Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-14 | CVE-2010-4834 | SQL Injection vulnerability in Oneorzero Aims 2.6.0/2.7.0 Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. | 6.5 |
2011-09-13 | CVE-2009-5101 | Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0 Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. | 5.0 |
2011-09-13 | CVE-2009-5100 | Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0 Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password. | 2.1 |
2011-09-13 | CVE-2009-5099 | Cross-Site Scripting vulnerability in Pentaho BI Server 1.2.0/1.6.0 Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. | 4.3 |
2011-09-13 | CVE-2009-5098 | Resource Management Errors vulnerability in HP Palm PRE Webos 1.0.2/1.0.3/1.0.4 The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception. | 5.4 |
2011-09-13 | CVE-2009-5097 | Code Injection vulnerability in HP Palm PRE Webos 1.0.2/1.0.3/1.0.4 Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. | 7.1 |
2011-09-13 | CVE-2009-5096 | Cross-Site Scripting vulnerability in Khalid Baheyeldin Flag Content Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. | 4.3 |
2011-09-12 | CVE-2011-3422 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. | 4.3 |
2011-09-12 | CVE-2011-3421 | Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | 10.0 |
2011-09-12 | CVE-2011-3420 | Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | 10.0 |