CVE-2011-5035

Public exploit
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Max CVSS
5.0
EPSS Score
2.52%
Published
2011-12-30
Updated
2018-01-06

CVE-2011-5034

Public exploit
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
Max CVSS
7.8
EPSS Score
1.19%
Published
2011-12-30
Updated
2021-07-30

CVE-2011-5010

Public exploit
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
Max CVSS
10.0
EPSS Score
87.17%
Published
2011-12-25
Updated
2012-02-17

CVE-2011-5007

Public exploit
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
Max CVSS
10.0
EPSS Score
70.74%
Published
2011-12-25
Updated
2013-05-21

CVE-2011-5003

Public exploit
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
Max CVSS
10.0
EPSS Score
88.94%
Published
2011-12-25
Updated
2017-08-29

CVE-2011-5001

Public exploit
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.
Max CVSS
10.0
EPSS Score
95.52%
Published
2011-12-25
Updated
2018-10-09

CVE-2011-4885

Public exploit
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
87.47%
Published
2011-12-30
Updated
2018-01-09

CVE-2011-4862

Public exploit
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Max CVSS
10.0
EPSS Score
97.19%
Published
2011-12-25
Updated
2021-02-09

CVE-2011-4828

Public exploit
Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.
Max CVSS
7.5
EPSS Score
94.21%
Published
2011-12-15
Updated
2011-12-15

CVE-2011-4825

Public exploit
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
Max CVSS
7.5
EPSS Score
96.91%
Published
2011-12-15
Updated
2011-12-15

CVE-2011-4542

Public exploit
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
Max CVSS
7.5
EPSS Score
75.55%
Published
2011-11-30
Updated
2018-01-06

CVE-2011-4453

Public exploit
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Max CVSS
7.5
EPSS Score
88.95%
Published
2011-12-22
Updated
2012-01-12

CVE-2011-4404

Public exploit
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
Max CVSS
5.0
EPSS Score
96.63%
Published
2011-11-19
Updated
2011-12-13

CVE-2011-4166

Public exploit
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
Max CVSS
7.5
EPSS Score
95.57%
Published
2011-12-27
Updated
2019-10-09

CVE-2011-4075

Public exploit
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
Max CVSS
7.5
EPSS Score
36.38%
Published
2011-11-02
Updated
2023-02-13

CVE-2011-4051

Public exploit
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
Max CVSS
10.0
EPSS Score
41.95%
Published
2011-12-05
Updated
2011-12-08

CVE-2011-4050

Public exploit
Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.
Max CVSS
5.0
EPSS Score
4.58%
Published
2011-12-27
Updated
2017-08-29

CVE-2011-4040

Public exploit
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
Max CVSS
10.0
EPSS Score
70.17%
Published
2011-11-21
Updated
2011-11-21

CVE-2011-3976

Public exploit
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
Max CVSS
6.8
EPSS Score
17.65%
Published
2011-10-04
Updated
2017-08-29

CVE-2011-3658

Public exploit
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
Max CVSS
7.5
EPSS Score
95.52%
Published
2011-12-21
Updated
2017-12-29

CVE-2011-3587

Public exploit
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
Max CVSS
9.3
EPSS Score
96.89%
Published
2011-10-10
Updated
2011-10-21

CVE-2011-3556

Public exploit
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
Max CVSS
7.5
EPSS Score
45.91%
Published
2011-10-19
Updated
2018-01-06

CVE-2011-3544

Known exploited
Public exploit
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Max CVSS
10.0
EPSS Score
97.22%
Published
2011-10-19
Updated
2018-01-06
CISA KEV Added
2022-03-03

CVE-2011-3497

Public exploit
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
Max CVSS
10.0
EPSS Score
22.12%
Published
2011-09-16
Updated
2012-02-14

CVE-2011-3494

Public exploit
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
61.88%
Published
2011-09-16
Updated
2012-06-20
115 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!