Unknown · CVSS Not scored
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.
Published Nov 22, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Published Nov 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code.
Published Nov 12, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Published Nov 22, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
Published Nov 1, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
Published Nov 29, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.
Published Nov 9, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Published Nov 22, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
Published Nov 11, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
Published Nov 15, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
Published Nov 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Published Nov 22, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.
Published Nov 29, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.
Published Nov 15, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.
Published Nov 30, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Published Nov 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field.
Published Nov 30, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.
Published Nov 19, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
Published Nov 20, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.
Published Nov 21, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.
Published Nov 2, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
Published Nov 11, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
Published Nov 30, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Nov 9, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Published Nov 22, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
Published Nov 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.
Published Nov 18, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Pacemaker before 1.1.6 configure script creates temporary files insecurely
Published Nov 12, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
Published Nov 23, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.
Published Nov 18, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
Published Nov 19, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
cobbler: Web interface lacks CSRF protection when using Django framework
Published Nov 19, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.
Published Nov 13, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
Published Nov 19, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
tog-Pegasus has a package hash collision DoS vulnerability
Published Nov 19, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
Published Nov 25, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
Published Nov 19, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
mpack 1.6 has information disclosure via eavesdropping on mails sent by other users
Published Nov 19, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
Published Nov 6, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
Published Nov 6, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
Published Nov 6, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
Published Nov 6, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
Published Nov 6, 2019 · Updated Aug 7, 2024