LiveActive security incident?Get immediate response
CVE archive

February 2011

Browse CVE records published in February 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 466 matching CVEs · Page 2 of 10.

Unknown · CVSS Not scored

CVE-2011-4510: Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007,...

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.

Published Feb 3, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4512: CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 bef...

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Published Feb 3, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-0732: Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli C...

Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs."

Published Feb 1, 2011 · Updated Sep 16, 2024

Medium · CVSS 5.5

CVE-2011-10002: weblabyrinth labyrinth.inc.php Labyrinth sql injection

A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifier of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability.

Published Feb 7, 2023 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4923: Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly ea...

Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.

Published Feb 18, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4937: Joomla!

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

Published Feb 4, 2020 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4930: Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions,...

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

Published Feb 10, 2014 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4912: Joomla!

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

Published Feb 4, 2020 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4879: miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V1...

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.

Published Feb 3, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4877: HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA port...

HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.

Published Feb 3, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4889: The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere App...

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.

Published Feb 8, 2018 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4878: Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005...

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.

Published Feb 3, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4875: Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, an...

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.

Published Feb 3, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4876: Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 20...

Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.

Published Feb 3, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4610: JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5....

JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."

Published Feb 10, 2014 · Updated Aug 7, 2024