2011 CVEs

4898 CVEs published in 2011. 61 critical, 121 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2011
CVESeverityScorePublishedSummary
CVE-2011-10026Critical9.82025-08-20Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows att…
CVE-2011-10019Critical9.82025-08-13Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitiz…
CVE-2011-10018Critical9.82025-08-13myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP co…
CVE-2011-4574Critical9.82021-10-27PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high res…
CVE-2011-4125Critical9.82021-10-27A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
CVE-2011-4124Critical9.82021-10-27Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
CVE-2011-4119Critical9.82021-10-26caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.
CVE-2011-2195Critical9.82021-10-26A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php scrip…
CVE-2011-4908Critical9.82020-02-12TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
CVE-2011-4906Critical9.82020-02-12Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
CVE-2011-1517Critical9.82020-02-05SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet…
CVE-2011-3621Critical9.82020-01-22A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.
CVE-2011-3614Critical9.82020-01-22An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
CVE-2011-4943Critical9.82020-01-22ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)
CVE-2011-4094Critical9.82020-01-21Jara 1.6 has a SQL injection vulnerability.
CVE-2011-2715Critical9.82020-01-14An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
CVE-2011-3203Critical9.82020-01-14A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
CVE-2011-5020Critical9.82020-01-10An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.
CVE-2011-5266Critical9.82020-01-08Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
CVE-2011-2717Critical9.82019-11-27The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters i…