Total
3692 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4047 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2024-11-21 | 9.3 HIGH | N/A |
| The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. | |||||
| CVE-2011-4041 | 1 Broadwin | 1 Webaccess | 2024-11-21 | 10.0 HIGH | N/A |
| webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592. | |||||
| CVE-2011-3981 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2011-3832 | 1 Sitracker | 1 Support Incident Tracker | 2024-11-21 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action. | |||||
| CVE-2011-3828 | 1 Sunplus-tech | 1 Dvr Remote Activex Control | 2024-11-21 | 9.3 HIGH | N/A |
| DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server. | |||||
| CVE-2011-3655 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 9.3 HIGH | N/A |
| Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. | |||||
| CVE-2011-3504 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 9.3 HIGH | N/A |
| The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2011-3413 | 1 Microsoft | 4 Office, Office Compatibility Pack, Powerpoint and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability." | |||||
| CVE-2011-3412 | 1 Microsoft | 1 Publisher | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." | |||||
| CVE-2011-3411 | 1 Microsoft | 1 Publisher | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." | |||||
| CVE-2011-3403 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." | |||||
| CVE-2011-3401 | 1 Microsoft | 3 Windows 7, Windows Vista, Windows Xp | 2024-11-21 | 9.3 HIGH | N/A |
| ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." | |||||
| CVE-2011-3400 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." | |||||
| CVE-2011-3397 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-11-21 | 9.3 HIGH | N/A |
| The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." | |||||
| CVE-2011-3379 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | N/A |
| The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. | |||||
| CVE-2011-3378 | 1 Rpm | 1 Rpm | 2024-11-21 | 9.3 HIGH | N/A |
| RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. | |||||
| CVE-2011-3310 | 2 Cisco, Microsoft | 2 Ciscoworks Common Services, Windows | 2024-11-21 | 9.0 HIGH | N/A |
| The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. | |||||
| CVE-2011-3285 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2024-11-21 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101. | |||||
| CVE-2011-3261 | 1 Apple | 1 Iphone Os | 2024-11-21 | 6.8 MEDIUM | N/A |
| Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. | |||||
| CVE-2011-3260 | 1 Apple | 1 Iphone Os | 2024-11-21 | 6.8 MEDIUM | N/A |
| Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. | |||||