Search Results (362636 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-5212 1 Intelliants 1 Subrion Cms 2025-04-11 N/A
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.
CVE-2011-5216 2 Troyef, Wordpress 2 Scorm Cloud, Wordpress 2025-04-11 N/A
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-5217 1 Hitachi 2 Jp1\/serverconductor\/deploymentmanager, Serverconductor\/deploymentmanager 2025-04-11 N/A
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.
CVE-2011-5222 1 Scripte24shop 1 Php Flirt-projekt 2025-04-11 N/A
SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.
CVE-2011-5223 1 Cacti 1 Cacti 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-5227 1 Enterasys 1 Netsight 2025-04-11 N/A
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
CVE-2011-5228 1 Apprain 1 Apprain 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
CVE-2011-5229 1 Apprain 1 Apprain 2025-04-11 N/A
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
CVE-2013-5812 3 Oracle, Redhat, Sun 7 Jdk, Jre, Network Satellite and 4 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
CVE-2011-5230 1 Seotoaster 1 Seotoaster 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
CVE-2011-5237 1 Paypal 1 Wps Toolkit 2025-04-11 N/A
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5238 1 Google 1 Checkout-php 2025-04-11 N/A
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5242 1 Themattharris 1 Tmhoauth 2025-04-11 N/A
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5243 1 Abraham Williams 1 Twitteroauth 2025-04-11 N/A
TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-5819 3 Oracle, Redhat, Sun 7 Jdk, Jre, Network Satellite and 4 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831.
CVE-2011-5244 3 Gnome, T1lib, Tetex 3 Evince, T1lib, Tetex 2025-04-11 N/A
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
CVE-2011-5255 1 X3cms 1 X3 Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter.
CVE-2013-5827 1 Oracle 3 Enterprise Manager Database Control, Enterprise Manager Grid Control, Enterprise Manager Plugin For Database Control 2025-04-11 N/A
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management.
CVE-2011-5256 1 Limesurvey 1 Limesurvey 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.
CVE-2011-5257 2 Appthemes, Wordpress 2 Classipress, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.