Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-07 | CVE-2011-0071 | Path Traversal vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. | 5.0 |
2011-05-07 | CVE-2011-0070 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. | 10.0 |
2011-05-07 | CVE-2011-0069 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. | 10.0 |
2011-05-07 | CVE-2011-0067 | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | 5.0 |
2011-05-07 | CVE-2011-0066 | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList. | 10.0 |
2011-05-07 | CVE-2011-0065 | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. | 10.0 |
2011-05-05 | CVE-2011-1906 | Credentials Management vulnerability in Trustwave Webdefend 2.0/3.0 Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | 5.0 |
2011-05-05 | CVE-2011-1905 | Cross-Site Request Forgery (CSRF) vulnerability in Proofpoint Messaging Security Gateway and Protection Server Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. | 6.8 |
2011-05-05 | CVE-2011-1904 | OS Command Injection vulnerability in Proofpoint Messaging Security Gateway and Protection Server An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. | 7.5 |
2011-05-05 | CVE-2011-1903 | SQL Injection vulnerability in Proofpoint Messaging Security Gateway and Protection Server SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |