LiveActive security incident?Get immediate response
CVE archive

April 2011

Browse CVE records published in April 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 333 matching CVEs · Page 2 of 7.

Medium · CVSS 5.2

CVE-2011-3151: SELinux initscript misuse of touch

The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.

Published Apr 22, 2019 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1652: The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a c...

The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems

Published Apr 6, 2011 · Updated Sep 16, 2024

Medium · CVSS 4

CVE-2011-10006: GamerZ WP-PostRatings wp-postratings.php cross site scripting

A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.

Published Apr 8, 2024 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-5277: Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures)...

Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Apr 8, 2014 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4958: Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3...

Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.

Published Apr 8, 2014 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-5000: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authenti...

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

Published Apr 4, 2012 · Updated Aug 7, 2024