Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-13 | CVE-2011-1269 | Improper Input Validation vulnerability in Microsoft products Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability." | 9.3 |
2011-05-13 | CVE-2011-1248 | Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008 WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." | 9.3 |
2011-05-13 | CVE-2011-0995 | Permissions, Privileges, and Access Controls vulnerability in multiple products The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | 2.1 |
2011-05-13 | CVE-2011-0761 | NULL Pointer Dereference Denial Of Service vulnerability in Perl 5.10.0/5.10.1 Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. | 5.0 |
2011-05-13 | CVE-2011-0341 | Buffer Errors vulnerability in Artifex Mupdf 2008.09.02 Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site. | 9.3 |
2011-05-10 | CVE-2011-2081 | Information Exposure vulnerability in Inventivetec Mediacast MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree. | 5.0 |
2011-05-10 | CVE-2011-2080 | SQL Injection vulnerability in Inventivetec Mediacast Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finished.cfm. | 7.5 |
2011-05-10 | CVE-2011-2079 | Improper Input Validation vulnerability in Inventivetec Mediacast MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue. | 7.5 |
2011-05-10 | CVE-2011-2078 | Cross-Site Scripting vulnerability in Inventivetec Mediacast Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-05-10 | CVE-2011-2077 | Configuration vulnerability in Inventivetec Mediacast The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session. | 7.5 |