Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-06 | CVE-2011-3296 | Resource Management Errors vulnerability in Cisco products Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875. | 7.8 |
2011-10-06 | CVE-2011-3288 | XML Entity Expansion vulnerability in Cisco Unified Presence Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564. | 7.5 |
2011-10-06 | CVE-2011-3287 | Resource Management Errors vulnerability in Cisco Jabber Extensible Communications Platform 5.0/5.1/5.2 Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564. | 7.8 |
2011-10-05 | CVE-2010-4869 | SQL Injection vulnerability in Drbenhur Dbhcms 1.1.4 SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | 7.5 |
2011-10-05 | CVE-2010-4868 | Cross-Site Scripting vulnerability in W-Agora Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. | 4.3 |
2011-10-05 | CVE-2010-4867 | Path Traversal vulnerability in W-Agora Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2011-10-05 | CVE-2010-4866 | SQL Injection vulnerability in Chipmunk-Scripts Chipmunk Board 1.3 SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter. | 7.5 |
2011-10-05 | CVE-2010-4865 | SQL Injection vulnerability in Harmistechnology COM Jeguestbook 1.0 SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. | 7.5 |
2011-10-05 | CVE-2010-4864 | SQL Injection vulnerability in Danieljamesscott COM Clubmanager SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php. | 7.5 |
2011-10-05 | CVE-2010-4863 | Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 2.01 Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter. | 4.3 |