2011 CVEs
4898 CVEs published in 2011. 61 critical, 121 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2011-10026 | Critical | 9.8 | 2025-08-20 | Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows att… |
CVE-2011-10019 | Critical | 9.8 | 2025-08-13 | Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitiz… |
CVE-2011-10018 | Critical | 9.8 | 2025-08-13 | myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP co… |
CVE-2011-4574 | Critical | 9.8 | 2021-10-27 | PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high res… |
CVE-2011-4125 | Critical | 9.8 | 2021-10-27 | A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. |
CVE-2011-4124 | Critical | 9.8 | 2021-10-27 | Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. |
CVE-2011-4119 | Critical | 9.8 | 2021-10-26 | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. |
CVE-2011-2195 | Critical | 9.8 | 2021-10-26 | A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php scrip… |
CVE-2011-4908 | Critical | 9.8 | 2020-02-12 | TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. |
CVE-2011-4906 | Critical | 9.8 | 2020-02-12 | Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. |
CVE-2011-1517 | Critical | 9.8 | 2020-02-05 | SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet… |
CVE-2011-3621 | Critical | 9.8 | 2020-01-22 | A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. |
CVE-2011-3614 | Critical | 9.8 | 2020-01-22 | An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. |
CVE-2011-4943 | Critical | 9.8 | 2020-01-22 | ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) |
CVE-2011-4094 | Critical | 9.8 | 2020-01-21 | Jara 1.6 has a SQL injection vulnerability. |
CVE-2011-2715 | Critical | 9.8 | 2020-01-14 | An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. |
CVE-2011-3203 | Critical | 9.8 | 2020-01-14 | A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. |
CVE-2011-5020 | Critical | 9.8 | 2020-01-10 | An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
CVE-2011-5266 | Critical | 9.8 | 2020-01-08 | Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |
CVE-2011-2717 | Critical | 9.8 | 2019-11-27 | The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters i… |