-25 2011-09-21
8.8
None Remote Medium Not required None Complete Complete
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
35 CVE-2011-1035 255 2011-02-18 2011-04-12
7.5
None Remote Low Not required Partial Partial Partial
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
36 CVE-2011-1034 79 XSS 2011-02-15 2011-02-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information.
37 CVE-2011-1033 119 Exec Code Overflow 2011-02-14 2011-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.
38 CVE-2011-1032 264 2011-02-14 2011-03-01
6.8
None Remote Medium Not required Partial Partial Partial
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
39 CVE-2011-1031 59 2011-02-14 2011-05-27
3.3
None Local Medium Not required None Partial Partial
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
40 CVE-2011-1030 79 XSS 2011-02-14 2011-02-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."
41 CVE-2011-1029 79 XSS 2011-02-14 2011-02-15
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report.
42 CVE-2011-1020 264 DoS +Info 2011-02-28 2012-03-19
2.1
None Local Low Not required Partial None None
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
43 CVE-2011-1018 20 Exec Code 2011-02-25 2014-02-11
10.0
None Remote Low Not required Complete Complete Complete
logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.
44 CVE-2011-1016 20 2011-02-28 2012-03-19
6.9
None Local Medium Not required Complete Complete Complete
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.
45 CVE-2011-1011 264 DoS +Priv 2011-02-24 2011-09-06
6.9
None Local Medium Not required Complete Complete Complete
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
46 CVE-2011-1008 264 +Info 2011-02-28 2011-03-10
4.0
None Remote Low Single system Partial None None
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
47 CVE-2011-1007 255 2011-02-28 2011-03-10
2.1
None Local Low Not required Partial None None
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
48 CVE-2011-1003 399 Exec Code 2011-02-23 2014-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.
49 CVE-2011-1002 399 DoS 2011-02-22 2014-02-11
5.0
None Remote Low Not required None None Partial
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
50 CVE-2011-1000 20 2011-02-18 2011-04-20
6.4
None Remote Low Not required Partial Partial None
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
Total number of vulnerabilities : 378   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.