Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4277 | 1 Courseforum | 1 Projectforum | 2011-11-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on a wiki page. | |||||
CVE-2011-2771 | 1 Mahara | 1 Mahara | 2011-11-14 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. | |||||
CVE-2011-2773 | 1 Mahara | 1 Mahara | 2011-11-14 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution. | |||||
CVE-2011-2774 | 1 Mahara | 1 Mahara | 2011-11-14 | 4.0 MEDIUM | N/A |
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. | |||||
CVE-2011-3440 | 1 Apple | 2 Ipad2, Iphone Os | 2011-11-14 | 1.2 LOW | N/A |
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | |||||
CVE-2011-4046 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2011-11-14 | 5.0 MEDIUM | N/A |
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code. | |||||
CVE-2011-4118 | 1 Mahara | 1 Mahara | 2011-11-14 | 6.0 MEDIUM | N/A |
Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target. | |||||
CVE-2011-4047 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2011-11-13 | 9.3 HIGH | N/A |
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. | |||||
CVE-2011-4436 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2011-11-13 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-4533 | 1 Plume-cms | 1 Plume Cms | 2011-11-09 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725. | |||||
CVE-2009-3418 | 1 Plume-cms | 1 Plume Cms | 2011-11-09 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-3985 | 1 Plume-cms | 1 Plume Cms | 2011-11-09 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-0733 | 1 Adobe | 1 Coldfusion | 2011-11-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. | |||||
CVE-2011-0734 | 1 Adobe | 1 Coldfusion | 2011-11-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier. | |||||
CVE-2011-0735 | 1 Adobe | 1 Coldfusion | 2011-11-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." | |||||
CVE-2011-0736 | 1 Adobe | 1 Coldfusion | 2011-11-07 | 4.3 MEDIUM | N/A |
** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. | |||||
CVE-2011-0737 | 1 Adobe | 1 Coldfusion | 2011-11-07 | 5.0 MEDIUM | N/A |
** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. | |||||
CVE-2011-2072 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2011-11-02 | 7.8 HIGH | N/A |
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. | |||||
CVE-2011-3860 | 2 Onedesigns, Wordpress | 2 Cover Wp, Wordpress | 2011-10-29 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
CVE-2011-4030 | 1 Plone | 2 Cmfeditions, Plone | 2011-10-29 | 9.3 HIGH | N/A |
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587. |