# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
18751 |
CVE-2011-4552 |
79 |
|
XSS |
2011-12-06 |
2011-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature. |
18752 |
CVE-2011-4551 |
79 |
|
XSS |
2012-09-30 |
2012-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. |
18753 |
CVE-2011-4547 |
79 |
|
XSS |
2011-11-28 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567. |
18754 |
CVE-2011-4544 |
79 |
|
XSS |
2011-12-01 |
2011-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php. |
18755 |
CVE-2011-4541 |
79 |
|
XSS |
2011-11-28 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action. |
18756 |
CVE-2011-4540 |
79 |
|
XSS |
2011-12-01 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php. |
18757 |
CVE-2011-4523 |
79 |
|
XSS |
2012-02-21 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
18758 |
CVE-2011-4522 |
79 |
|
XSS |
2012-02-21 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
18759 |
CVE-2011-4520 |
119 |
|
DoS Overflow |
2013-05-23 |
2013-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. |
18760 |
CVE-2011-4519 |
119 |
|
DoS Overflow |
2013-05-23 |
2013-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. |
18761 |
CVE-2011-4515 |
255 |
|
+Info |
2013-03-21 |
2013-05-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) [email protected] Server access. |
18762 |
CVE-2011-4511 |
79 |
|
XSS |
2012-02-03 |
2012-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. |
18763 |
CVE-2011-4510 |
79 |
|
XSS |
2012-02-03 |
2012-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. |
18764 |
CVE-2011-4465 |
79 |
|
XSS |
2011-11-18 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. |
18765 |
CVE-2011-4451 |
|
|
|
2012-09-05 |
2012-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter. |
18766 |
CVE-2011-4447 |
310 |
|
Bypass |
2012-08-06 |
2012-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion. |
18767 |
CVE-2011-4407 |
20 |
|
|
2014-05-13 |
2014-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. |
18768 |
CVE-2011-4368 |
79 |
|
XSS |
2011-12-14 |
2012-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
18769 |
CVE-2011-4353 |
119 |
|
DoS Overflow |
2012-08-20 |
2012-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. |
18770 |
CVE-2011-4349 |
89 |
|
Exec Code Sql |
2011-12-10 |
2011-12-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id. |
18771 |
CVE-2011-4347 |
264 |
|
DoS |
2013-06-08 |
2013-06-10 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. |
18772 |
CVE-2011-4341 |
79 |
1
|
Exec Code Sql XSS |
2012-02-12 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information. |
18773 |
CVE-2011-4335 |
79 |
|
XSS |
2011-11-28 |
2019-06-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action. |
18774 |
CVE-2011-4333 |
79 |
|
XSS |
2017-10-23 |
2017-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php. |
18775 |
CVE-2011-4332 |
79 |
|
XSS |
2011-11-23 |
2011-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
18776 |
CVE-2011-4329 |
79 |
|
XSS |
2011-11-28 |
2012-02-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. |
18777 |
CVE-2011-4325 |
|
|
DoS |
2012-01-27 |
2017-08-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP. |
18778 |
CVE-2011-4324 |
|
|
DoS |
2012-06-21 |
2012-06-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem. |
18779 |
CVE-2011-4320 |
399 |
|
DoS |
2012-02-17 |
2012-02-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute. |
18780 |
CVE-2011-4319 |
79 |
|
XSS |
2011-11-28 |
2019-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring. |
18781 |
CVE-2011-4317 |
20 |
|
|
2011-11-29 |
2018-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. |
18782 |
CVE-2011-4312 |
79 |
|
XSS |
2011-11-23 |
2013-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. |
18783 |
CVE-2011-4308 |
264 |
|
|
2012-07-11 |
2017-12-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. |
18784 |
CVE-2011-4307 |
79 |
|
XSS |
2012-07-11 |
2012-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
18785 |
CVE-2011-4306 |
79 |
|
XSS |
2012-07-11 |
2012-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data. |
18786 |
CVE-2011-4305 |
189 |
|
DoS |
2012-07-11 |
2012-07-16 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. |
18787 |
CVE-2011-4304 |
200 |
|
+Info |
2012-07-11 |
2012-07-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. |
18788 |
CVE-2011-4303 |
310 |
|
Bypass |
2012-07-11 |
2012-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. |
18789 |
CVE-2011-4299 |
79 |
|
XSS |
2012-07-11 |
2012-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. |
18790 |
CVE-2011-4292 |
89 |
|
DoS Sql |
2012-07-16 |
2012-07-16 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations. |
18791 |
CVE-2011-4291 |
|
|
DoS |
2012-07-16 |
2012-07-16 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations. |
18792 |
CVE-2011-4290 |
79 |
|
XSS |
2012-07-16 |
2012-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding. |
18793 |
CVE-2011-4289 |
264 |
|
+Info |
2012-07-16 |
2012-07-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. |
18794 |
CVE-2011-4288 |
264 |
|
|
2012-07-16 |
2012-07-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role. |
18795 |
CVE-2011-4286 |
79 |
|
XSS |
2012-07-16 |
2012-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. |
18796 |
CVE-2011-4282 |
79 |
|
XSS |
2012-07-16 |
2012-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter. |
18797 |
CVE-2011-4280 |
79 |
|
XSS |
2012-07-16 |
2012-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
18798 |
CVE-2011-4278 |
79 |
|
XSS |
2012-07-16 |
2012-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
18799 |
CVE-2011-4277 |
79 |
|
XSS |
2011-11-03 |
2011-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on a wiki page. |
18800 |
CVE-2011-4276 |
200 |
|
+Info |
2012-01-25 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. |