IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Max CVSS
5.0
EPSS Score
0.14%
Published
2011-04-28
Updated
2017-08-17
The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-04-21
Updated
2011-04-21
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search.
Max CVSS
4.0
EPSS Score
0.12%
Published
2011-04-21
Updated
2011-04-21
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
Max CVSS
1.7
EPSS Score
0.06%
Published
2011-04-21
Updated
2017-08-17
Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.
Max CVSS
5.0
EPSS Score
0.46%
Published
2011-04-27
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
1.21%
Published
2011-04-19
Updated
2018-10-09
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.
Max CVSS
7.5
EPSS Score
0.43%
Published
2011-04-19
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.51%
Published
2011-04-19
Updated
2018-10-09
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.
Max CVSS
9.3
EPSS Score
19.23%
Published
2011-04-27
Updated
2021-04-09
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
Max CVSS
4.3
EPSS Score
0.40%
Published
2011-04-27
Updated
2021-04-12
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.
Max CVSS
2.1
EPSS Score
0.06%
Published
2011-04-18
Updated
2011-05-11
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.28%
Published
2011-04-18
Updated
2018-10-09
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
Max CVSS
5.0
EPSS Score
4.31%
Published
2011-04-18
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
Max CVSS
4.3
EPSS Score
0.74%
Published
2011-04-18
Updated
2017-08-17
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
Max CVSS
4.3
EPSS Score
0.73%
Published
2011-04-15
Updated
2021-07-23
The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Max CVSS
4.3
EPSS Score
0.49%
Published
2011-04-15
Updated
2017-09-19
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.
Max CVSS
5.0
EPSS Score
0.76%
Published
2011-04-15
Updated
2020-06-03
Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.75%
Published
2011-04-22
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.30%
Published
2011-04-22
Updated
2017-08-17
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
Max CVSS
4.3
EPSS Score
0.26%
Published
2011-04-22
Updated
2017-08-17
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.
Max CVSS
4.0
EPSS Score
0.20%
Published
2011-04-22
Updated
2017-08-17
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.
Max CVSS
6.5
EPSS Score
0.22%
Published
2011-04-22
Updated
2017-08-17
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Max CVSS
4.6
EPSS Score
0.43%
Published
2011-04-22
Updated
2017-08-17
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
Max CVSS
6.8
EPSS Score
0.81%
Published
2011-04-13
Updated
2011-04-21
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-04-13
Updated
2017-08-17
312 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!