CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9601 CVE-2011-4215 89 Exec Code Sql 2011-11-01 2011-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
9602 CVE-2011-4213 264 Exec Code Bypass 2011-10-30 2017-08-28
7.2
None Local Low Not required Complete Complete Complete
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.
9603 CVE-2011-4212 264 Exec Code Bypass 2011-10-30 2017-08-28
7.2
None Local Low Not required Complete Complete Complete
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.
9604 CVE-2011-4211 264 Exec Code Bypass 2011-10-30 2017-08-28
7.2
None Local Low Not required Complete Complete Complete
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.
9605 CVE-2011-4202 264 +Priv 2011-12-13 2011-12-13
7.2
Admin Local Low Not required Complete Complete Complete
The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.
9606 CVE-2011-4197 264 2012-01-03 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.
9607 CVE-2011-4195 Exec Code 2014-04-16 2014-04-17
7.5
None Remote Low Not required Partial Partial Partial
kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.
9608 CVE-2011-4194 119 Exec Code Overflow 2012-02-01 2012-02-02
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field.
9609 CVE-2011-4192 Exec Code 2014-04-16 2014-04-17
7.5
None Remote Low Not required Partial Partial Partial
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."
9610 CVE-2011-4191 119 DoS Exec Code Overflow 2011-11-29 2011-11-30
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
9611 CVE-2011-4189 94 DoS Exec Code Mem. Corr. 2012-03-02 2018-01-10
7.5
None Remote Low Not required Partial Partial Partial
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.
9612 CVE-2011-4183 434 2018-06-13 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.
9613 CVE-2011-4169 DoS +Info 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
9614 CVE-2011-4168 22 Dir. Trav. 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
9615 CVE-2011-4167 119 Exec Code Overflow 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.
9616 CVE-2011-4166 22 Dir. Trav. 2011-12-26 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
9617 CVE-2011-4162 119 DoS Exec Code Overflow Mem. Corr. 2011-12-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.
9618 CVE-2011-4151 20 DoS 2011-10-20 2017-08-28
7.8
None Remote Low Not required None None Complete
The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.
9619 CVE-2011-4113 89 Exec Code Sql 2012-02-17 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
9620 CVE-2011-4104 20 Exec Code 2014-10-26 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
9621 CVE-2011-4103 20 Exec Code 2014-10-26 2014-12-18
7.5
None Remote Low Not required Partial Partial Partial
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
9622 CVE-2011-4075 94 1 Exec Code 2011-11-02 2011-11-17
7.5
None Remote Low Not required Partial Partial Partial
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
9623 CVE-2011-4069 90 Bypass 2018-02-01 2018-02-21
7.5
None Remote Low Not required Partial Partial Partial
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
9624 CVE-2011-4068 287 Bypass 2018-02-01 2018-02-21
7.5
None Remote Low Not required Partial Partial Partial
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
9625 CVE-2011-4066 89 1 Exec Code Sql 2011-11-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
9626 CVE-2011-4062 119 1 DoS Overflow +Priv 2011-10-17 2011-12-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
9627 CVE-2011-4026 89 1 Exec Code Sql 2011-10-21 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
9628 CVE-2011-4023 399 DoS 2012-05-03 2018-10-30
7.8
None Remote Low Not required None None Complete
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
9629 CVE-2011-4006 20 DoS 2012-05-02 2012-10-29
7.8
None Remote Low Not required None None Complete
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
9630 CVE-2011-4002 78 Exec Code 2011-11-29 2011-12-14
7.5
None Remote Low Not required Partial Partial Partial
HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
9631 CVE-2011-4001 22 Dir. Trav. 2011-12-01 2011-12-14
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors.
9632 CVE-2011-3997 287 Bypass 2011-11-09 2011-11-16
7.5
None Remote Low Not required Partial Partial Partial
Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.
9633 CVE-2011-3989 89 Exec Code Sql 2011-11-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
9634 CVE-2011-3988 89 Exec Code Sql 2011-10-21 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
9635 CVE-2011-3981 94 1 Exec Code File Inclusion 2011-10-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
9636 CVE-2011-3980 2011-10-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors.
9637 CVE-2011-3977 2011-10-04 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x before 3.5.0-4 and NX Server 3.x before 3.5.0-5 allows local users to read arbitrary files via unknown vectors.
9638 CVE-2011-3969 399 DoS 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
9639 CVE-2011-3968 399 DoS 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.
9640 CVE-2011-3966 399 DoS 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.
9641 CVE-2011-3959 119 DoS Overflow 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
9642 CVE-2011-3957 399 DoS 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
9643 CVE-2011-3955 DoS 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.
9644 CVE-2011-3953 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
9645 CVE-2011-3941 119 Overflow 2013-12-09 2014-01-03
7.5
None Remote Low Not required Partial Partial Partial
The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.
9646 CVE-2011-3928 399 DoS 2012-01-23 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
9647 CVE-2011-3927 19 DoS 2012-01-23 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
9648 CVE-2011-3926 119 DoS Overflow 2012-01-23 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
9649 CVE-2011-3925 399 DoS Mem. Corr. 2012-01-23 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page.
9650 CVE-2011-3924 399 DoS 2012-01-23 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
Total number of vulnerabilities : 24903   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 (This Page)194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.