Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-06-06 | CVE-2011-1952 | Resource Management Errors vulnerability in Postrev Post Revolution common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence. | 5.0 |
2011-06-06 | CVE-2011-1950 | Permissions, Privileges, and Access Controls vulnerability in Plone 4.0/4.1 plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011. | 5.5 |
2011-06-06 | CVE-2011-1949 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. | 3.5 |
2011-06-06 | CVE-2011-1921 | Permissions, Privileges, and Access Controls vulnerability in Apache Subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. | 4.3 |
2011-06-06 | CVE-2011-1787 | Race Condition vulnerability in VMWare products Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory. | 6.9 |
2011-06-06 | CVE-2011-1783 | Resource Management Errors vulnerability in Apache Http Server and Subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. | 4.3 |
2011-06-06 | CVE-2011-1752 | Denial of Service and Information Disclosure vulnerability in Subversion 'mod_dav_svn' The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. | 5.0 |
2011-06-06 | CVE-2011-0767 | Cross-Site Scripting vulnerability in Imperva Securesphere web Application Firewall Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759. | 4.3 |
2011-06-06 | CVE-2011-0082 | Improper Input Validation vulnerability in Mozilla Firefox 4.0/4.0.1 The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server. | 4.3 |
2011-06-02 | CVE-2011-2331 | Numeric Errors vulnerability in HP Intelligent Management Center Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field. | 10.0 |