Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-21 | CVE-2010-4966 | Cross-Site Scripting vulnerability in Atcom Netvolution Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action. | 4.3 |
2011-10-21 | CVE-2009-5103 | Cross-Site Scripting vulnerability in Atcom Netvolution 1.0 Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable. | 4.3 |
2011-10-21 | CVE-2009-5102 | SQL Injection vulnerability in Atcom Netvolution 1.0 SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter. | 7.5 |
2011-10-20 | CVE-2011-4151 | Improper Input Validation vulnerability in MIT Kerberos 5 The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528. | 7.8 |
2011-10-20 | CVE-2011-1529 | Improper Input Validation vulnerability in MIT Kerberos 5 The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. | 7.8 |
2011-10-20 | CVE-2011-1528 | Improper Input Validation vulnerability in MIT Kerberos 5 The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. | 7.8 |
2011-10-20 | CVE-2011-1527 | Improper Input Validation vulnerability in MIT Kerberos 5 1.9/1.9.1 The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions. | 7.8 |
2011-10-20 | CVE-2011-3310 | Code Injection vulnerability in multiple products The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. | 9.0 |
2011-10-20 | CVE-2011-2585 | Code Injection vulnerability in Cisco Show and Share 5.2(1)/5(2) Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. | 6.5 |
2011-10-20 | CVE-2011-2584 | Permissions, Privileges, and Access Controls vulnerability in Cisco Show and Share 5.2(1)/5(2) Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758. | 7.5 |