LiveActive security incident?Get immediate response
CVE archive

September 2011

Browse CVE records published in September 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 418 matching CVEs · Page 3 of 9.

Unknown · CVSS Not scored

CVE-2011-4449: actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads...

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

Published Sep 5, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5154: Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 thr...

Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-3747: Joomla!

Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.

Published Sep 23, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-3805: TaskFreak!

TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files.

Published Sep 24, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5158: Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in...

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5152: Multiple untrusted search path vulnerabilities in ACDSee Photo Editor 2008 5.x build 291 allow local users...

Multiple untrusted search path vulnerabilities in ACDSee Photo Editor 2008 5.x build 291 allow local users to gain privileges via a Trojan horse (1) Wintab32.dll or (2) CV11-DialogEditor.dll file in the current working directory, as demonstrated by a directory that contains a .apd file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 6, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-3686: Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.1...

Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter.

Published Sep 27, 2011 · Updated Sep 16, 2024