Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-23 | CVE-2011-3697 | Information Exposure vulnerability in Achievo 1.4.5 Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files. | 5.0 |
| 2011-09-23 | CVE-2011-3696 | Information Exposure vulnerability in 60Cyclecms Project 60Cyclecms 2.5.2 60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files. | 5.0 |
| 2011-09-23 | CVE-2011-3695 | Information Exposure vulnerability in 111Webcalendar 1.2.3 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files. | 5.0 |
| 2011-09-22 | CVE-2011-3210 | Resource Management Errors vulnerability in Openssl The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. | 5.0 |
| 2011-09-22 | CVE-2011-3207 | Permissions, Privileges, and Access Controls vulnerability in Openssl crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | 5.0 |
| 2011-09-22 | CVE-2011-2444 | Cross-Site Scripting vulnerability in Adobe Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. | 4.3 |
| 2011-09-22 | CVE-2011-2429 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." | 5.0 |
| 2011-09-21 | CVE-2011-3578 | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357. | 4.3 |
| 2011-09-21 | CVE-2011-3358 | Cross-Site Scripting vulnerability in Mantisbt Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library. | 4.3 |
| 2011-09-21 | CVE-2011-3357 | Path Traversal vulnerability in Mantisbt Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |