Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-2770 | 1 Robert Luberda | 1 Man2html | 2011-11-20 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages. | |||||
CVE-2011-3646 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-11-20 | 5.0 MEDIUM | N/A |
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. | |||||
CVE-2011-4311 | 1 Montala | 1 Resourcespace | 2011-11-20 | 5.0 MEDIUM | N/A |
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors. | |||||
CVE-2011-4457 | 1 Owasp-java-html-sanitizer Project | 1 Owasp-java-html-sanitizer | 2011-11-17 | 2.6 LOW | N/A |
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. | |||||
CVE-2010-4997 | 1 Olykit | 1 Swoopo Clone 2010 | 2011-11-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action. | |||||
CVE-2010-5004 | 1 2daybiz | 1 Polls Script | 2011-11-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
CVE-2010-5005 | 1 Rayzz | 1 Photoz | 2011-11-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2010-5018 | 1 2daybiz | 1 Online Classified Script | 2011-11-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
CVE-2010-5019 | 1 2daybiz | 1 Online Classified Script | 2011-11-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | |||||
CVE-2010-5022 | 2 Harmistechnology, Joomla | 2 Com Jesubmit, Joomla\! | 2011-11-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | |||||
CVE-2011-1919 | 1 Ge | 1 Intelligent Platforms Proficy Historian | 2011-11-16 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. | |||||
CVE-2011-3320 | 1 Ge | 1 Intelligent Platforms Proficy Historian | 2011-11-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2011-4456 | 2011-11-16 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4313. Reason: This candidate is a reservation duplicate of CVE-2011-4313. Notes: All CVE users should reference CVE-2011-4313 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2010-5040 | 2 John Bradshaw, Nucleuscms | 2 Np Gallery Plugin, Nucleus | 2011-11-15 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-3986 | 1 Pligg | 1 Pligg Cms | 2011-11-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-3993 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2011-11-15 | 5.5 MEDIUM | N/A |
SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors. | |||||
CVE-2011-3994 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2011-11-15 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data. | |||||
CVE-2011-3997 | 1 Opengear | 7 Acm5000 Console Server, Cm4000 Console Server, Im4004-5 Console Server and 4 more | 2011-11-15 | 7.5 HIGH | N/A |
Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors. | |||||
CVE-2011-3998 | 1 Apple | 1 Webobjects | 2011-11-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-3999 | 1 Ibc.co.jp | 1 Iwate Portal Bar | 2011-11-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed. |