Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-11 | CVE-2011-1526 | Improper Privilege Management vulnerability in multiple products ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. | 6.5 |
| 2011-07-11 | CVE-2011-1338 | DLL Loading Arbitrary Code Execution vulnerability in XnView Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item. local xnview | 6.9 |
| 2011-07-11 | CVE-2011-0549 | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2011-07-08 | CVE-2010-4814 | SQL Injection vulnerability in Bestsoftinc Advance Hotel Booking System 1.0 SQL injection vulnerability in index1.php in Best Soft Inc. | 7.5 |
| 2011-07-08 | CVE-2010-4813 | Cross-Site Scripting vulnerability in Category Tokens Project Category Tokens 6.X1.0 Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | 3.5 |
| 2011-07-08 | CVE-2010-4812 | SQL Injection vulnerability in 6Kbbs 8.0 Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php. | 6.5 |
| 2011-07-08 | CVE-2010-4811 | Cross-Site Scripting vulnerability in 6Kbbs 8.0 Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action. | 4.3 |
| 2011-07-08 | CVE-2010-4810 | Code Injection vulnerability in Awcm-Cms AR web Content Manager 2.1 Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php. | 7.5 |
| 2011-07-08 | CVE-2010-4809 | SQL Injection vulnerability in Liberologico Dbsite 1.0 SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2011-07-08 | CVE-2010-4808 | SQL Injection vulnerability in Valarsoft Webmatic SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |