Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-10 | CVE-2011-3587 | Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. | 9.3 |
2011-10-10 | CVE-2011-2675 | Cross-Site Scripting vulnerability in Utage.Org Enkai 030511 Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-10 | CVE-2011-2189 | Resource Exhaustion vulnerability in multiple products net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. | 7.5 |
2011-10-09 | CVE-2010-4963 | SQL Injection vulnerability in Hulihanapplications Hulihan BXR 0.6.8 SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. | 7.5 |
2011-10-09 | CVE-2010-4962 | SQL Injection and Remote Command Execution vulnerability in Webkit PDFs For TYPO3 Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | 7.5 |
2011-10-09 | CVE-2010-4961 | SQL Injection vulnerability in Dev-Team Typoheads Webkitpdf SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-10-09 | CVE-2010-4960 | Cross-Site Scripting vulnerability in Martin Hesse MH Branchenbuch Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-09 | CVE-2010-4959 | SQL Injection vulnerability in Preproject PRE Podcast Portal SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2011-10-09 | CVE-2010-4958 | SQL Injection vulnerability in Pradoportal Prado Portal 1.2.0 SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2011-10-09 | CVE-2010-4957 | SQL Injection vulnerability in Nadine Schwingler KE Questionnaire 1.2.1/2.0.0 SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |