Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-12 | CVE-2012-2964 | Improper Input Validation vulnerability in Breakingpointsystems products The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents. | 5.0 |
| 2012-08-12 | CVE-2012-2963 | Improper Authentication vulnerability in Breakingpointsystems products The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file. | 5.0 |
| 2012-08-12 | CVE-2012-2602 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Orion Network Performance Monitor Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. | 6.8 |
| 2012-08-12 | CVE-2012-2577 | Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. | 4.3 |
| 2012-08-12 | CVE-2012-4247 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. | 4.3 |
| 2012-08-12 | CVE-2012-4246 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. | 4.3 |
| 2012-08-12 | CVE-2012-3953 | SQL Injection vulnerability in PHPlist SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | 7.5 |
| 2012-08-12 | CVE-2012-3952 | Cross-Site Scripting vulnerability in PHPlist Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | 2.6 |
| 2012-08-12 | CVE-2012-3457 | Permissions, Privileges, and Access Controls vulnerability in Pnp4Nagios PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. | 2.1 |
| 2012-08-10 | CVE-2012-3132 | SQL Injection vulnerability in Oracle Database Server SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS. | 6.5 |