CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12151 CVE-2011-4762 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
12152 CVE-2011-4761 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
12153 CVE-2011-4757 255 Bypass 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files.
12154 CVE-2011-4755 20 DoS 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files.
12155 CVE-2011-4752 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
12156 CVE-2011-4749 255 Bypass 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.
12157 CVE-2011-4744 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
12158 CVE-2011-4743 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
12159 CVE-2011-4739 255 Bypass 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files.
12160 CVE-2011-4733 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
12161 CVE-2011-4732 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
12162 CVE-2011-4730 255 Bypass 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files.
12163 CVE-2011-4727 20 DoS 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files.
12164 CVE-2011-4719 2011-12-09 2012-04-20
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
12165 CVE-2011-4694 Exec Code 2011-12-07 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
12166 CVE-2011-4693 Exec Code 2011-12-07 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
12167 CVE-2011-4684 310 2011-12-07 2012-03-06
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
12168 CVE-2011-4683 2011-12-07 2012-03-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."
12169 CVE-2011-4659 264 2012-01-19 2012-02-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555.
12170 CVE-2011-4644 287 1 Exec Code 2012-01-03 2012-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
12171 CVE-2011-4620 119 1 Exec Code Overflow 2011-12-31 2016-08-02
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.
12172 CVE-2011-4548 2011-11-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
12173 CVE-2011-4536 119 Exec Code Overflow 2011-12-27 2011-12-27
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.
12174 CVE-2011-4526 119 Exec Code Overflow 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
12175 CVE-2011-4525 264 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.
12176 CVE-2011-4524 119 Exec Code Overflow 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
12177 CVE-2011-4514 287 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
12178 CVE-2011-4513 Exec Code 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
12179 CVE-2011-4509 264 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
12180 CVE-2011-4508 287 Bypass 2012-02-03 2012-02-07
9.3
None Remote Medium Not required Complete Complete Complete
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.
12181 CVE-2011-4502 78 Exec Code 2011-11-22 2013-01-24
10.0
None Remote Low Not required Complete Complete Complete
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters.
12182 CVE-2011-4501 16 2011-11-22 2013-01-24
10.0
None Remote Low Not required Complete Complete Complete
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
12183 CVE-2011-4496 119 Exec Code Overflow 2011-11-21 2011-11-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.
12184 CVE-2011-4374 190 Exec Code Overflow 2012-01-19 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
12185 CVE-2011-4369 DoS Exec Code Mem. Corr. 2011-12-16 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
12186 CVE-2011-4266 +Priv 2011-12-13 2012-02-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
12187 CVE-2011-4262 Exec Code 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.
12188 CVE-2011-4261 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.
12189 CVE-2011-4260 94 Exec Code 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.
12190 CVE-2011-4259 189 Exec Code 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.
12191 CVE-2011-4258 94 Exec Code 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
12192 CVE-2011-4257 94 Exec Code 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.
12193 CVE-2011-4256 94 Exec Code 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
12194 CVE-2011-4255 Exec Code 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.
12195 CVE-2011-4254 94 Exec Code 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.
12196 CVE-2011-4253 Exec Code 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
12197 CVE-2011-4252 94 Exec Code 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.
12198 CVE-2011-4251 94 Exec Code 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.
12199 CVE-2011-4250 Exec Code 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
12200 CVE-2011-4249 20 Exec Code 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.