Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
Max CVSS
6.8
EPSS Score
3.12%
Published
2011-02-04
Updated
2017-10-11
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.
Max CVSS
4.3
EPSS Score
0.07%
Published
2011-02-15
Updated
2011-02-15
Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2011-02-03
Updated
2011-02-15
Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.
Max CVSS
7.5
EPSS Score
0.31%
Published
2011-02-03
Updated
2011-02-15
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
Max CVSS
7.5
EPSS Score
0.18%
Published
2011-02-03
Updated
2011-02-15
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188.
Max CVSS
9.3
EPSS Score
3.46%
Published
2011-02-10
Updated
2017-08-17
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188.
Max CVSS
9.3
EPSS Score
3.46%
Published
2011-02-10
Updated
2017-08-17
Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
3.64%
Published
2011-02-10
Updated
2017-08-17
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-02-16
Updated
2018-10-10
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044.
Max CVSS
9.3
EPSS Score
3.37%
Published
2011-02-02
Updated
2017-08-17
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.
Max CVSS
9.3
EPSS Score
2.66%
Published
2011-02-02
Updated
2017-08-17
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.
Max CVSS
9.3
EPSS Score
2.83%
Published
2011-02-02
Updated
2017-08-17
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.
Max CVSS
9.3
EPSS Score
3.17%
Published
2011-02-02
Updated
2017-08-17
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.
Max CVSS
9.3
EPSS Score
28.25%
Published
2011-02-02
Updated
2018-10-10
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.
Max CVSS
6.8
EPSS Score
1.73%
Published
2011-02-02
Updated
2018-10-10
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
Max CVSS
4.3
EPSS Score
3.61%
Published
2011-02-17
Updated
2018-10-10
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
Max CVSS
5.0
EPSS Score
1.05%
Published
2011-02-17
Updated
2018-10-10
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
Max CVSS
4.3
EPSS Score
87.13%
Published
2011-02-17
Updated
2018-10-10
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.
Max CVSS
7.5
EPSS Score
3.17%
Published
2011-02-18
Updated
2020-08-14
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Max CVSS
1.2
EPSS Score
0.24%
Published
2011-02-10
Updated
2023-02-13
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.
Max CVSS
8.5
EPSS Score
1.90%
Published
2011-02-02
Updated
2018-10-10
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.41%
Published
2011-02-02
Updated
2023-02-13
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
Max CVSS
7.5
EPSS Score
0.23%
Published
2011-02-02
Updated
2017-08-17
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.
Max CVSS
5.0
EPSS Score
0.34%
Published
2011-02-02
Updated
2011-02-12
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Max CVSS
6.5
EPSS Score
1.88%
Published
2011-02-02
Updated
2017-08-17
377 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!