Export limit exceeded: 25158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0738 | 2 Globus, Ncsa | 2 Globus Toolkit, Myproxy | 2025-04-11 | N/A |
| MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation. | ||||
| CVE-2011-0739 | 1 Mikel Lindsaar | 1 Mail | 2025-04-11 | N/A |
| The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. | ||||
| CVE-2011-0745 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-11 | N/A |
| SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | ||||
| CVE-2011-0752 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. | ||||
| CVE-2011-0764 | 4 Foolabs, Glyphandcog, Redhat and 1 more | 4 Xpdf, Xpdfreader, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. | ||||
| CVE-2011-0771 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2025-04-11 | N/A |
| The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | ||||
| CVE-2011-0774 | 1 Pivotx | 1 Pivotx | 2025-04-11 | N/A |
| PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message. | ||||
| CVE-2011-0775 | 1 Pivotx | 1 Pivotx | 2025-04-11 | N/A |
| pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2011-0776 | 2 Apple, Google | 2 Macos, Chrome | 2025-04-11 | N/A |
| The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call. | ||||
| CVE-2011-0779 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | N/A |
| Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. | ||||
| CVE-2011-0781 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors. | ||||
| CVE-2011-0890 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2025-04-11 | N/A |
| HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. | ||||
| CVE-2011-0908 | 1 Vanillaforums | 1 Vanilla | 2025-04-11 | N/A |
| Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526. | ||||
| CVE-2011-0912 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | N/A |
| Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2. | ||||
| CVE-2011-0921 | 1 Hp | 1 Data Protector | 2025-04-11 | N/A |
| crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username. | ||||
| CVE-2011-0922 | 1 Hp | 1 Data Protector | 2025-04-11 | N/A |
| The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname. | ||||
| CVE-2011-0923 | 1 Hp | 1 Data Protector | 2025-04-11 | N/A |
| The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory." | ||||
| CVE-2011-0924 | 1 Hp | 1 Data Protector | 2025-04-11 | N/A |
| The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh. | ||||
| CVE-2011-0925 | 1 Cisco | 1 Secure Desktop | 2025-04-11 | N/A |
| The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926. | ||||
| CVE-2011-0926 | 1 Cisco | 1 Secure Desktop | 2025-04-11 | N/A |
| A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589. | ||||