The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2011-3612 | Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. | MEDIUM | Jan 24, 2020 |
| CVE-2011-3611 | A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | HIGH | Jan 29, 2020 |
| CVE-2011-3610 | A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. | MEDIUM | Jan 23, 2020 |
| CVE-2011-3609 | A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the Access-Control-Allow-Origin HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker. | MEDIUM | Nov 26, 2019 |
| CVE-2011-3608 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0815. Reason: This candidate is a reservation duplicate of CVE-2012-0815. Notes: All CVE users should reference CVE-2012-0815 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2011-3606 | A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution. | LOW | Nov 26, 2019 |
| CVE-2011-3600 | The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. | MEDIUM | Nov 26, 2019 |
| CVE-2011-3596 | Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | MEDIUM | Nov 26, 2019 |
| CVE-2011-3595 | Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | LOW | Jan 24, 2020 |
| CVE-2011-3586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3504. Reason: This candidate is a duplicate of CVE-2011-3504. Notes: All CVE users should reference CVE-2011-3504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2011-3585 | Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. | LOW | Jan 10, 2020 |
| CVE-2011-3584 | The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | HIGH | Nov 26, 2019 |
| CVE-2011-3583 | It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | HIGH | Nov 26, 2019 |
| CVE-2011-3582 | A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. | MEDIUM | Jan 27, 2020 |
| CVE-2011-3572 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3567 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3540 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3505 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3480 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3477 | GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | MEDIUM | Feb 19, 2018 |
| CVE-2011-3476 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3475 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3474 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3473 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3472 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3471 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3470 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3469 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3468 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3467 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3466 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3465 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3461 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3456 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3455 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3454 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3451 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3445 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3438 | WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. | -- | Apr 24, 2017 |
| CVE-2011-3433 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2011-3428 | Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. | -- | Apr 24, 2017 |
| CVE-2011-3419 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3418 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3409 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3407 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3405 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
| CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a BEAST attack. | Medium | Feb 13, 2012 |
