Total 18196 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-4943 1 Impresspages 1 Impresspages Cms 2024-11-21 9.8 Critical
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)
CVE-2011-4908 1 Tiny 1 Tinybrowser 2024-11-21 9.8 Critical
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
CVE-2011-4906 1 Tiny 1 Tinybrowser 2024-11-21 9.8 Critical
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
CVE-2011-4628 1 Typo3 1 Typo3 2024-11-21 9.8 Critical
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
CVE-2011-4574 1 Polarssl 1 Polarssl 2024-11-21 9.8 Critical
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
CVE-2011-4373 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Reader, Macos and 2 more 2024-11-21 9.8 Critical
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
CVE-2011-4372 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Reader, Macos and 2 more 2024-11-21 9.8 Critical
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.
CVE-2011-4125 1 Calibre-ebook 1 Calibre 2024-11-21 9.8 Critical
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
CVE-2011-4124 1 Calibre-ebook 1 Calibre 2024-11-21 9.8 Critical
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
CVE-2011-4121 1 Ruby-lang 1 Ruby 2024-11-21 9.8 Critical
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
CVE-2011-4120 3 Debian, Linux, Yubico 3 Debian Linux, Linux Kernel, Pam Module 2024-11-21 9.8 Critical
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.
CVE-2011-4119 1 Inria 1 Caml-light 2024-11-21 9.8 Critical
caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.
CVE-2011-4094 1 Jara Project 1 Jara 2024-11-21 9.8 Critical
Jara 1.6 has a SQL injection vulnerability.
CVE-2011-3923 2 Apache, Redhat 2 Struts, Jboss Enterprise Web Server 2024-11-21 9.8 Critical
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVE-2011-3642 1 Flowplayer 1 Flowplayer Flash 2024-11-21 9.6 Critical
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
CVE-2011-3621 1 Fluxbb 1 Fluxbb 2024-11-21 9.8 Critical
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.
CVE-2011-3614 1 Vanillaforums 1 Vanilla 2024-11-21 9.8 Critical
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
CVE-2011-3584 1 Guidestar 1 Wec Discussion Forum 2024-11-21 9.8 Critical
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
CVE-2011-3583 1 Typo3 1 Typo3 2024-11-21 9.8 Critical
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
CVE-2011-3544 4 Canonical, Oracle, Redhat and 1 more 9 Ubuntu Linux, Jdk, Jre and 6 more 2024-11-21 9.8 Critical
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.