Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-07 | CVE-2010-4874 | Cross-Site Scripting vulnerability in Ninkobb 1.3 Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter. | 4.3 |
| 2011-10-07 | CVE-2010-4873 | Cross-Site Scripting vulnerability in Webidsupport Webid 0.8.5 Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2011-10-07 | CVE-2010-4872 | SQL Injection vulnerability in Pilotcart Pilot Cart 7.3 SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter. | 7.5 |
| 2011-10-07 | CVE-2010-4871 | Unspecified vulnerability in Smartftp 2.0 Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename. | 10.0 |
| 2011-10-07 | CVE-2010-4870 | SQL Injection vulnerability in Bloofox Bloofoxcms 0.3.5 SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter. | 7.5 |
| 2011-10-07 | CVE-2011-2191 | Cross-Site Request Forgery (CSRF) vulnerability in Cherokee-Project Cherokee Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. | 6.8 |
| 2011-10-07 | CVE-2011-2190 | Cryptographic Issues vulnerability in Cherokee-Project Cherokee The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. | 2.1 |
| 2011-10-06 | CVE-2011-3332 | Buffer Errors vulnerability in Iceni Argus and Infix Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression. | 10.0 |
| 2011-10-06 | CVE-2011-3305 | Path Traversal vulnerability in Cisco NAC Manager 4.8/4.8(1)/4.8(2) Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. | 7.8 |
| 2011-10-06 | CVE-2011-3297 | Improper Authentication vulnerability in Cisco products Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | 7.8 |