Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-05 | CVE-2011-0459 | Cross-Site Scripting vulnerability in Cyber-Ark Password Vault web Access 4.0/5.5/6.0 Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-10-05 | CVE-2008-7301 | SQL Injection vulnerability in Sclek Jsite 1.0 SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2011-10-05 | CVE-2008-7300 | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Sunos The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone. | 8.5 |
| 2011-10-05 | CVE-2000-1247 | Configuration vulnerability in Apache Jserv 1.1.2 The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. | 2.1 |
| 2011-10-04 | CVE-2011-1221 | Cross-Site Scripting vulnerability in Realnetworks Realplayer and Realplayer SP Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. | 4.3 |
| 2011-10-04 | CVE-2011-2443 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Photoshop Elements Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296. | 9.3 |
| 2011-10-04 | CVE-2011-3981 | Code Injection vulnerability in Likno Allwebmenus Plugin 1.1.3 PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | 7.5 |
| 2011-10-04 | CVE-2011-3980 | Unspecified vulnerability in Jerome Schneider Ameos Dragndropupload 2.0.0/2.0.1 Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. | 7.5 |
| 2011-10-04 | CVE-2011-3979 | Cross-Site Scripting vulnerability in Zikula Application Framework 1.2.7/1.3.0 Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php. | 4.3 |
| 2011-10-04 | CVE-2011-3978 | Cross-Site Scripting vulnerability in Lightneasy 3.2.4 Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page. | 3.5 |