| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
4651 |
CVE-2011-4286 |
79 |
|
XSS |
2012-07-16 |
2020-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. |
|
4652 |
CVE-2011-4285 |
264 |
|
|
2012-07-16 |
2020-12-01 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role. |
|
4653 |
CVE-2011-4284 |
200 |
|
+Info |
2012-07-16 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page. |
|
4654 |
CVE-2011-4283 |
200 |
|
+Info |
2012-07-16 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. |
|
4655 |
CVE-2011-4282 |
79 |
|
XSS |
2012-07-16 |
2020-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter. |
|
4656 |
CVE-2011-4281 |
352 |
|
CSRF |
2012-07-16 |
2020-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course. |
|
4657 |
CVE-2011-4280 |
79 |
|
XSS |
2012-07-16 |
2020-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4658 |
CVE-2011-4279 |
200 |
|
+Info |
2012-07-16 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista. |
|
4659 |
CVE-2011-4278 |
79 |
|
XSS |
2012-07-16 |
2020-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4660 |
CVE-2011-4276 |
200 |
|
+Info |
2012-01-25 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. |
|
4661 |
CVE-2011-4237 |
94 |
|
Http R.Spl. |
2012-05-03 |
2012-06-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. |
|
4662 |
CVE-2011-4232 |
200 |
|
+Info |
2012-05-03 |
2012-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. |
|
4663 |
CVE-2011-4231 |
20 |
|
DoS |
2012-05-03 |
2012-05-11 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
|
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. |
|
4664 |
CVE-2011-4197 |
264 |
|
|
2012-01-03 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. |
|
4665 |
CVE-2011-4194 |
119 |
|
Exec Code Overflow |
2012-02-02 |
2020-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field. |
|
4666 |
CVE-2011-4189 |
94 |
|
DoS Exec Code Mem. Corr. |
2012-03-02 |
2018-01-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. |
|
4667 |
CVE-2011-4188 |
119 |
|
DoS Overflow |
2012-04-09 |
2017-12-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. |
|
4668 |
CVE-2011-4187 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. |
|
4669 |
CVE-2011-4186 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. |
|
4670 |
CVE-2011-4185 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-21 |
2012-02-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. |
|
4671 |
CVE-2011-4153 |
20 |
1
|
DoS |
2012-01-18 |
2018-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. |
|
4672 |
CVE-2011-4144 |
|
|
|
2012-02-02 |
2012-02-16 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges. |
|
4673 |
CVE-2011-4143 |
200 |
|
+Info |
2012-01-27 |
2012-02-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. |
|
4674 |
CVE-2011-4142 |
255 |
|
+Info |
2012-01-19 |
2012-01-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. |
|
4675 |
CVE-2011-4135 |
22 |
|
Exec Code Dir. Trav. |
2012-01-19 |
2012-01-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389. |
|
4676 |
CVE-2011-4134 |
119 |
|
Exec Code Overflow |
2012-01-19 |
2012-01-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet. |
|
4677 |
CVE-2011-4133 |
352 |
|
CSRF |
2012-07-16 |
2020-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. |
|
4678 |
CVE-2011-4132 |
20 |
|
DoS |
2012-01-27 |
2017-12-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." |
|
4679 |
CVE-2011-4131 |
189 |
|
DoS |
2012-05-17 |
2017-12-29 |
4.6 |
None |
Local Network |
High |
Not required |
None |
None |
Complete |
|
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words. |
|
4680 |
CVE-2011-4129 |
200 |
|
+Info |
2012-10-22 |
2017-01-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. |
|
4681 |
CVE-2011-4127 |
264 |
|
Bypass |
2012-07-03 |
2017-12-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. |
|
4682 |
CVE-2011-4114 |
264 |
|
|
2012-01-13 |
2012-02-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. |
|
4683 |
CVE-2011-4113 |
89 |
|
Exec Code Sql |
2012-02-17 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments." |
|
4684 |
CVE-2011-4112 |
|
|
DoS |
2012-05-17 |
2020-07-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. |
|
4685 |
CVE-2011-4110 |
264 |
|
DoS |
2012-01-27 |
2016-08-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." |
|
4686 |
CVE-2011-4109 |
399 |
|
|
2012-01-06 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. |
|
4687 |
CVE-2011-4108 |
310 |
|
|
2012-01-06 |
2016-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. |
|
4688 |
CVE-2011-4105 |
59 |
|
|
2012-02-17 |
2014-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. |
|
4689 |
CVE-2011-4097 |
190 |
|
DoS Overflow |
2012-05-17 |
2020-07-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. |
|
4690 |
CVE-2011-4086 |
119 |
|
DoS Overflow |
2012-07-03 |
2017-12-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. |
|
4691 |
CVE-2011-4085 |
287 |
|
Bypass |
2012-11-23 |
2014-03-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression. |
|
4692 |
CVE-2011-4081 |
476 |
|
DoS |
2012-05-24 |
2020-07-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. |
|
4693 |
CVE-2011-4080 |
264 |
|
Bypass |
2012-05-24 |
2020-07-28 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
|
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. |
|
4694 |
CVE-2011-4077 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-01-27 |
2016-08-23 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. |
|
4695 |
CVE-2011-4057 |
399 |
|
DoS |
2012-01-13 |
2012-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. |
|
4696 |
CVE-2011-4056 |
|
|
|
2012-01-08 |
2012-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. |
|
4697 |
CVE-2011-4055 |
119 |
|
Exec Code Overflow |
2012-01-08 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL. |
|
4698 |
CVE-2011-4053 |
|
|
+Priv |
2012-01-19 |
2012-01-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
|
4699 |
CVE-2011-4045 |
119 |
|
DoS Overflow |
2012-04-03 |
2012-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document. |
|
4700 |
CVE-2011-4044 |
|
|
|
2012-04-03 |
2012-04-03 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods. |
