Total
3693 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0635 | 1 Simploo | 1 Simploo Cms | 2024-11-21 | 6.0 MEDIUM | N/A |
| Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php. | |||||
| CVE-2011-0554 | 1 Symantec | 1 Im Manager | 2024-11-21 | 7.5 HIGH | N/A |
| The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." | |||||
| CVE-2011-0487 | 1 Icq | 1 Icq | 2024-11-21 | 9.3 HIGH | N/A |
| ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism. | |||||
| CVE-2011-0469 | 1 Suse | 1 Opensuse | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
| Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | |||||
| CVE-2011-0386 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2024-11-21 | 9.3 HIGH | N/A |
| The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739. | |||||
| CVE-2011-0364 | 1 Cisco | 1 Security Agent | 2024-11-21 | 10.0 HIGH | N/A |
| The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request. | |||||
| CVE-2011-0224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. | |||||
| CVE-2011-0093 | 1 Microsoft | 1 Visio | 2024-11-21 | 9.3 HIGH | N/A |
| ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." | |||||
| CVE-2011-0092 | 1 Microsoft | 1 Visio | 2024-11-21 | 9.3 HIGH | N/A |
| The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." | |||||
| CVE-2011-0084 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-11-21 | 10.0 HIGH | N/A |
| The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | |||||
| CVE-2011-0036 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. | |||||
| CVE-2011-0035 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. | |||||
| CVE-2011-0028 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-11-21 | 9.3 HIGH | N/A |
| WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." | |||||
| CVE-2010-5164 | 2 Kingsoft, Microsoft | 2 Personal Firewall 9, Windows Xp | 2024-11-21 | 6.2 MEDIUM | 5.3 MEDIUM |
| Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2010-5153 | 2 Avira, Microsoft | 2 Premium Security Suite, Windows Xp | 2024-11-21 | 6.2 MEDIUM | 5.3 MEDIUM |
| Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2010-5091 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 6.0 MEDIUM | N/A |
| The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file. | |||||
| CVE-2010-5040 | 2 John Bradshaw, Nucleuscms | 2 Np Gallery Plugin, Nucleus | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5038 | 1 Groonesworld | 1 Simple Contact Form | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2010-4998 | 1 Maulana Al Matien | 1 Ardeacore Php Framework | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4988 | 1 Familycms | 1 Family Connections Who Is Chatting | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPL[path] parameter. | |||||