Search Results (9580 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4690 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
CVE-2011-4691 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
CVE-2011-4692 2 Apple, Google 3 Safari, Webkit, Chrome 2025-04-11 N/A
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
CVE-2011-4700 2 Android, Ubermedia 2 Android, Ubersocial 2025-04-11 N/A
The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application.
CVE-2011-4701 2 Android, Hatena 2 Android, Callconfirm 2025-04-11 N/A
The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application.
CVE-2011-4702 2 Android, Nimbuzz 2 Android, Nimbuzz 2025-04-11 N/A
The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application.
CVE-2011-4703 2 Android, Nathanielkh 2 Android, Limit My Call 2025-04-11 N/A
The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application.
CVE-2011-4704 2 Android, Voxofon 2 Android, Voxofon 2025-04-11 N/A
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application.
CVE-2011-4705 2 Android, Ming 2 Android, Blacklist Free 2025-04-11 N/A
The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack."
CVE-2011-4718 1 Php 1 Php 2025-04-11 N/A
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
CVE-2011-4773 2 Android, Anguanjia 2 Android, Anguanjia 2025-04-11 N/A
The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.
CVE-2011-4769 2 360, Android 2 Mobilesafe, Android 2025-04-11 N/A
The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.
CVE-2011-4770 2 Android, Qiwi 2 Android, Wallet 2025-04-11 N/A
The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application.
CVE-2011-4771 2 Android, Lucion 2 Android, Scan To Pdf Free 2025-04-11 N/A
The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application.
CVE-2011-4772 2 360, Android 2 Kouxin, Android 2025-04-11 N/A
The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.
CVE-2011-5097 1 Opscode 1 Chef 2025-04-11 N/A
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.
CVE-2011-5098 1 Opscode 1 Chef 2025-04-11 N/A
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option.
CVE-2011-5102 1 Websense 4 Websense Web Filter, Websense Web Security, Websense Web Security Gateway and 1 more 2025-04-11 N/A
The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors.
CVE-2011-5144 1 Obm 1 Open Business Management 2025-04-11 N/A
Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function.
CVE-2011-5270 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.