Vulnerabilities (CVE)

Filtered by CWE-94
Total 6444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4248 1 Realnetworks 1 Realplayer 2026-06-16 9.3 HIGH N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.
CVE-2011-4247 1 Realnetworks 1 Realplayer 2026-06-16 9.3 HIGH N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.
CVE-2011-4237 1 Cisco 2 Ciscoworks Common Services, Prime Lan Management Solution 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
CVE-2011-4203 1 Moodle 1 Moodle 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
CVE-2011-4201 1 Restorepoint 1 Restorepoint 2026-06-16 9.3 HIGH N/A
remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action.
CVE-2011-4189 1 Novell 1 Groupwise 2026-06-16 7.5 HIGH N/A
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.
CVE-2011-4075 1 Phpldapadmin Project 1 Phpldapadmin 2026-06-16 7.5 HIGH N/A
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
CVE-2011-4047 1 Dell 1 Kace K2000 Systems Deployment Appliance 2026-06-16 9.3 HIGH N/A
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.
CVE-2011-4041 1 Broadwin 1 Webaccess 2026-06-16 10.0 HIGH N/A
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2011-3832 1 Sitracker 1 Support Incident Tracker 2026-06-16 6.5 MEDIUM N/A
Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.
CVE-2011-3828 1 Sunplus-tech 1 Dvr Remote Activex Control 2026-06-16 9.3 HIGH N/A
DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server.
CVE-2011-3655 1 Mozilla 2 Firefox, Thunderbird 2026-06-16 9.3 HIGH N/A
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
CVE-2011-3504 1 Ffmpeg 1 Ffmpeg 2026-06-16 9.3 HIGH N/A
The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.
CVE-2011-3413 1 Microsoft 4 Office, Office Compatibility Pack, Powerpoint and 1 more 2026-06-16 9.3 HIGH N/A
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
CVE-2011-3412 1 Microsoft 1 Publisher 2026-06-16 9.3 HIGH N/A
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
CVE-2011-3411 1 Microsoft 1 Publisher 2026-06-16 9.3 HIGH N/A
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
CVE-2011-3403 1 Microsoft 2 Excel, Office 2026-06-16 9.3 HIGH N/A
Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
CVE-2011-3401 1 Microsoft 3 Windows 7, Windows Vista, Windows Xp 2026-06-16 9.3 HIGH N/A
ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."
CVE-2011-3400 1 Microsoft 2 Windows Server 2003, Windows Xp 2026-06-16 9.3 HIGH N/A
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."