CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2011-4540 79 XSS 2011-12-01 2018-01-06
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php.
202 CVE-2011-4539 20 DoS 2011-12-08 2020-04-01
5.0
None Remote Low Not required None None Partial
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
203 CVE-2011-4537 119 DoS Exec Code Overflow 2011-12-27 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399.
204 CVE-2011-4536 119 Exec Code Overflow 2011-12-27 2011-12-27
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.
205 CVE-2011-4528 399 DoS 2011-12-20 2012-11-06
5.0
None Remote Low Not required None None Partial
Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.
206 CVE-2011-4517 119 DoS Exec Code Overflow Mem. Corr. 2011-12-15 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
207 CVE-2011-4516 119 DoS Exec Code Overflow Mem. Corr. 2011-12-15 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
208 CVE-2011-4462 20 DoS 2011-12-30 2017-08-29
5.0
None Remote Low Not required None None Partial
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
209 CVE-2011-4461 310 DoS 2011-12-30 2019-03-08
5.0
None Remote Low Not required None None Partial
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
210 CVE-2011-4453 94 2 Exec Code 2011-12-22 2012-01-12
7.5
None Remote Low Not required Partial Partial Partial
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
211 CVE-2011-4369 DoS Exec Code Mem. Corr. 2011-12-16 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
212 CVE-2011-4368 79 XSS 2011-12-14 2012-02-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
213 CVE-2011-4362 1 DoS 2011-12-24 2021-03-04
5.0
None Remote Low Not required None None Partial
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
214 CVE-2011-4357 134 DoS Exec Code 2011-12-10 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.
215 CVE-2011-4356 264 Exec Code +Priv 2011-12-05 2012-01-03
6.9
None Local Medium Not required Complete Complete Complete
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
216 CVE-2011-4349 89 Exec Code Sql 2011-12-10 2011-12-12
4.6
None Local Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
217 CVE-2011-4346 79 XSS 2011-12-10 2011-12-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
218 CVE-2011-4344 79 XSS 2011-12-01 2016-06-13
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
219 CVE-2011-4339 264 2011-12-15 2017-08-29
3.6
None Local Low Not required None Partial Partial
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
220 CVE-2011-4315 787 DoS Overflow 2011-12-08 2021-11-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
221 CVE-2011-4266 +Priv 2011-12-13 2012-02-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
222 CVE-2011-4265 79 XSS 2011-12-08 2012-03-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
223 CVE-2011-4264 79 XSS 2011-12-08 2012-03-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
224 CVE-2011-4263 79 XSS 2011-12-07 2011-12-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
225 CVE-2011-4203 94 Http R.Spl. 2011-12-22 2020-12-01
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
226 CVE-2011-4202 264 +Priv 2011-12-13 2011-12-13
7.2
None Local Low Not required Complete Complete Complete
The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.
227 CVE-2011-4201 94 Exec Code 2011-12-13 2011-12-13
9.3
None Remote Medium Not required Complete Complete Complete
remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action.
228 CVE-2011-4169 DoS +Info 2011-12-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
229 CVE-2011-4168 22 Dir. Trav. 2011-12-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
230 CVE-2011-4167 119 Exec Code Overflow 2011-12-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.
231 CVE-2011-4166 22 Dir. Trav. 2011-12-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
232 CVE-2011-4165 Exec Code 2011-12-29 2012-02-02
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.
233 CVE-2011-4164 Exec Code 2011-12-29 2012-02-02
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.
234 CVE-2011-4163 Exec Code 2011-12-29 2012-02-02
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.
235 CVE-2011-4162 119 DoS Exec Code Overflow Mem. Corr. 2011-12-05 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.
236 CVE-2011-4161 264 Exec Code 2011-12-01 2012-09-18
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
237 CVE-2011-4141 +Priv 2011-12-17 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file.
238 CVE-2011-4130 399 Exec Code 2011-12-06 2011-12-08
9.0
None Remote Low ??? Complete Complete Complete
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
239 CVE-2011-4128 119 DoS Overflow 2011-12-08 2017-12-29
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
240 CVE-2011-4084 399 DoS 2011-12-29 2011-12-30
5.0
None Remote Low Not required None None Partial
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 does not properly handle a large number of form parameters, which might allow remote attackers to cause a denial of service (CPU consumption) via a request that triggers storage of many parameters in a hash table.
241 CVE-2011-4054 79 XSS 2011-12-08 2012-03-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.
242 CVE-2011-4052 119 Exec Code Overflow 2011-12-05 2011-12-22
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name.
243 CVE-2011-4051 287 Exec Code 2011-12-05 2011-12-08
10.0
None Remote Low Not required Complete Complete Complete
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
244 CVE-2011-4050 119 DoS Overflow 2011-12-27 2017-08-29
5.0
None Remote Low Not required None None Partial
Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.
245 CVE-2011-4037 119 Exec Code Overflow 2011-12-22 2012-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file.
246 CVE-2011-4036 22 Dir. Trav. 2011-12-02 2011-12-02
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
247 CVE-2011-4035 79 XSS 2011-12-02 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
248 CVE-2011-4034 119 DoS Exec Code Overflow 2011-12-02 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
249 CVE-2011-4033 119 DoS Overflow 2011-12-02 2011-12-02
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors.
250 CVE-2011-4001 22 Dir. Trav. 2011-12-01 2011-12-14
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors.
Total number of vulnerabilities : 341   Page : 1 2 3 4 5 (This Page)6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.