Total
3692 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4545 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. | |||||
| CVE-2011-4512 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2011-4458 | 1 Bestpractical | 1 Rt | 2024-11-21 | 6.8 MEDIUM | N/A |
| Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093. | |||||
| CVE-2011-4453 | 1 Pmwiki | 1 Pmwiki | 2024-11-21 | 7.5 HIGH | N/A |
| The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function. | |||||
| CVE-2011-4342 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter. | |||||
| CVE-2011-4337 | 1 Sitracker | 1 Support Incident Tracker | 2024-11-21 | 7.5 HIGH | N/A |
| Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable. | |||||
| CVE-2011-4260 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. | |||||
| CVE-2011-4258 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. | |||||
| CVE-2011-4257 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | |||||
| CVE-2011-4256 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 10.0 HIGH | N/A |
| The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-4254 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 10.0 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. | |||||
| CVE-2011-4252 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. | |||||
| CVE-2011-4251 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file. | |||||
| CVE-2011-4248 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. | |||||
| CVE-2011-4247 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. | |||||
| CVE-2011-4237 | 1 Cisco | 2 Ciscoworks Common Services, Prime Lan Management Solution | 2024-11-21 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. | |||||
| CVE-2011-4203 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | |||||
| CVE-2011-4201 | 1 Restorepoint | 1 Restorepoint | 2024-11-21 | 9.3 HIGH | N/A |
| remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action. | |||||
| CVE-2011-4189 | 1 Novell | 1 Groupwise | 2024-11-21 | 7.5 HIGH | N/A |
| The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. | |||||
| CVE-2011-4075 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2024-11-21 | 7.5 HIGH | N/A |
| The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011. | |||||