Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
1.34%
Published
2011-01-31
Updated
2017-08-17
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
Max CVSS
4.3
EPSS Score
2.34%
Published
2011-01-31
Updated
2017-09-19
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
Max CVSS
5.0
EPSS Score
2.28%
Published
2011-01-31
Updated
2017-09-19
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
Max CVSS
2.1
EPSS Score
0.06%
Published
2011-01-31
Updated
2017-09-19
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.
Max CVSS
5.0
EPSS Score
0.47%
Published
2011-01-31
Updated
2017-09-19
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Max CVSS
4.3
EPSS Score
0.47%
Published
2011-01-31
Updated
2017-09-19
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
Max CVSS
9.3
EPSS Score
4.86%
Published
2011-01-31
Updated
2018-08-13
The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.
Max CVSS
4.3
EPSS Score
0.44%
Published
2011-01-31
Updated
2017-09-19
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
Max CVSS
5.0
EPSS Score
0.56%
Published
2011-01-31
Updated
2017-08-17
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."
Max CVSS
5.0
EPSS Score
0.54%
Published
2011-01-28
Updated
2017-08-17
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.
Max CVSS
6.8
EPSS Score
28.49%
Published
2011-01-28
Updated
2017-08-17
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-01-28
Updated
2017-08-17
Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value.
Max CVSS
7.5
EPSS Score
8.87%
Published
2011-01-28
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.
Max CVSS
6.8
EPSS Score
0.30%
Published
2011-01-28
Updated
2018-10-09
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2011-01-25
Updated
2017-08-17
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
Max CVSS
7.5
EPSS Score
0.05%
Published
2011-01-25
Updated
2017-08-17
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
Max CVSS
7.5
EPSS Score
0.24%
Published
2011-01-25
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action.
Max CVSS
6.8
EPSS Score
0.53%
Published
2011-01-25
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.42%
Published
2011-01-25
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.22%
Published
2011-01-25
Updated
2017-08-17
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-01-25
Updated
2022-06-03
Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-01-25
Updated
2011-04-28
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
Max CVSS
6.9
EPSS Score
0.06%
Published
2011-01-25
Updated
2017-09-19
The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.14%
Published
2011-01-25
Updated
2017-08-17
The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-01-22
Updated
2018-10-09
396 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!