Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-04-19 | CVE-2011-1721 | Cross-Site Request Forgery (CSRF) vulnerability in Obspm Webjaxe 1.02 Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. | 4.3 |
2011-04-19 | CVE-2011-0412 | Credentials Management vulnerability in SUN Sunos 5.10/5.8/5.9 Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | 2.1 |
2011-04-19 | CVE-2009-5071 | Remote Security vulnerability in Palm Pre Webos Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file." | 10.0 |
2011-04-18 | CVE-2011-1717 | Permissions, Privileges, and Access Controls vulnerability in Skype for Android Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information. | 2.1 |
2011-04-18 | CVE-2011-1716 | Cross-Site Scripting vulnerability in Xymon Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-04-18 | CVE-2011-1715 | Path Traversal vulnerability in Qooxdoo 1.3 Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter. | 5.0 |
2011-04-18 | CVE-2011-1714 | Cross-Site Scripting vulnerability in Qooxdoo 1.3 Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | 4.3 |
2011-04-18 | CVE-2011-1518 | Cross-Site Scripting vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-04-18 | CVE-2011-1496 | Permissions, Privileges, and Access Controls vulnerability in Nicholas Marriott Tmux 1.3/1.4 tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option. | 4.6 |
2011-04-18 | CVE-2011-1426 | Remote Code Execution vulnerability in Real Networks RealPlayer 'OpenURLInDefaultBrowser()' Function The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file. | 9.3 |