Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-03-16 | CVE-2011-0889 | Remote Code Execution vulnerability in HP Client Automation Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2011-03-16 | CVE-2011-0751 | Path Traversal vulnerability in Nazgul Nostromo Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | 7.5 |
2011-03-16 | CVE-2011-0745 | Improper Input Validation vulnerability in Sugarcrm SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | 4.0 |
2011-03-16 | CVE-2011-0648 | Remote Privilege Escalation vulnerability in EMC Avamar (CVE-2011-0648) Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors. network emc | 8.5 |
2011-03-16 | CVE-2011-0442 | Cryptographic Issues vulnerability in EMC Avamar The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network. | 3.5 |
2011-03-16 | CVE-2011-0411 | Permissions, Privileges, and Access Controls vulnerability in Postfix The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. | 6.8 |
2011-03-16 | CVE-2011-0322 | Security Bypass vulnerability in RSA Access Manager Server Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors. | 7.5 |
2011-03-15 | CVE-2011-1427 | Cross-Site Scripting vulnerability in Kodak Insite 5.5.2 Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp. | 4.3 |
2011-03-15 | CVE-2011-1147 | Buffer Errors vulnerability in Digium Asterisk, Asterisknow and S800I Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet. | 6.8 |
2011-03-15 | CVE-2011-1092 | Numeric Errors vulnerability in PHP Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. | 7.5 |