LiveActive security incident?Get immediate response
CVE archive

October 2011

Browse CVE records published in October 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 443 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2011-4106: TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which al...

TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.

Published Oct 26, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4909: Multiple cross-site scripting (XSS) vulnerabilities in Joomla!

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

Published Oct 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4170: Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium....

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.

Published Oct 23, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4173: Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remo...

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.

Published Oct 24, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-0333: Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Inter...

Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."

Published Oct 8, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-3318: Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Su...

Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause a denial of service (device reload) by sending crafted RTSP packets over TCP, aka Bug IDs CSCtj96312, CSCtj39462, and CSCtl80175.

Published Oct 27, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-2060: The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2...

The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523.

Published Oct 22, 2011 · Updated Sep 16, 2024

Medium · CVSS 6.5

CVE-2011-10004: reciply Plugin uploadImage.php unrestricted upload

A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability.

Published Oct 16, 2023 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5230: Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/applicati...

Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.

Published Oct 25, 2012 · Updated Aug 7, 2024