Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-08 | CVE-2011-0334 | Buffer Errors vulnerability in Novell Groupwise 8.0 Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file. | 10.0 |
| 2011-10-08 | CVE-2011-0333 | Buffer Errors vulnerability in Novell Groupwise 8.0 Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error." | 10.0 |
| 2011-10-07 | CVE-2011-3868 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image. | 9.3 |
| 2011-10-07 | CVE-2010-4892 | Cross-Site Scripting vulnerability in Alex Kellner Powermail Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-10-07 | CVE-2010-4891 | SQL Injection vulnerability in Andreas Kiefer KE YAC SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-07 | CVE-2010-4890 | Cross-Site Scripting vulnerability in Andreas Kiefer KE YAC Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-10-07 | CVE-2010-4889 | Unspecified vulnerability in Marco Hezel HM Tinymarket Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2011-10-07 | CVE-2010-4888 | SQL Injection vulnerability in Marco Hezel HM Tinymarket SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-07 | CVE-2010-4887 | SQL Injection vulnerability in Raphael Zschorsch Commentsbe SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-07 | CVE-2010-4886 | Cross-Site Scripting vulnerability in Peter Proell Tweetbutton 1.0.0/1.0.2/1.0.3 Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |