Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-2483 | 5.0 |
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext passwo
|
23-04-2024 - 19:57 | 25-08-2011 - 14:22 | |
CVE-2010-1637 | 4.0 |
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
|
08-02-2024 - 19:56 | 22-06-2010 - 17:30 | |
CVE-2011-1167 | 6.8 |
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSamp
|
13-02-2023 - 01:19 | 28-03-2011 - 16:55 | |
CVE-2011-3389 | 4.3 |
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
|
29-11-2022 - 15:56 | 06-09-2011 - 19:55 | |
CVE-2011-3348 | 4.3 |
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP r
|
19-09-2022 - 19:49 | 20-09-2011 - 05:55 | |
CVE-2011-1783 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memor
|
05-10-2020 - 19:05 | 06-06-2011 - 19:55 | |
CVE-2011-1752 | 5.0 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as e
|
05-10-2020 - 19:04 | 06-06-2011 - 19:55 | |
CVE-2011-2192 | 4.3 |
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSS
|
27-05-2020 - 20:42 | 07-07-2011 - 21:55 | |
CVE-2011-3441 | 4.3 |
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
|
26-09-2019 - 17:05 | 11-11-2011 - 18:55 | |
CVE-2011-2204 | 1.9 |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive inf
|
25-03-2019 - 11:33 | 29-06-2011 - 17:55 | |
CVE-2011-2202 | 6.4 |
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwr
|
30-10-2018 - 16:26 | 16-06-2011 - 23:55 | |
CVE-2011-1148 | 7.5 |
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple
|
30-10-2018 - 16:26 | 18-03-2011 - 15:55 | |
CVE-2011-1657 | 5.0 |
The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRF
|
09-10-2018 - 19:31 | 25-08-2011 - 14:22 | |
CVE-2011-3453 | 7.5 |
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
|
06-01-2018 - 02:29 | 02-02-2012 - 18:55 | |
CVE-2011-3248 | 9.3 |
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3249 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3252 | 9.3 |
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3250 | 9.3 |
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-1921 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly reada
|
19-09-2017 - 01:32 | 06-06-2011 - 19:55 | |
CVE-2011-3422 | 4.3 |
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Ext
|
29-08-2017 - 01:30 | 12-09-2011 - 12:40 | |
CVE-2011-3256 | 4.3 |
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font,
|
29-08-2017 - 01:30 | 14-10-2011 - 10:55 | |
CVE-2011-3268 | 10.0 |
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
|
29-08-2017 - 01:30 | 25-08-2011 - 18:55 | |
CVE-2011-3267 | 5.0 |
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.
|
29-08-2017 - 01:30 | 25-08-2011 - 18:55 | |
CVE-2011-3189 | 4.3 |
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability tha
|
29-08-2017 - 01:30 | 25-08-2011 - 14:22 | |
CVE-2011-3246 | 5.0 |
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or
|
29-08-2017 - 01:30 | 14-10-2011 - 10:55 | |
CVE-2011-3182 | 5.0 |
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffe
|
29-08-2017 - 01:30 | 25-08-2011 - 14:22 | |
CVE-2011-2895 | 9.3 |
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x
|
29-08-2017 - 01:29 | 19-08-2011 - 17:55 | |
CVE-2011-1938 | 7.5 |
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
|
17-08-2017 - 01:34 | 31-05-2011 - 20:55 | |
CVE-2010-4555 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the Squirr
|
17-08-2017 - 01:33 | 14-07-2011 - 23:55 | |
CVE-2010-4554 | 4.3 |
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
17-08-2017 - 01:33 | 14-07-2011 - 23:55 | |
CVE-2010-2813 | 5.0 |
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames
|
17-08-2017 - 01:32 | 19-08-2010 - 18:00 | |
CVE-2011-3457 | 7.5 |
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicatio
|
22-09-2012 - 03:25 | 02-02-2012 - 18:55 | |
CVE-2011-3328 | 2.6 |
The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk
|
22-09-2012 - 03:25 | 17-01-2012 - 19:55 | |
CVE-2011-3458 | 6.8 |
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
|
18-05-2012 - 03:43 | 02-02-2012 - 18:55 | |
CVE-2011-3460 | 7.5 |
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
|
18-05-2012 - 03:43 | 02-02-2012 - 18:55 | |
CVE-2011-3459 | 6.8 |
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
|
18-05-2012 - 03:43 | 02-02-2012 - 18:55 | |
CVE-2011-0241 | 9.3 |
Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.
|
12-05-2012 - 03:34 | 21-07-2011 - 23:55 | |
CVE-2011-2023 | 4.3 |
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.
|
14-02-2012 - 04:06 | 14-07-2011 - 23:55 | |
CVE-2011-3444 | 4.3 |
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network
|
06-02-2012 - 05:00 | 02-02-2012 - 18:55 | |
CVE-2011-2937 | 4.3 |
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
|
04-02-2012 - 04:00 | 21-09-2011 - 16:55 | |
CVE-2011-0200 | 6.8 |
Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based b
|
04-02-2012 - 03:56 | 24-06-2011 - 20:55 | |
CVE-2011-3452 | 4.3 |
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
|
03-02-2012 - 16:16 | 02-02-2012 - 18:55 | |
CVE-2011-3450 | 6.8 |
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL. P
|
03-02-2012 - 05:00 | 02-02-2012 - 18:55 | |
CVE-2011-3448 | 6.8 |
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
|
03-02-2012 - 05:00 | 02-02-2012 - 18:55 | |
CVE-2011-3462 | 5.0 |
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a dif
|
03-02-2012 - 05:00 | 02-02-2012 - 18:55 | |
CVE-2011-3449 | 6.8 |
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
|
03-02-2012 - 05:00 | 02-02-2012 - 18:55 | |
CVE-2011-3463 | 7.2 |
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. Per: http://support.apple.com/kb/HT5130
'T
|
03-02-2012 - 05:00 | 02-02-2012 - 18:55 | |
CVE-2011-3447 | 4.3 |
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
|
03-02-2012 - 05:00 | 02-02-2012 - 18:55 |