Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 250662 entries
IDDescriptionPriorityModified date
CVE-2011-4810 Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. Medium Dec 14, 2011
CVE-2011-4809 Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. Medium Dec 14, 2011
CVE-2011-4808 SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. High Dec 14, 2011
CVE-2011-4807 Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. Medium Dec 14, 2011
CVE-2011-4806 Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters. Medium Dec 14, 2011
CVE-2011-4805 Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter. Medium Dec 14, 2011
CVE-2011-4804 Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Medium Dec 14, 2011
CVE-2011-4803 SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. High Dec 14, 2011
CVE-2011-4802 Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. Medium Dec 14, 2011
CVE-2011-4801 SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. High Dec 14, 2011
CVE-2011-4800 Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a ..:/ (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. High Dec 14, 2011
CVE-2011-4799 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4798 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4797 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4796 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4795 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4794 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4793 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4792 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023
CVE-2011-4791 DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field. High Feb 7, 2012
CVE-2011-4790 Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors. High Feb 2, 2012
CVE-2011-4789 Stack-based buffer overflow in magentservice.exe in the server in HP Diagnostics allows remote attackers to execute arbitrary code via a crafted size value in a packet. High Jan 23, 2012
CVE-2011-4788 Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI. High Jan 13, 2012
CVE-2011-4787 A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786. High Jan 13, 2012
CVE-2011-4786 A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.http://www.zerodayinitiative.com/advisories/ZDI-12-013/ The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser. High Jan 13, 2012
CVE-2011-4785 Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419. High Jan 17, 2012
CVE-2011-4784 The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application. High Dec 27, 2011
CVE-2011-4783 The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory. High Dec 27, 2011
CVE-2011-4782 Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Medium Dec 23, 2011
CVE-2011-4780 Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. Medium Dec 23, 2011
CVE-2011-4779 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4642. Reason: This candidate is a reservation duplicate of CVE-2011-4642. Notes: All CVE users should reference CVE-2011-4642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 20, 2011
CVE-2011-4778 Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614. Medium Jan 3, 2012
CVE-2011-4777 Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html. Medium Dec 16, 2011
CVE-2011-4776 Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/update/settings/ and certain other files. Medium Dec 16, 2011
CVE-2011-4773 The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. Medium Jan 25, 2012
CVE-2011-4772 The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. Medium Jan 25, 2012
CVE-2011-4771 The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application. Medium Jan 25, 2012
CVE-2011-4770 The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. Medium Jan 25, 2012
CVE-2011-4769 The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.1.0 and 2.2.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. Medium Jan 25, 2012
CVE-2011-4768 The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header\'s charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. High Dec 16, 2011
CVE-2011-4767 The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. Medium Dec 16, 2011
CVE-2011-4766 ** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment. Medium Dec 16, 2011
CVE-2011-4765 The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files. Medium Dec 16, 2011
CVE-2011-4764 Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. Medium Dec 16, 2011
CVE-2011-4763 Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. High Dec 18, 2011
CVE-2011-4762 Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. High Dec 16, 2011
CVE-2011-4761 Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header\'s charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. High Dec 18, 2011
CVE-2011-4760 Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. Medium Dec 16, 2011
CVE-2011-4759 Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a cross-domain Referer leakage issue. Medium Dec 16, 2011
CVE-2011-4758 Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files. Medium Dec 16, 2011
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online