Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-06-09 | CVE-2011-1700 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url. | 9.3 |
| 2011-06-09 | CVE-2011-1699 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url. | 9.3 |
| 2011-06-09 | CVE-2011-1823 | Integer Overflow or Wraparound vulnerability in Google Android The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak. | 7.8 |
| 2011-06-09 | CVE-2011-2468 | Path Traversal vulnerability in Anymacro Mail System G4X Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request. | 5.0 |
| 2011-06-09 | CVE-2011-2395 | Configuration vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | 5.0 |
| 2011-06-09 | CVE-2011-2107 | Cross-Site Scripting vulnerability in Adobe Acrobat, Acrobat Reader and Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." Per: http://www.adobe.com/support/security/bulletins/apsb11-13.html 'This issue also affects the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.3) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems.' Per: http://www.adobe.com/support/security/bulletins/apsb11-13.html 'We expect to make available an update for Adobe Acrobat X (10.0.3) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Windows, Adobe Reader X (10.0.3) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011. | 4.3 |
| 2011-06-09 | CVE-2011-1711 | Unauthorized Access vulnerability in Novell Data Synchronizer User Account Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors. | 5.5 |
| 2011-06-08 | CVE-2011-2386 | Code Injection vulnerability in Visiwave Site Survey 1.6.12/2.0.12/2.1 VisiWaveReport.exe in AZO Technologies, Inc. | 9.3 |
| 2011-06-08 | CVE-2011-1584 | Permissions, Privileges, and Access Controls vulnerability in Dotclear The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. | 6.5 |
| 2011-06-08 | CVE-2010-4663 | Unspecified vulnerability in Cmsmadesimple CMS Made Simple Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors. | 10.0 |