CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6742 399 DoS 2011-04-21 2011-04-21
6.8
None Remote Low ??? None None Complete
The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to cause a denial of service (infinite loop) via a malformed search filter.
2 CVE-2007-6743 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that trigger recursive filter_free calls.
3 CVE-2008-7287 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cause a denial of service (memory consumption) by making many function calls.
4 CVE-2008-7288 399 DoS 2011-04-21 2011-04-21
5.0
None Remote Low Not required None None Partial
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation.
5 CVE-2008-7289 20 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service (DB2 daemon deadlock) by making password changes that trigger updates to a DB2 password-history table.
6 CVE-2008-7290 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consumption) by making many function calls.
7 CVE-2009-0788 200 +Info 2011-04-18 2017-08-17
6.4
None Remote Low Not required Partial Partial None
Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.
8 CVE-2009-5065 79 XSS 2011-04-11 2011-08-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.
9 CVE-2009-5071 2011-04-19 2011-04-27
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."
10 CVE-2009-5072 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memory consumption) via an empty string argument.
11 CVE-2009-5073 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested group that contains the Distinguished Name (DN) of its parent entry.
12 CVE-2010-1171 264 DoS 2011-04-18 2017-08-17
5.5
None Remote Low ??? Partial None Partial
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.
13 CVE-2010-2787 200 Bypass +Info 2011-04-27 2011-09-07
4.3
None Remote Medium Not required Partial None None
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
14 CVE-2010-2788 79 XSS 2011-04-27 2011-09-07
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
15 CVE-2010-2789 94 Exec Code File Inclusion 2011-04-27 2011-07-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.
16 CVE-2010-3260 264 2011-04-27 2011-07-19
6.4
None Remote Low Not required Partial Partial None
oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue.
17 CVE-2010-3447 79 XSS 2011-04-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.
18 CVE-2010-3693 79 XSS 2011-04-04 2019-06-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.
19 CVE-2010-3958 20 Exec Code 2011-04-13 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
20 CVE-2010-3974 119 Exec Code Overflow Mem. Corr. 2011-04-13 2020-09-28
7.6
None Remote High Not required Complete Complete Complete
fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
21 CVE-2010-4229 22 Exec Code Dir. Trav. 2011-04-18 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.
22 CVE-2010-4235 134 Exec Code 2011-04-04 2011-04-06
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.
23 CVE-2010-4596 119 Exec Code Overflow 2011-04-04 2011-04-06
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request.
24 CVE-2010-4778 79 XSS 2011-04-04 2019-06-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information.
25 CVE-2010-4779 79 XSS 2011-04-07 2011-05-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information.
26 CVE-2010-4780 89 2 Exec Code Sql 2011-04-07 2011-09-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.
27 CVE-2010-4781 200 2 +Info 2011-04-07 2011-09-22
5.0
None Remote Low Not required Partial None None
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.
28 CVE-2010-4782 89 2 Exec Code Sql 2011-04-07 2011-09-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
29 CVE-2010-4783 79 1 XSS 2011-04-07 2018-10-10
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
30 CVE-2010-4784 89 1 Exec Code Sql 2011-04-07 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
31 CVE-2010-4785 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID.
32 CVE-2010-4786 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon crash or hang) via a paged search, as demonstrated by a certain idsldapsearch command, related to an improper ibm-slapdIdleTimeOut configuration setting.
33 CVE-2010-4787 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing.
34 CVE-2010-4788 20 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search.
35 CVE-2010-4789 399 DoS 2011-04-21 2011-04-21
4.0
None Remote Low ??? None None Partial
Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation.
36 CVE-2010-4790 22 1 Dir. Trav. 2011-04-27 2018-10-10
5.8
None Remote Medium Not required None Partial Partial
Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
37 CVE-2010-4791 89 2 Exec Code Sql 2011-04-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter.
38 CVE-2010-4792 79 1 XSS 2011-04-27 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter.
39 CVE-2010-4793 89 2 Exec Code Sql 2011-04-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
40 CVE-2010-4794 79 1 XSS 2011-04-27 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information.
41 CVE-2010-4795 89 1 Exec Code Sql 2011-04-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
42 CVE-2010-4796 89 Exec Code Sql 2011-04-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php.
43 CVE-2010-4797 89 2 Exec Code Sql 2011-04-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
44 CVE-2010-4798 22 1 Dir. Trav. 2011-04-27 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
45 CVE-2010-4799 89 2 Exec Code Sql 2011-04-27 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.
46 CVE-2010-4800 89 2 Exec Code Sql 2011-04-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
47 CVE-2010-4801 22 2 Dir. Trav. 2011-04-27 2017-08-17
6.0
None Remote Medium ??? Partial Partial Partial
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.
48 CVE-2011-0012 59 2011-04-18 2011-04-18
3.3
None Local Medium Not required None Partial Partial
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
49 CVE-2011-0028 94 Exec Code 2011-04-13 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
50 CVE-2011-0034 119 Exec Code Overflow 2011-04-13 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
Total number of vulnerabilities : 312   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.