CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2011 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-3268 119 Overflow 2011-08-25 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
2 CVE-2011-3185 20 2011-08-29 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
3 CVE-2011-3143 399 DoS Exec Code Mem. Corr. 2011-08-16 2018-12-31
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
4 CVE-2011-3142 119 1 Exec Code Overflow 2011-08-16 2012-03-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.
5 CVE-2011-3141 119 DoS Exec Code Overflow 2011-08-16 2012-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
6 CVE-2011-3137 2011-08-12 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050.
7 CVE-2011-3136 2011-08-12 2012-04-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048.
8 CVE-2011-3135 2011-08-12 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors.
9 CVE-2011-3129 264 2011-08-10 2016-05-31
9.3
None Remote Medium Not required Complete Complete Complete
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
10 CVE-2011-3125 2011-08-10 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."
11 CVE-2011-3122 2011-08-10 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."
12 CVE-2011-3012 20 Exec Code 2011-08-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.
13 CVE-2011-2993 264 +Priv Bypass 2011-08-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
14 CVE-2011-2992 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
15 CVE-2011-2991 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
16 CVE-2011-2989 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
17 CVE-2011-2988 119 DoS Exec Code Overflow 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.
18 CVE-2011-2987 119 Exec Code Overflow 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.
19 CVE-2011-2985 DoS Exec Code Mem. Corr. 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
20 CVE-2011-2984 94 Exec Code 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
21 CVE-2011-2982 DoS Exec Code Mem. Corr. 2011-08-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
22 CVE-2011-2981 16 Exec Code Bypass 2011-08-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.
23 CVE-2011-2955 399 Exec Code 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.
24 CVE-2011-2954 399 Exec Code 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.
25 CVE-2011-2953 119 Exec Code Overflow 2011-08-18 2011-10-06
10.0
None Remote Low Not required Complete Complete Complete
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.
26 CVE-2011-2952 399 Exec Code 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.
27 CVE-2011-2951 119 Exec Code Overflow 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
28 CVE-2011-2950 119 Exec Code Overflow 2011-08-18 2012-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
29 CVE-2011-2949 119 Exec Code Overflow 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.
30 CVE-2011-2948 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.
31 CVE-2011-2946 Exec Code 2011-08-18 2011-10-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.
32 CVE-2011-2945 119 Exec Code Overflow 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.
33 CVE-2011-2940 119 DoS Exec Code Overflow Mem. Corr. 2011-08-25 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
34 CVE-2011-2895 119 Exec Code Overflow 2011-08-19 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
35 CVE-2011-2825 416 DoS 2011-08-29 2020-05-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
36 CVE-2011-2822 20 2011-08-29 2018-11-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.
37 CVE-2011-2806 119 DoS Exec Code Overflow Mem. Corr. 2011-08-29 2020-05-19
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
38 CVE-2011-2764 20 Exec Code 2011-08-04 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.
39 CVE-2011-2591 119 Exec Code Overflow 2011-08-05 2011-09-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.
40 CVE-2011-2590 20 2011-08-09 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 allows remote attackers to execute arbitrary programs via a UNC share pathname in the MPlayerPath parameter.
41 CVE-2011-2589 119 Exec Code Overflow 2011-08-09 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SendLogAction method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 might allow remote attackers to execute arbitrary code via a long argument.
42 CVE-2011-2555 255 2011-08-29 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182.
43 CVE-2011-2425 119 DoS Exec Code Overflow Mem. Corr. 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
44 CVE-2011-2424 119 DoS Exec Code Overflow Mem. Corr. 2011-08-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."
45 CVE-2011-2423 119 DoS Exec Code Overflow Mem. Corr. 2011-08-11 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
46 CVE-2011-2422 119 DoS Exec Code Overflow Mem. Corr. 2011-08-11 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
47 CVE-2011-2421 119 DoS Exec Code Overflow Mem. Corr. 2011-08-11 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file.
48 CVE-2011-2420 119 DoS Exec Code Overflow Mem. Corr. 2011-08-11 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
49 CVE-2011-2419 119 DoS Exec Code Overflow Mem. Corr. 2011-08-11 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
50 CVE-2011-2417 119 DoS Exec Code Overflow Mem. Corr. 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.
Total number of vulnerabilities : 85   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.