Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-29 | CVE-2011-1176 | The configuration merger in itk.c in the Steinar H. | 4.3 |
| 2011-03-29 | CVE-2011-0892 | Cross-Site Scripting vulnerability in HP Diagnostics 7.5/8.0 Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2011-03-29 | CVE-2011-0728 | Cross-Site Scripting vulnerability in Michael Hudson-Doyle Loggerhead Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. | 3.5 |
| 2011-03-29 | CVE-2010-1675 | Resource Management Errors vulnerability in Quagga bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. | 5.0 |
| 2011-03-29 | CVE-2010-1674 | Denial Of Service vulnerability in Quagga BGP Daemon Null Pointer Deference The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. | 5.0 |
| 2011-03-28 | CVE-2011-1524 | Cross-Site Scripting vulnerability in Symantec Liveupdate Administrator Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545. | 4.3 |
| 2011-03-28 | CVE-2011-1420 | Permissions, Privileges, and Access Controls vulnerability in multiple products EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | 7.2 |
| 2011-03-28 | CVE-2011-0760 | Cross-Site Request Forgery (CSRF) vulnerability in Adminofsystem WP Related Posts 1.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter. | 4.3 |
| 2011-03-28 | CVE-2011-0545 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Liveupdate Administrator 2.2.2.9 Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter. | 6.8 |
| 2011-03-28 | CVE-2011-0458 | Unspecified vulnerability in Google Picasa 3.6 Untrusted search path vulnerability in the Locate on Disk feature in Google Picasa before 3.8 allows local users to gain privileges via a Trojan horse executable file in the current working directory. local google | 6.9 |