Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-09 | CVE-2011-1015 | Information Exposure vulnerability in Python 3.0 The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. | 5.0 |
2011-05-09 | CVE-2011-0426 | Path Traversal vulnerability in VMWare Vcenter and Virtualcenter Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | 4.3 |
2011-05-09 | CVE-2010-4284 | SQL Injection vulnerability in Samsung Data Management Server 1.3.3/1.4.1 SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-05-09 | CVE-2011-1547 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netbsd Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers. | 6.8 |
2011-05-09 | CVE-2011-1324 | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. | 5.8 |
2011-05-09 | CVE-2011-1323 | Improper Input Validation vulnerability in Yamaha products Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location. | 7.8 |
2011-05-07 | CVE-2011-1736 | Path Traversal vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11 Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. | 8.5 |
2011-05-07 | CVE-2011-1735 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11 Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message. | 10.0 |
2011-05-07 | CVE-2011-1734 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11 Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message. | 10.0 |
2011-05-07 | CVE-2011-1733 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11 Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message. | 10.0 |