LiveActive security incident?Get immediate response
CVE archive

September 2011

Browse CVE records published in September 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 418 matching CVEs · Page 4 of 9.

Unknown · CVSS Not scored

CVE-2011-5155: Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges...

Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5193: Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin...

Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.

Published Sep 23, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-3684: Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow...

Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp.

Published Sep 27, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5151: Untrusted search path vulnerability in ACDSee Picture Frame Manager 1.0 Build 81 allows local users to gain...

Untrusted search path vulnerability in ACDSee Picture Frame Manager 1.0 Build 81 allows local users to gain privileges via a Trojan horse ShellIntMgrPFMU.dll file in the current working directory, as demonstrated by a directory that contains a .jpg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 6, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4942: Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 a...

Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism.

Published Sep 9, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5184: Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attacker...

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156.

Published Sep 20, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-5182: Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0...

Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf.

Published Sep 20, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-5166: Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a...

Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.

Published Sep 15, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-5180: Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress...

Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party.

Published Sep 20, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-5174: Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel...

Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.

Published Sep 15, 2012 · Updated Aug 7, 2024