# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
66251 |
CVE-2011-4249 |
20 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
66252 |
CVE-2011-4248 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. |
66253 |
CVE-2011-4247 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. |
66254 |
CVE-2011-4246 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-24 |
2011-11-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
66255 |
CVE-2011-4245 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
66256 |
CVE-2011-4244 |
119 |
|
Exec Code Overflow |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
66257 |
CVE-2011-4237 |
94 |
|
Http R.Spl. |
2012-05-03 |
2012-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. |
66258 |
CVE-2011-4232 |
200 |
|
+Info |
2012-05-03 |
2012-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. |
66259 |
CVE-2011-4231 |
20 |
|
DoS |
2012-05-03 |
2012-05-11 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. |
66260 |
CVE-2011-4223 |
|
|
DoS Exec Code |
2011-11-01 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Investintech.com Absolute PDF Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. |
66261 |
CVE-2011-4222 |
|
|
DoS Exec Code |
2011-11-01 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document. |
66262 |
CVE-2011-4221 |
|
|
DoS Exec Code |
2011-11-01 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document. |
66263 |
CVE-2011-4220 |
264 |
|
DoS Exec Code |
2011-11-01 |
2012-03-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. |
66264 |
CVE-2011-4219 |
399 |
|
DoS Exec Code |
2011-11-01 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. |
66265 |
CVE-2011-4218 |
399 |
|
DoS Exec Code |
2011-11-01 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Investintech.com SlimPDF Reader does not prevent faulting-instruction data from affecting write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. |
66266 |
CVE-2011-4217 |
264 |
|
DoS Exec Code |
2011-11-01 |
2012-02-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. |
66267 |
CVE-2011-4216 |
264 |
|
DoS Exec Code |
2011-11-01 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. |
66268 |
CVE-2011-4215 |
89 |
|
Exec Code Sql |
2011-11-01 |
2011-11-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable. |
66269 |
CVE-2011-4214 |
287 |
|
Bypass +Info |
2011-11-01 |
2011-11-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie. |
66270 |
CVE-2011-4213 |
264 |
|
Exec Code Bypass |
2011-10-30 |
2019-04-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. |
66271 |
CVE-2011-4212 |
264 |
|
Exec Code Bypass |
2011-10-30 |
2017-08-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. |
66272 |
CVE-2011-4211 |
264 |
|
Exec Code Bypass |
2011-10-30 |
2017-08-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. |
66273 |
CVE-2011-4203 |
94 |
|
Http R.Spl. |
2011-12-22 |
2012-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. |
66274 |
CVE-2011-4202 |
264 |
|
+Priv |
2011-12-13 |
2011-12-13 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file. |
66275 |
CVE-2011-4201 |
94 |
|
Exec Code |
2011-12-13 |
2011-12-13 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action. |
66276 |
CVE-2011-4197 |
264 |
|
|
2012-01-03 |
2017-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. |
66277 |
CVE-2011-4195 |
|
|
Exec Code |
2014-04-16 |
2014-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name. |
66278 |
CVE-2011-4194 |
119 |
|
Exec Code Overflow |
2012-02-01 |
2012-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field. |
66279 |
CVE-2011-4193 |
79 |
|
XSS |
2014-04-16 |
2014-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning. |
66280 |
CVE-2011-4192 |
|
|
Exec Code |
2014-04-16 |
2014-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." |
66281 |
CVE-2011-4191 |
119 |
|
DoS Exec Code Overflow |
2011-11-29 |
2011-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. |
66282 |
CVE-2011-4189 |
94 |
|
DoS Exec Code Mem. Corr. |
2012-03-02 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. |
66283 |
CVE-2011-4188 |
119 |
|
DoS Overflow |
2012-04-09 |
2017-12-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. |
66284 |
CVE-2011-4187 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. |
66285 |
CVE-2011-4186 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. |
66286 |
CVE-2011-4185 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-21 |
2012-02-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. |
66287 |
CVE-2011-4183 |
434 |
|
|
2018-06-13 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. |
66288 |
CVE-2011-4182 |
20 |
|
Exec Code |
2018-06-12 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. |
66289 |
CVE-2011-4181 |
20 |
|
|
2018-06-11 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3. |
66290 |
CVE-2011-4173 |
352 |
|
CSRF |
2011-10-24 |
2011-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information. |
66291 |
CVE-2011-4172 |
79 |
|
XSS |
2011-10-24 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984. |
66292 |
CVE-2011-4171 |
79 |
|
XSS |
2011-10-24 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp. |
66293 |
CVE-2011-4170 |
79 |
|
XSS |
2011-10-23 |
2012-05-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. |
66294 |
CVE-2011-4169 |
|
|
DoS +Info |
2011-12-26 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. |
66295 |
CVE-2011-4168 |
22 |
|
Dir. Trav. |
2011-12-26 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. |
66296 |
CVE-2011-4167 |
119 |
|
Exec Code Overflow |
2011-12-26 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp. |
66297 |
CVE-2011-4166 |
22 |
|
Dir. Trav. |
2011-12-26 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. |
66298 |
CVE-2011-4165 |
|
|
Exec Code |
2011-12-29 |
2012-02-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263. |
66299 |
CVE-2011-4164 |
|
|
Exec Code |
2011-12-29 |
2012-02-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214. |
66300 |
CVE-2011-4163 |
|
|
Exec Code |
2011-12-29 |
2012-02-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213. |