Unknown · CVSS Not scored
Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.
Published Feb 3, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463.
Published Feb 14, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463.
Published Feb 14, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.
Published Feb 12, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.
Published Feb 18, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
Published Feb 8, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
Published Feb 1, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials.
Published Feb 25, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.
Published Feb 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463.
Published Feb 14, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
Published Feb 5, 2020 · Updated Aug 7, 2024
Unknown · CVSS Not scored
include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group.
Published Feb 6, 2017 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
Published Feb 14, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
Published Feb 14, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
Published Feb 5, 2020 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
Published Feb 16, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
Published Feb 16, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
Published Feb 16, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
Published Feb 1, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
Published Feb 21, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information.
Published Feb 18, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Published Feb 10, 2014 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441.
Published Feb 18, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
Published Feb 16, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message.
Published Feb 16, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
Published Feb 16, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PmWiki before 2.2.21 has XSS.
Published Feb 5, 2020 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.
Published Feb 18, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
Published Feb 2, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.
Published Feb 7, 2020 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.
Published Feb 7, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.
Published Feb 17, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
Published Feb 17, 2011 · Updated Aug 7, 2024