CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2011-0290 264 DoS 2011-10-21 2017-08-16
6.5
None Remote Low Single system Partial Partial Partial
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
352 CVE-2011-0260 264 Bypass 2011-10-14 2012-01-13
4.6
None Local Low Not required Partial Partial Partial
The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.
353 CVE-2011-0259 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
354 CVE-2011-0231 200 +Info 2011-10-14 2012-01-13
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
355 CVE-2011-0230 119 DoS Exec Code Overflow 2011-10-14 2012-01-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
356 CVE-2011-0229 119 Exec Code Overflow 2011-10-14 2012-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
357 CVE-2011-0224 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-13
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
358 CVE-2011-0185 134 +Priv 2011-10-14 2012-01-13
4.4
None Local Medium Not required Partial Partial Partial
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
359 CVE-2010-4967 89 1 Exec Code Sql 2011-10-21 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.
360 CVE-2010-4966 79 XSS 2011-10-21 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.
361 CVE-2010-4965 255 2011-10-16 2012-05-14
9.0
None Remote Low Single system Complete Complete Complete
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.
362 CVE-2010-4964 94 Exec Code 2011-10-16 2012-05-14
9.0
None Remote Low Single system Complete Complete Complete
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
363 CVE-2010-4963 89 1 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
364 CVE-2010-4962 Exec Code 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.
365 CVE-2010-4961 89 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
366 CVE-2010-4960 79 XSS 2011-10-09 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
367 CVE-2010-4959 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
368 CVE-2010-4958 89 1 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
369 CVE-2010-4957 89 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
370 CVE-2010-4956 79 XSS 2011-10-09 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
371 CVE-2010-4955 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
372 CVE-2010-4954 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
373 CVE-2010-4953 Exec Code 2011-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
374 CVE-2010-4952 89 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
375 CVE-2010-4951 79 XSS 2011-10-09 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
376 CVE-2010-4950 89 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
377 CVE-2010-4949 79 XSS 2011-10-09 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.
378 CVE-2010-4948 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
379 CVE-2010-4947 79 1 XSS 2011-10-09 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
380 CVE-2010-4946 89 1 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
381 CVE-2010-4945 89 3 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
382 CVE-2010-4944 89 1 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
383 CVE-2010-4943 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
384 CVE-2010-4942 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter.
385 CVE-2010-4941 89 1 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
386 CVE-2010-4940 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
387 CVE-2010-4939 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
388 CVE-2010-4938 89 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
389 CVE-2010-4937 89 1 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
390 CVE-2010-4936 89 1 Exec Code Sql 2011-10-09 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
391 CVE-2010-4935 89 1 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter.
392 CVE-2010-4934 89 1 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
393 CVE-2010-4933 89 2 Exec Code Sql 2011-10-09 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
394 CVE-2010-4932 79 XSS 2011-10-09 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
395 CVE-2010-4931 22 1 Dir. Trav. 2011-10-09 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party.
396 CVE-2010-4930 79 XSS 2011-10-09 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.
397 CVE-2010-4929 89 1 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
398 CVE-2010-4928 79 2 XSS 2011-10-09 2012-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
399 CVE-2010-4927 89 2 Exec Code Sql 2011-10-09 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
400 CVE-2010-4926 89 2 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
Total number of vulnerabilities : 484   Page : 1 2 3 4 5 6 7 8 (This Page)9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.