High · CVSS 8.8
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
Published May 13, 2011 · Updated Jun 23, 2026
High · CVSS 7.7
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
Published May 10, 2011 · Updated Oct 17, 2024
Unknown · CVSS Not scored
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
Published May 31, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Published May 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
Published May 3, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.
Published May 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.
Published May 31, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.
Published May 9, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data in unspecified fields in the TRKM chunk in an Audition Session (aka .ses) file, related to inconsistent use of character data types.
Published May 16, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger.
Published May 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.
Published May 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
Published May 3, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.
Published May 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Published May 7, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors.
Published May 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.
Published May 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.
Published May 5, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.
Published May 9, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.
Published May 4, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors.
Published May 5, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
Published May 7, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message.
Published May 10, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
Published May 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
Published May 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.
Published May 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element.
Published May 3, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors.
Published May 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.
Published May 9, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors.
Published May 5, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.
Published May 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors.
Published May 5, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
Published May 3, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.
Published May 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.
Published May 13, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
Published May 7, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
Published May 3, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location.
Published May 9, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.
Published May 7, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147.
Published May 31, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
Published May 3, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Published May 23, 2013 · Updated Sep 16, 2024
Unknown · CVSS Not scored
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue.
Published May 5, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.
Published May 13, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
Published May 5, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection.
Published May 3, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/.
Published May 16, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors.
Published May 16, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Published May 23, 2013 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.
Published May 5, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
Published May 20, 2011 · Updated Sep 16, 2024