| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
13901 |
CVE-2011-4873 |
|
|
DoS |
2012-01-19 |
2012-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840. |
|
13902 |
CVE-2011-4871 |
20 |
|
DoS |
2012-04-18 |
2012-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. |
|
13903 |
CVE-2011-4867 |
264 |
|
|
2012-01-24 |
2012-02-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. |
|
13904 |
CVE-2011-4865 |
264 |
|
|
2012-01-24 |
2012-02-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. |
|
13905 |
CVE-2011-4864 |
264 |
|
|
2012-01-24 |
2012-02-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application. |
|
13906 |
CVE-2011-4863 |
264 |
|
|
2012-01-24 |
2017-12-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application. |
|
13907 |
CVE-2011-4858 |
399 |
|
DoS |
2012-01-05 |
2018-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. |
|
13908 |
CVE-2011-4821 |
22 |
|
Dir. Trav. |
2014-06-20 |
2014-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. |
|
13909 |
CVE-2011-4813 |
22 |
1
|
Dir. Trav. |
2011-12-13 |
2013-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter. |
|
13910 |
CVE-2011-4810 |
22 |
1
|
Dir. Trav. |
2011-12-13 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. |
|
13911 |
CVE-2011-4807 |
22 |
1
|
Dir. Trav. |
2011-12-13 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. |
|
13912 |
CVE-2011-4804 |
22 |
|
Dir. Trav. |
2011-12-13 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
13913 |
CVE-2011-4773 |
264 |
|
|
2012-01-24 |
2017-12-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. |
|
13914 |
CVE-2011-4772 |
264 |
|
|
2012-01-24 |
2012-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. |
|
13915 |
CVE-2011-4771 |
264 |
|
|
2012-01-24 |
2012-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application. |
|
13916 |
CVE-2011-4770 |
264 |
|
|
2012-01-24 |
2012-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. |
|
13917 |
CVE-2011-4769 |
264 |
|
|
2012-01-24 |
2012-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. |
|
13918 |
CVE-2011-4767 |
200 |
|
+Info |
2011-12-16 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. |
|
13919 |
CVE-2011-4766 |
200 |
|
+Info |
2011-12-16 |
2011-12-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment. |
|
13920 |
CVE-2011-4760 |
200 |
|
+Info |
2011-12-16 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. |
|
13921 |
CVE-2011-4759 |
200 |
|
+Info |
2011-12-16 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for [email protected]/[email protected]/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. |
|
13922 |
CVE-2011-4758 |
310 |
|
+Info |
2011-12-16 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files. |
|
13923 |
CVE-2011-4756 |
200 |
|
+Info |
2011-12-16 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files. |
|
13924 |
CVE-2011-4751 |
200 |
|
+Info |
2011-12-16 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. |
|
13925 |
CVE-2011-4748 |
200 |
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. |
|
13926 |
CVE-2011-4747 |
310 |
|
|
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list. |
|
13927 |
CVE-2011-4746 |
310 |
|
|
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses. |
|
13928 |
CVE-2011-4742 |
200 |
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files. |
|
13929 |
CVE-2011-4741 |
200 |
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by [email protected]/[email protected]/hosting/aspdotnet/. |
|
13930 |
CVE-2011-4738 |
200 |
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files. |
|
13931 |
CVE-2011-4737 |
200 |
|
Bypass +Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in [email protected]/[email protected]/odbc/[email protected]/properties/. |
|
13932 |
CVE-2011-4736 |
310 |
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files. |
|
13933 |
CVE-2011-4731 |
200 |
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. |
|
13934 |
CVE-2011-4729 |
|
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files. |
|
13935 |
CVE-2011-4728 |
200 |
|
+Info |
2011-12-16 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files. |
|
13936 |
CVE-2011-4720 |
20 |
|
DoS |
2014-12-27 |
2014-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation. |
|
13937 |
CVE-2011-4717 |
22 |
|
Dir. Trav. |
2011-12-20 |
2011-12-20 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command. |
|
13938 |
CVE-2011-4716 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2013-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. |
|
13939 |
CVE-2011-4715 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm. |
|
13940 |
CVE-2011-4714 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL. |
|
13941 |
CVE-2011-4713 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2011-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php. |
|
13942 |
CVE-2011-4712 |
22 |
|
Dir. Trav. |
2011-12-08 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. |
|
13943 |
CVE-2011-4711 |
22 |
|
Dir. Trav. |
2011-12-08 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter. |
|
13944 |
CVE-2011-4705 |
264 |
|
|
2012-01-24 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack." |
|
13945 |
CVE-2011-4704 |
264 |
|
|
2012-01-24 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. |
|
13946 |
CVE-2011-4703 |
264 |
|
|
2012-01-24 |
2012-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. |
|
13947 |
CVE-2011-4702 |
264 |
|
|
2012-01-24 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. |
|
13948 |
CVE-2011-4701 |
264 |
|
|
2012-01-24 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application. |
|
13949 |
CVE-2011-4700 |
264 |
|
|
2012-01-24 |
2012-04-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. |
|
13950 |
CVE-2011-4692 |
264 |
|
|
2011-12-07 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. |
