Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-24 | CVE-2011-3983 | Cross-Site Scripting vulnerability in Kent-Web web Forum 5.1 Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies. | 4.3 |
| 2011-10-24 | CVE-2011-3615 | SQL Injection vulnerability in Simplemachines SMF Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. | 7.5 |
| 2011-10-24 | CVE-2011-3383 | Cross-Site Scripting vulnerability in Kent-Web web Forum Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "the web page to be output." | 4.3 |
| 2011-10-23 | CVE-2011-4170 | Cross-Site Scripting vulnerability in Gnome Empathy Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. | 4.3 |
| 2011-10-23 | CVE-2011-3635 | Cross-Site Scripting vulnerability in Gnome Empathy Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). | 4.3 |
| 2011-10-23 | CVE-2011-3163 | Information Exposure vulnerability in HP Multifunction Peripheral Digital Sending Software 4.91.20/4.91.21 HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors. | 1.2 |
| 2011-10-22 | CVE-2011-2059 | Information Exposure vulnerability in Cisco IOS The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219. | 5.0 |
| 2011-10-22 | CVE-2011-2058 | Improper Input Validation vulnerability in Cisco IOS The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336. | 7.8 |
| 2011-10-22 | CVE-2011-2057 | Improper Input Validation vulnerability in Cisco IOS The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327. | 5.0 |
| 2011-10-22 | CVE-2011-2042 | Information Exposure vulnerability in Cisco Ciscoworks Common Services The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018. | 5.0 |