Vulnerabilities (CVE)

Filtered by CWE-94
Total 6444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4791 1 Hp 1 Data Protector Media Operations 2026-06-16 10.0 HIGH N/A
DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.
CVE-2011-4787 1 Hp 1 Easy Printer Care Software 2026-06-16 9.3 HIGH N/A
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.
CVE-2011-4786 1 Hp 1 Easy Printer Care Software 2026-06-16 9.3 HIGH N/A
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.
CVE-2011-4668 1 Ibm 1 Tivoli Netcool\/reporter 2026-06-16 7.5 HIGH N/A
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
CVE-2011-4646 2 Lesterchan, Wordpress 2 Wp-postratings, Wordpress 2026-06-16 6.0 MEDIUM N/A
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
CVE-2011-4639 1 Spamtitan 1 Webtitan 2026-06-16 6.5 MEDIUM N/A
The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.
CVE-2011-4614 1 Typo3 1 Typo3 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
CVE-2011-4545 1 Prestashop 1 Prestashop 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
CVE-2011-4512 1 Siemens 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2011-4458 1 Bestpractical 1 Rt 2026-06-16 6.8 MEDIUM N/A
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.
CVE-2011-4453 1 Pmwiki 1 Pmwiki 2026-06-16 7.5 HIGH N/A
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2011-4342 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
CVE-2011-4337 1 Sitracker 1 Support Incident Tracker 2026-06-16 7.5 HIGH N/A
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
CVE-2011-4260 1 Realnetworks 1 Realplayer 2026-06-16 9.3 HIGH N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.
CVE-2011-4258 1 Realnetworks 1 Realplayer 2026-06-16 9.3 HIGH N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
CVE-2011-4257 1 Realnetworks 1 Realplayer 2026-06-16 9.3 HIGH N/A
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.
CVE-2011-4256 1 Realnetworks 1 Realplayer 2026-06-16 10.0 HIGH N/A
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2011-4254 1 Realnetworks 1 Realplayer 2026-06-16 10.0 HIGH N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.
CVE-2011-4252 1 Realnetworks 1 Realplayer 2026-06-16 9.3 HIGH N/A
The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.
CVE-2011-4251 1 Realnetworks 1 Realplayer 2026-06-16 9.3 HIGH N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.