Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-23 | CVE-2011-5199 | Cross-Site Scripting vulnerability in Steveyolam Tinyguestbook 10.2010 Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
| 2012-09-23 | CVE-2011-5198 | SQL Injection vulnerability in Neturf Ecommerce Shopping Cart SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. | 7.5 |
| 2012-09-23 | CVE-2011-5197 | Cross-Site Request Forgery (CSRF) vulnerability in Public Knowledge Project Open Harvester Systems Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. | 6.8 |
| 2012-09-23 | CVE-2011-5196 | Cross-Site Request Forgery (CSRF) vulnerability in Public Knowledge Project Open Journal Systems Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. | 6.8 |
| 2012-09-23 | CVE-2011-5195 | Cross-Site Request Forgery (CSRF) vulnerability in Public Knowledge Project Open Conference Systems Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file. | 6.8 |
| 2012-09-23 | CVE-2011-5194 | Cross-Site Scripting vulnerability in PHPace Samswhois 1.1/1.4.2.3 Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193. | 4.3 |
| 2012-09-23 | CVE-2011-5193 | Cross-Site Scripting vulnerability in PHPace Samswhois 1.1/1.4.2.3 Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | 2.6 |
| 2012-09-23 | CVE-2011-5192 | Cross-Site Scripting vulnerability in Blairwilliams Pretty Link Lite Plugin Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. | 4.3 |
| 2012-09-23 | CVE-2011-5191 | Cross-Site Scripting vulnerability in Blairwilliams Pretty Link Lite Plugin Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. | 4.3 |
| 2012-09-21 | CVE-2012-3137 | Improper Authentication vulnerability in Oracle products The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." | 6.4 |