LiveActive security incident?Get immediate response
CVE archive

January 2011

Browse CVE records published in January 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 396 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2011-5071: Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote atta...

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

Published Jan 29, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-0640: The default configuration of udev on Linux does not warn the user before enabling additional Human Interfac...

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

Published Jan 25, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5066: The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Serv...

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.

Published Jan 15, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5305: Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to in...

Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter to cgi-bin/admin/artikeladmin.cgi, or (3) the suchbegriff parameter to cgi-bin/admin/shophilfe_suche.cgi.

Published Jan 1, 2015 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-0639: Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) func...

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

Published Jan 25, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5055: MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to...

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

Published Jan 8, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4899: wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that...

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments

Published Jan 30, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5285: Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbit...

Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php.

Published Jan 1, 2015 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5318: Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers...

Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.

Published Jan 1, 2015 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5292: The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict acces...

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

Published Jan 1, 2015 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4530: Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained fr...

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.

Published Jan 8, 2012 · Updated Sep 16, 2024