CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2011(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-5046 20 1 DoS Exec Code Mem. Corr. 2011-12-30 2013-07-19
9.3
None Remote Medium Not required Complete Complete Complete
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
2 CVE-2011-5044 264 1 Exec Code 2011-12-30 2012-01-02
7.2
None Local Low Not required Complete Complete Complete
SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.
3 CVE-2011-5039 89 1 Exec Code Sql 2011-12-30 2012-01-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
4 CVE-2011-5038 89 Exec Code Sql 2011-12-30 2012-01-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5 CVE-2011-5031 89 1 Exec Code Sql 2011-12-29 2011-12-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.
6 CVE-2011-5022 89 Exec Code Sql 2011-12-29 2011-12-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.
7 CVE-2011-5012 119 1 Exec Code Overflow 2011-12-24 2014-01-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
8 CVE-2011-5010 264 1 Exec Code 2011-12-24 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
9 CVE-2011-5008 189 Exec Code Overflow 2011-12-24 2012-02-16
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
10 CVE-2011-5007 119 1 Exec Code Overflow 2011-12-24 2013-05-20
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
11 CVE-2011-5006 119 1 Exec Code Overflow 2011-12-24 2012-02-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file.
12 CVE-2011-5005 1 Exec Code 2011-12-24 2011-12-27
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory.
13 CVE-2011-5004 Exec Code 2011-12-24 2012-02-16
6.0
None Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
14 CVE-2011-5003 119 1 Exec Code Overflow 2011-12-24 2013-09-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
15 CVE-2011-5002 119 1 Exec Code Overflow 2011-12-24 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Character elements.
16 CVE-2011-5001 119 Exec Code Overflow 2011-12-24 2011-12-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.
17 CVE-2011-4862 119 1 Exec Code Overflow 2011-12-24 2013-07-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
18 CVE-2011-4857 119 Exec Code Overflow 2011-12-16 2012-08-13
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
19 CVE-2011-4847 89 Exec Code Sql 2011-12-16 2012-02-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.
20 CVE-2011-4833 89 Exec Code Sql 2011-12-14 2012-02-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
21 CVE-2011-4829 89 1 Exec Code Sql 2011-12-14 2011-12-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
22 CVE-2011-4828 94 Exec Code 2011-12-14 2011-12-15
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.
23 CVE-2011-4826 89 Exec Code Sql 2011-12-14 2012-02-09
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information.
24 CVE-2011-4824 89 Exec Code Sql 2011-12-14 2012-10-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.
25 CVE-2011-4823 89 1 Exec Code Sql 2011-12-14 2012-02-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
26 CVE-2011-4811 89 1 Exec Code Sql 2011-12-13 2012-02-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
27 CVE-2011-4808 89 1 Exec Code Sql 2011-12-13 2012-02-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
28 CVE-2011-4803 89 1 Exec Code Sql 2011-12-13 2012-03-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
29 CVE-2011-4802 89 Exec Code Sql 2011-12-13 2012-03-05
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
30 CVE-2011-4801 89 1 Exec Code Sql 2011-12-13 2013-08-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
31 CVE-2011-4783 20 Exec Code 2011-12-27 2011-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.
32 CVE-2011-4763 89 Exec Code Sql 2011-12-16 2012-01-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.
33 CVE-2011-4753 89 Exec Code Sql 2011-12-16 2012-01-31
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.
34 CVE-2011-4734 89 Exec Code Sql 2011-12-16 2012-02-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files.
35 CVE-2011-4725 89 Exec Code Sql 2011-12-16 2012-02-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.
36 CVE-2011-4710 89 1 Exec Code Sql 2011-12-08 2012-01-03
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.
37 CVE-2011-4694 Exec Code 2011-12-07 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
38 CVE-2011-4693 Exec Code 2011-12-07 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
39 CVE-2011-4674 89 1 Exec Code Sql 2011-12-02 2011-12-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
40 CVE-2011-4673 89 1 Exec Code Sql 2011-12-02 2011-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
41 CVE-2011-4672 89 1 Exec Code Sql 2011-12-02 2011-12-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.
42 CVE-2011-4671 89 1 Exec Code Sql 2011-12-02 2011-12-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
43 CVE-2011-4669 89 Exec Code Sql 2011-12-02 2012-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
44 CVE-2011-4668 94 Exec Code 2011-12-02 2011-12-12
7.5
None Remote Low Not required Partial Partial Partial
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
45 CVE-2011-4646 94 Exec Code Sql 2011-11-30 2011-12-01
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
46 CVE-2011-4620 119 1 Exec Code Overflow 2011-12-30 2013-06-25
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.
47 CVE-2011-4571 89 1 Exec Code Sql 2011-11-29 2011-11-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
48 CVE-2011-4570 89 1 Exec Code Sql 2011-11-29 2011-11-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
49 CVE-2011-4569 89 1 Exec Code Sql 2011-11-29 2011-11-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.
50 CVE-2011-4559 89 Exec Code Sql 2011-11-28 2011-11-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
Total number of vulnerabilities : 1334   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.