Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-04-27 | CVE-2011-1599 | Improper Input Validation vulnerability in Digium Asterisk manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. | 9.0 |
| 2011-04-27 | CVE-2011-1580 | Improper Input Validation vulnerability in Mediawiki The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request. | 3.5 |
| 2011-04-27 | CVE-2011-1579 | Improper Input Validation vulnerability in Mediawiki The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments. | 5.8 |
| 2011-04-27 | CVE-2011-1578 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . | 4.3 |
| 2011-04-27 | CVE-2011-1507 | Resource Management Errors vulnerability in Digium Asterisk Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. | 5.0 |
| 2011-04-27 | CVE-2010-4801 | Path Traversal vulnerability in Baconmap 1.0 Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. | 6.0 |
| 2011-04-27 | CVE-2010-4800 | SQL Injection vulnerability in Baconmap 1.0 SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. | 7.5 |
| 2011-04-27 | CVE-2010-4799 | SQL Injection vulnerability in Chipmunk-Scripts Pwngame 1.0 Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. | 6.8 |
| 2011-04-27 | CVE-2010-4798 | Path Traversal vulnerability in Orangehrm 2.6.0.1 Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter. | 6.8 |
| 2011-04-27 | CVE-2010-4797 | SQL Injection vulnerability in Truworthit Flex Timesheet Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | 7.5 |