Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address.
Max CVSS
6.8
EPSS Score
0.10%
Published
2011-02-28
Updated
2011-03-01
The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.
Max CVSS
5.0
EPSS Score
0.38%
Published
2011-02-25
Updated
2017-08-17
Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors.
Max CVSS
6.8
EPSS Score
2.03%
Published
2011-02-25
Updated
2017-08-17
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
Max CVSS
6.5
EPSS Score
0.06%
Published
2011-02-25
Updated
2017-08-17
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.
Max CVSS
5.0
EPSS Score
1.13%
Published
2011-02-23
Updated
2017-08-17
Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods.
Max CVSS
9.3
EPSS Score
7.43%
Published
2011-02-23
Updated
2017-08-17
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.
Max CVSS
6.8
EPSS Score
0.14%
Published
2011-02-23
Updated
2017-08-17
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.
Max CVSS
7.5
EPSS Score
0.40%
Published
2011-02-23
Updated
2018-10-09
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-02-23
Updated
2018-10-09
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
Max CVSS
6.2
EPSS Score
0.04%
Published
2011-02-21
Updated
2011-06-20
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
Max CVSS
7.5
EPSS Score
0.23%
Published
2011-02-21
Updated
2018-08-13
Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2011-02-21
Updated
2017-08-17
Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
Max CVSS
10.0
EPSS Score
0.31%
Published
2011-02-21
Updated
2017-08-17
Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
Max CVSS
10.0
EPSS Score
0.31%
Published
2011-02-21
Updated
2017-08-17
Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."
Max CVSS
10.0
EPSS Score
0.33%
Published
2011-02-21
Updated
2017-08-17
Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file.
Max CVSS
6.8
EPSS Score
0.95%
Published
2011-02-21
Updated
2011-02-22
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2011-02-21
Updated
2011-02-22
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
Max CVSS
7.5
EPSS Score
0.18%
Published
2011-02-21
Updated
2018-10-09
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.44%
Published
2011-02-21
Updated
2017-08-17
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors.
Max CVSS
6.8
EPSS Score
0.89%
Published
2011-02-21
Updated
2017-08-17
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
Max CVSS
8.8
EPSS Score
90.95%
Published
2011-02-25
Updated
2018-10-09
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
Max CVSS
7.5
EPSS Score
2.02%
Published
2011-02-19
Updated
2017-08-17
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.
Max CVSS
9.3
EPSS Score
94.22%
Published
2011-02-15
Updated
2018-10-09
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
Max CVSS
6.8
EPSS Score
0.29%
Published
2011-02-15
Updated
2011-03-01
logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.
Max CVSS
10.0
EPSS Score
5.15%
Published
2011-02-25
Updated
2023-02-13
304 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!