LiveActive security incident?Get immediate response
CVE archive

December 2011

Browse CVE records published in December 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 358 matching CVEs · Page 1 of 8.

High · CVSS 8.8 · CISA KEV

CVE-2011-2462: Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows an...

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Published Dec 7, 2011 · Updated Nov 21, 2025

High · CVSS 8.8

CVE-2011-3406: Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightwe...

Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."

Published Dec 14, 2011 · Updated Jan 21, 2025

Unknown · CVSS Not scored

CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type durin...

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Published Dec 15, 2011 · Updated Oct 21, 2024

Unknown · CVSS Not scored

CVE-2011-4266: Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Troja...

Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.

Published Dec 13, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-4850: The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files.

Published Dec 16, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-4825: Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as...

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

Published Dec 15, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-4768: The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-...

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.

Published Dec 16, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-4553: Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirec...

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain.

Published Dec 6, 2011 · Updated Sep 16, 2024