Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-30 | CVE-2011-3580 | Information Exposure vulnerability in Icewarp Mail Server IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | 5.0 |
2011-09-30 | CVE-2011-3579 | Resource Management Errors vulnerability in Icewarp Mail Server server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. | 6.4 |
2011-09-30 | CVE-2011-3369 | Denial-Of-Service vulnerability in Etherape The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c. | 5.0 |
2011-09-30 | CVE-2011-3010 | Cross-Site Scripting vulnerability in Twiki Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin. | 4.3 |
2011-09-30 | CVE-2011-2998 | Numeric Errors vulnerability in Mozilla Firefox Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | 10.0 |
2011-09-29 | CVE-2011-3866 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. | 4.3 |
2011-09-29 | CVE-2011-3504 | Code Injection vulnerability in Ffmpeg The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | 9.3 |
2011-09-29 | CVE-2011-3232 | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | 9.3 |
2011-09-29 | CVE-2011-3005 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | 9.3 |
2011-09-29 | CVE-2011-3004 | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | 4.3 |