Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-22 | CVE-2011-1640 | Resource Exhaustion vulnerability in Cisco IOS The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354. | 7.8 |
2011-10-21 | CVE-2011-4026 | SQL Injection vulnerability in XIA Zuojie Nexusphp 1.5 SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2011-10-21 | CVE-2011-4024 | Cross-Site Scripting vulnerability in Ocsinventory-Ng OCS Inventory NG Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-21 | CVE-2011-3988 | SQL Injection vulnerability in Lockon Ec-Cube 2.11.0/2.11.1/2.11.2 SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-10-21 | CVE-2011-2713 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser. | 4.3 |
2011-10-21 | CVE-2011-2677 | Permissions, Privileges, and Access Controls vulnerability in Cybozu Office 6 Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | 5.5 |
2011-10-21 | CVE-2011-4063 | Improper Input Validation vulnerability in Asterisk Open Source 1.8.7/10.0.0 chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. | 6.8 |
2011-10-21 | CVE-2011-3340 | SQL Injection vulnerability in Atcom Netvolution 2.5.6 SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | 7.5 |
2011-10-21 | CVE-2011-0290 | Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Enterprise Server 5.0.3 The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. | 6.5 |
2011-10-21 | CVE-2010-4967 | SQL Injection vulnerability in Atcom Netvolution 2.5.6 SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter. | 7.5 |