Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-08-31 | CVE-2011-2577 | Remote Denial of Service vulnerability in Cisco TelePresence Codecs SIP Packet Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500. | 7.8 |
| 2011-08-31 | CVE-2011-2524 | Path Traversal vulnerability in Gnome Libsoup Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | 5.0 |
| 2011-08-29 | CVE-2011-2555 | Credentials Management vulnerability in Cisco Telepresence Recording Server Software 1.7.2 Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182. | 10.0 |
| 2011-08-29 | CVE-2011-0228 | Improper Input Validation vulnerability in Apple Iphone OS The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | 7.5 |
| 2011-08-29 | CVE-2011-3187 | Improper Input Validation vulnerability in Rubyonrails Rails 3.0.5 The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | 4.3 |
| 2011-08-29 | CVE-2011-3186 | Code Injection vulnerability in Rubyonrails Rails CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. | 4.3 |
| 2011-08-29 | CVE-2011-2932 | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." | 4.3 |
| 2011-08-29 | CVE-2011-2931 | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. | 4.3 |
| 2011-08-29 | CVE-2011-2930 | SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. | 7.5 |
| 2011-08-29 | CVE-2011-2929 | Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." | 5.0 |