Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-08-29 | CVE-2011-3185 | Improper Input Validation vulnerability in Pidgin gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | 9.3 |
| 2011-08-29 | CVE-2011-3184 | Resource Management Errors vulnerability in Pidgin The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. | 4.3 |
| 2011-08-29 | CVE-2011-3181 | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. | 4.3 |
| 2011-08-29 | CVE-2011-2943 | Denial of Service and Security Bypass vulnerability in Pidgin Libpurple and Pidgin The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. network pidgin | 4.3 |
| 2011-08-29 | CVE-2011-2746 | Local File Disclosure vulnerability in OTRS 'AdminPackageManager.pm' Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors. | 4.0 |
| 2011-08-29 | CVE-2011-2712 | Cross-Site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2.6 |
| 2011-08-29 | CVE-2011-2564 | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. | 7.8 |
| 2011-08-29 | CVE-2011-2563 | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. | 7.8 |
| 2011-08-29 | CVE-2011-2562 | Unspecified vulnerability in Cisco Unified Communications Manager Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. | 7.8 |
| 2011-08-29 | CVE-2011-2561 | Resource Management Errors vulnerability in Cisco Unified Communications Manager The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. | 7.1 |