Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-03 | CVE-2012-3834 | SQL Injection vulnerability in Alienvault Open Source Security Information Management 3.1 SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. | 6.5 |
| 2012-07-03 | CVE-2012-3833 | Cross-Site Scripting vulnerability in Opensolution Quick.Cms 4.0 Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
| 2012-07-03 | CVE-2012-3832 | Cross-Site Scripting vulnerability in Milesj Decoda Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags. | 4.3 |
| 2012-07-03 | CVE-2012-3831 | Cross-Site Scripting vulnerability in Milesj Decoda Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. | 4.3 |
| 2012-07-03 | CVE-2012-3830 | Cross-Site Scripting vulnerability in Milesj Decoda Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. | 4.3 |
| 2012-07-03 | CVE-2012-3829 | Information Exposure vulnerability in Joomla Joomla! 2.5.3 Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | 5.0 |
| 2012-07-03 | CVE-2012-3828 | Cross-Site Scripting vulnerability in Joomla Joomla! 2.5.3 Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. | 4.3 |
| 2012-07-03 | CVE-2012-3368 | Numeric Errors vulnerability in Redhat Dtach 0.8 Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. | 2.6 |
| 2012-07-03 | CVE-2012-2181 | Path Traversal vulnerability in IBM Websphere Portal 7.0.0.1/7.0.0.2/8.0 Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. | 5.0 |
| 2012-07-03 | CVE-2011-5096 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya Aura Application Server 5300 1.0/2.0 Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | 10.0 |