Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-07-18 | CVE-2010-4655 | Improper Initialization vulnerability in multiple products net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | 5.5 |
2011-07-17 | CVE-2011-2760 | Permissions, Privileges, and Access Controls vulnerability in Brocade Bigiron RX Switch Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet. | 5.0 |
2011-07-17 | CVE-2011-2759 | Information Exposure vulnerability in IBM Tivoli Directory Server The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 5.0 |
2011-07-17 | CVE-2011-2758 | Improper Authentication vulnerability in IBM Tivoli Directory Server IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. | 5.0 |
2011-07-17 | CVE-2011-2757 | Path Traversal vulnerability in Manageengine Servicedesk Plus 7.0.0/7.6/8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-07-17 | CVE-2011-2756 | Improper Authentication vulnerability in Manageengine Servicedesk Plus 8.0 FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | 5.0 |
2011-07-17 | CVE-2011-2755 | Path Traversal vulnerability in Manageengine Servicedesk Plus 8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2011-07-17 | CVE-2011-2754 | Cross-Site Scripting vulnerability in IBM web Content Manager and Websphere Portal Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-07-17 | CVE-2011-2753 | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. | 6.8 |
2011-07-17 | CVE-2011-2752 | Code Injection vulnerability in Squirrelmail CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. | 5.8 |