CVE List - 2011 / November
Showing 201 - 300 of 309 CVEs for November 2011 (Page 3 of 4)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2011-3380 | 2011-11-17 | Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute,... |
| CVE-2011-4073 | 2011-11-17 | Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related... |
| CVE-2011-4096 | 2011-11-17 | The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a... |
| CVE-2011-4107 | 2011-11-17 | The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing... |
| CVE-2011-4122 | 2011-11-17 | Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name... |
| CVE-2011-2770 | 2011-11-17 | Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages. |
| CVE-2011-3627 | 2011-11-17 | The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. |
| CVE-2011-3646 | 2011-11-17 | phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. |
| CVE-2011-3900 | 2011-11-17 | Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an... |
| CVE-2011-4457 | 2011-11-17 | OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. |
| CVE-2011-3849 | 2011-11-19 | Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a... |
| CVE-2011-4159 | 2011-11-19 | Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. |
| CVE-2011-4404 | 2011-11-19 | The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers... |
| CVE-2011-4465 | 2011-11-19 | Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. |
| CVE-2011-4311 | 2011-11-19 | ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors. |
| CVE-2011-4040 | 2011-11-21 | Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet. |
| CVE-2011-4496 | 2011-11-21 | Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file. |
| CVE-2011-4497 | 2011-11-21 | QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. |
| CVE-2011-4498 | 2011-11-21 | Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile... |
| CVE-2011-4499 | 2011-11-22 | The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with... |
| CVE-2011-4500 | 2011-11-22 | The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers... |
| CVE-2011-4501 | 2011-11-22 | The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with... |
| CVE-2011-4502 | 2011-11-22 | The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with... |
| CVE-2011-4503 | 2011-11-22 | The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to... |
| CVE-2011-4504 | 2011-11-22 | The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a... |
| CVE-2011-4505 | 2011-11-22 | The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request... |
| CVE-2011-4506 | 2011-11-22 | The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in... |
| CVE-2011-4507 | 2011-11-22 | The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows... |
| CVE-2010-5046 | 2011-11-23 | Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter. |
| CVE-2010-5047 | 2011-11-23 | SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-5048 | 2011-11-23 | Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter... |
| CVE-2010-5049 | 2011-11-23 | SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter. |
| CVE-2010-5050 | 2011-11-23 | Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this... |
| CVE-2010-5051 | 2011-11-23 | Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php. |
| CVE-2010-5052 | 2011-11-23 | Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter. |
| CVE-2010-5055 | 2011-11-23 | SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-5056 | 2011-11-23 | SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php. |
| CVE-2010-5057 | 2011-11-23 | SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter. |
| CVE-2010-5058 | 2011-11-23 | SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the... |
| CVE-2010-5060 | 2011-11-23 | SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-5061 | 2011-11-23 | SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter. |
| CVE-2010-5062 | 2011-11-23 | SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter. |
| CVE-2010-5053 | 2011-11-23 | SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php. |
| CVE-2010-5054 | 2011-11-23 | Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| CVE-2010-5059 | 2011-11-23 | SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action. |
| CVE-2011-4321 | 2011-11-23 | The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. |
| CVE-2011-4332 | 2011-11-23 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-4160 | 2011-11-24 | Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. |
| CVE-2011-4312 | 2011-11-24 | Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors... |
| CVE-2011-4548 | 2011-11-24 | Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
| CVE-2011-4244 | 2011-11-24 | Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2011-4245 | 2011-11-24 | The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified... |
| CVE-2011-4246 | 2011-11-24 | The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified... |
| CVE-2011-4247 | 2011-11-24 | RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. |
| CVE-2011-4248 | 2011-11-24 | RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. |
| CVE-2011-4249 | 2011-11-24 | Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2011-4250 | 2011-11-24 | Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2011-4251 | 2011-11-24 | RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file. |
| CVE-2011-4252 | 2011-11-24 | The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. |
| CVE-2011-4253 | 2011-11-24 | Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2011-4254 | 2011-11-24 | RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. |
| CVE-2011-4255 | 2011-11-24 | Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name. |
| CVE-2011-4256 | 2011-11-24 | The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown... |
| CVE-2011-4257 | 2011-11-24 | The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. |
| CVE-2011-4258 | 2011-11-24 | RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. |
| CVE-2011-4259 | 2011-11-24 | Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file. |
| CVE-2011-4260 | 2011-11-24 | RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. |
| CVE-2011-4261 | 2011-11-24 | RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file. |
| CVE-2011-4262 | 2011-11-24 | Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file. |
| CVE-2011-1378 | 2011-11-26 | IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to... |
| CVE-2011-3828 | 2011-11-26 | DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server. |
| CVE-2011-4275 | 2011-11-26 | Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name,... |
| CVE-2011-1372 | 2011-11-28 | The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. |
| CVE-2011-4319 | 2011-11-28 | Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x,... |
| CVE-2011-4329 | 2011-11-28 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or... |
| CVE-2011-4335 | 2011-11-28 | Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2)... |
| CVE-2011-4559 | 2011-11-28 | SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to... |
| CVE-2011-4560 | 2011-11-28 | Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to... |
| CVE-2011-4561 | 2011-11-28 | Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are... |
| CVE-2011-4562 | 2011-11-28 | Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2011-4564 | 2011-11-28 | Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action. |
| CVE-2011-4565 | 2011-11-28 | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or... |
| CVE-2011-4563 | 2011-11-28 | Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter... |
| CVE-2011-4541 | 2011-11-29 | Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action. |
| CVE-2011-4547 | 2011-11-29 | Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page... |
| CVE-2011-4566 | 2011-11-29 | Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or... |
| CVE-2011-4567 | 2011-11-29 | Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to... |
| CVE-2011-4569 | 2011-11-29 | SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter. |
| CVE-2011-4570 | 2011-11-29 | SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a... |
| CVE-2011-4571 | 2011-11-29 | SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. |
| CVE-2011-4572 | 2011-11-29 | Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2011-4568 | 2011-11-29 | Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. |
| CVE-2011-3150 | 2011-11-29 | Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack. |
| CVE-2011-3365 | 2011-11-29 | The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog,... |
| CVE-2011-4313 | 2011-11-29 | query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial... |
| CVE-2011-4405 | 2011-11-29 | The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which... |
| CVE-2011-3366 | 2011-11-29 | Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a... |
| CVE-2011-3367 | 2011-11-29 | Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN)... |
| CVE-2009-5028 | 2011-11-30 | Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty... |
| CVE-2011-3639 | 2011-11-30 | The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of... |