Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-14 | CVE-2011-3481 | Unspecified vulnerability in CMU Cyrus Imap Server The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. network cmu | 4.3 |
2011-09-14 | CVE-2011-3208 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. | 7.5 |
2011-09-14 | CVE-2011-2595 | Buffer Errors vulnerability in Acdsee Fotoslate 4.0 Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file. | 10.0 |
2011-09-14 | CVE-2011-2581 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 5000 and Nx-Os The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. | 5.0 |
2011-09-14 | CVE-2011-2201 | Permissions, Privileges, and Access Controls vulnerability in Mark Stosberg Data::Formvalidator The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. | 4.3 |
2011-09-14 | CVE-2010-4839 | SQL Injection vulnerability in Edgetechweb Event Registration SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action. | 7.5 |
2011-09-14 | CVE-2010-4838 | SQL Injection vulnerability in Extensiondepot COM Jsupport 1.5.6 SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. | 6.0 |
2011-09-14 | CVE-2010-4837 | Cross-Site Scripting vulnerability in Extensiondepot COM Jsupport 1.5.6 Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. | 4.3 |
2011-09-14 | CVE-2010-4836 | Cross-Site Scripting vulnerability in PHPshop Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter. | 4.3 |
2011-09-14 | CVE-2010-4835 | Path Traversal vulnerability in Oneorzero Aims 2.6.0 Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action. | 4.0 |