Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-06-08 | CVE-2011-2386 | Code Injection vulnerability in Visiwave Site Survey 1.6.12/2.0.12/2.1 VisiWaveReport.exe in AZO Technologies, Inc. | 9.3 |
2011-06-08 | CVE-2010-4663 | Unspecified vulnerability in Cmsmadesimple CMS Made Simple Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors. | 10.0 |
2011-06-06 | CVE-2011-2217 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document. | 9.3 |
2011-06-02 | CVE-2011-2331 | Numeric Errors vulnerability in HP Intelligent Management Center Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field. | 10.0 |
2011-06-02 | CVE-2011-2330 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Management Framework Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220. | 9.0 |
2011-06-02 | CVE-2011-2024 | Credentials Management vulnerability in Cisco CNS Network Registrar Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | 10.0 |
2011-06-02 | CVE-2011-1623 | Credentials Management vulnerability in Cisco products Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | 10.0 |
2011-06-02 | CVE-2011-1220 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Management Framework Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field. | 9.0 |
2011-06-02 | CVE-2011-2040 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934. | 9.3 |
2011-05-31 | CVE-2011-2214 | Remote Memory Corruption vulnerability in 7T Interactive Graphical SCADA System Malformed ODBC Packet Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers memory corruption related to an "invalid structure being used." | 10.0 |