Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-23 | CVE-2010-0703 | Cross-Site Scripting vulnerability in Portwise SSL VPN 4.6 Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. | 4.3 |
| 2010-02-23 | CVE-2010-0701 | SQL Injection vulnerability in Newgensoft Omnidocs SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-02-23 | CVE-2010-0700 | Cross-Site Scripting vulnerability in Wampserver 2.0I Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
| 2010-02-23 | CVE-2010-0699 | Cross-Site Scripting vulnerability in Videosearchscript PRO 3.5 Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2010-02-23 | CVE-2010-0698 | SQL Injection vulnerability in Dynamicsoft WSC CMS 2.2 SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. | 7.5 |
| 2010-02-23 | CVE-2010-0697 | Cross-Site Scripting vulnerability in Ilya Ivanchenko Itweak Upload Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. | 3.5 |
| 2010-02-23 | CVE-2010-0685 | Remote Security vulnerability in Asterisk The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. | 5.0 |
| 2010-02-23 | CVE-2010-0682 | Permissions, Privileges, and Access Controls vulnerability in Wordpress 2.9/2.9.1 WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | 4.0 |
| 2010-02-23 | CVE-2010-0189 | Improper Input Validation vulnerability in multiple products A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. | 9.3 |
| 2010-02-23 | CVE-2010-0148 | Remote Denial of Service vulnerability in Cisco Security Agent 5.2 Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets." Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability (the Windows version is not affected). The Linux version of standalone agents are installed in the following products: * Cisco Unified Communications Manager (CallManager) * IPCC Express * IP Interactive Voice Response (IP IVR) * Cisco Unified Meeting Place * Cisco Personal Assistant (PA) * Cisco Unity Connection Note: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. | 7.8 |