Weekly Vulnerabilities Reports > September 19 to 25, 2011
Overview
169 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 175 products from 153 vendors including Google, Apple, Microsoft, Linux, and Adobe. Vulnerabilities are notably categorized as "Information Exposure", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 167 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 165 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-21 | CVE-2011-3290 | Cisco | Credentials Management vulnerability in Cisco products Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135. | 10.0 |
2011-09-21 | CVE-2011-2412 | HP | Unspecified vulnerability in HP Business Service Automation Essentials 2.01 Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2011-09-20 | CVE-2011-3577 | IBM | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. | 10.0 |
2011-09-19 | CVE-2011-2738 | Cisco EMC | Remote Code Execution vulnerability in Multiple Cisco Products Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. | 10.0 |
2011-09-22 | CVE-2011-2430 | Adobe Apple Linux Microsoft SUN | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability." | 9.3 |
2011-09-22 | CVE-2011-2428 | Adobe Apple Linux Microsoft SUN | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." | 9.3 |
2011-09-22 | CVE-2011-2427 | Adobe Apple Linux Microsoft SUN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | 9.3 |
2011-09-22 | CVE-2011-2426 | Adobe Apple Linux Microsoft SUN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2011-09-20 | CVE-2011-3360 | Wireshark | Unspecified vulnerability in Wireshark Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. | 9.3 |
2011-09-23 | CVE-2011-2543 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496. | 9.0 |
2011-09-19 | CVE-2011-3575 | IBM | Buffer Errors vulnerability in IBM Lotus Domino 8.5.2 Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. | 9.0 |
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-19 | CVE-2011-1740 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain. | 7.7 |
2011-09-23 | CVE-2011-2766 | Fast CGI Project Debian | Improper Authentication vulnerability in multiple products The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. | 7.5 |
2011-09-22 | CVE-2011-1913 | Mercator | SQL Injection vulnerability in Mercator Sentinel 2.0 SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
154 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-21 | CVE-2011-3357 | Mantisbt | Path Traversal vulnerability in Mantisbt Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2011-09-20 | CVE-2011-1911 | Jasperforge | Cross-Site Request Forgery (CSRF) vulnerability in Jasperforge Jasperreports Server Community Project 3.7.0/3.7.1 JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach. | 6.8 |
2011-09-24 | CVE-2011-3826 | Zikula | Information Exposure vulnerability in Zikula 1.2.4 Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3825 | Zend | Information Exposure vulnerability in Zend Framework and Server Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3824 | Yourls | Information Exposure vulnerability in Yourls 1.5 Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3823 | Yamamah | Information Exposure vulnerability in Yamamah 1.0 Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3822 | Xoops | Information Exposure vulnerability in Xoops 2.5.0 XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3821 | Xajax Project | Information Exposure vulnerability in Xajax-Project Xajax 0.6 xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plugin_layer/xajaxScriptPlugin.inc.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3820 | Webmastersite | Information Exposure vulnerability in Webmastersite WSN Software 6.0.6 WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/prestart.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3819 | 53X11 | Information Exposure vulnerability in 53X11 WOW Server Status 4.1 WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3818 | Wordpress | Information Exposure vulnerability in Wordpress 2.9.2/3.0.4 WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3817 | Websitebaker2 | Information Exposure vulnerability in Websitebaker2 Website Baker 2.8.1 Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3816 | Webinsta | Information Exposure vulnerability in Webinsta Mailing List Manager 1.3E WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3815 | Webidsupport | Information Exposure vulnerability in Webidsupport Webid 1.0.0 WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3814 | K5N | Information Exposure vulnerability in K5N Webcalendar 1.2.3 WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3813 | Vwar | Information Exposure vulnerability in Vwar Virtual WAR 1.5.0 Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3812 | Vanillaforums | Information Exposure vulnerability in Vanillaforums Vanilla 2.0.16 Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3811 | Tomatocart | Information Exposure vulnerability in Tomatocart 1.1.3 TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3810 | Tinywebgallery | Information Exposure vulnerability in Tinywebgallery 1.8.3 TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php. | 5.0 |
2011-09-24 | CVE-2011-3809 | Thehostingtool | Information Exposure vulnerability in Thehostingtool 1.2.3 TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3808 | Thebuggenie | Information Exposure vulnerability in Thebuggenie the BUG Genie 2.1.2 The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3807 | Textpattern | Information Exposure vulnerability in Textpattern 4.2.0 Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3806 | Tecnick | Information Exposure vulnerability in Tecnick Tcexam 11.1.015 TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3805 | Taskfreak | Information Exposure vulnerability in Taskfreak Taskfreak! Multi-Mysql 0.6 TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3804 | Basic CMS | Information Exposure vulnerability in Basic-Cms Sweetrice 0.7.1 SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php. | 5.0 |
2011-09-24 | CVE-2011-3803 | Sugarcrm | Information Exposure vulnerability in Sugarcrm 6.1.0 SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3802 | Status | Information Exposure vulnerability in Status Statusnet 0.9.6 StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3801 | Simpletest | Information Exposure vulnerability in Simpletest 1.0.1 SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3800 | S9Y | Information Exposure vulnerability in S9Y Serendipity 1.5.5 Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3799 | Elazos | Information Exposure vulnerability in Elazos Reos 2.0.5 ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3798 | Rapidleech | Information Exposure vulnerability in Rapidleech 2.3 Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3797 | Projectpier | Information Exposure vulnerability in Projectpier 0.8.0.3 ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3796 | Prestashop | Information Exposure vulnerability in Prestashop 1.4.0.6 PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3795 | Betella | Information Exposure vulnerability in Betella Podcast Generator 1.3 Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3794 | Pligg | Information Exposure vulnerability in Pligg CMS 1.1.3 Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3793 | Lucidcrew | Information Exposure vulnerability in Lucidcrew Pixie 1.04 Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3792 | Pixelpost | Information Exposure vulnerability in Pixelpost 1.7.3 Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3791 | Matomo | Information Exposure vulnerability in Matomo 1.1 Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3790 | Piwigo | Information Exposure vulnerability in Piwigo 2.1.5 Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3789 | Phpwcms | Information Exposure vulnerability in PHPwcms 1.4.7 phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3788 | Phpsec | Information Exposure vulnerability in PHPsec PHPsecinfo 0.2.1 PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suhosin.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3787 | Nick Korbel | Information Exposure vulnerability in Nick Korbel PHPscheduleit 1.2.12 phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3786 | Phprojekt | Information Exposure vulnerability in PHProjekt 6.0.5 PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php. | 5.0 |
2011-09-24 | CVE-2011-3785 | Phppointofsale | Information Exposure vulnerability in PHPpointofsale PHP Point of Sale 10.7 PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3784 | Phpnuke | Information Exposure vulnerability in PHPnuke PHP-Nuke 8.0 Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3783 | Phpmyfaq | Information Exposure vulnerability in PHPmyfaq 2.6.13 phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3782 | Phplinkdirectory | Information Exposure vulnerability in PHPlinkdirectory PHPld 2151.2.0 phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3781 | Phpids | Information Exposure vulnerability in PHPids 0.6.5 PHPIDS 0.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/IDS/VersionTest.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3780 | Phpicalendar | Information Exposure vulnerability in PHPicalendar PHP Icalendar 2.4 PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3779 | Idevspot | Information Exposure vulnerability in Idevspot PHPhostbot 2.0 PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3778 | Phpgedview | Information Exposure vulnerability in PHPgedview 4.2.3 PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3777 | Phpfreechat | Information Exposure vulnerability in PHPfreechat 1.3 phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3776 | Musawir ALI | Information Exposure vulnerability in Musawir ALI PHPformgenerator 2.09 phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php. | 5.0 |
2011-09-24 | CVE-2011-3775 | Litoweb | Information Exposure vulnerability in Litoweb PHPfilenavigator 2.3.3 PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3774 | Bishop Bettini | Information Exposure vulnerability in Bishop Bettini PHPesp 2.1.1 php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3773 | Phpdevshell | Information Exposure vulnerability in PHPdevshell 3.0.0 PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by gzip.php. | 5.0 |
2011-09-24 | CVE-2011-3772 | PHP Collab | Information Exposure vulnerability in PHP-Collab PHPcollab 2.5 phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3771 | GNU | Information Exposure vulnerability in GNU PHPbook 2.1.0 phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3770 | Phpalbum | Information Exposure vulnerability in PHPalbum 0.4.1.14 phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3769 | Blondish | Information Exposure vulnerability in Blondish PHPads 2.0 PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php. | 5.0 |
2011-09-24 | CVE-2011-3768 | Phorum | Information Exposure vulnerability in Phorum 5.2.15A Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3767 | Oscommerce | Information Exposure vulnerability in Oscommerce 3.0A5 osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php. | 5.0 |
2011-09-24 | CVE-2011-3766 | Orangehrm | Information Exposure vulnerability in Orangehrm 2.6.0.2 OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3765 | Open Realty | Information Exposure vulnerability in Open-Realty 2.5.8 Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3764 | Opendocman | Information Exposure vulnerability in Opendocman 1.2.6Svn20110121 OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3763 | Opencart | Information Exposure vulnerability in Opencart 1.4.9.3 OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3762 | Open Blog | Information Exposure vulnerability in Open-Blog Openblog 1.2.1 OpenBlog 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3761 | Dietrich Ayala | Information Exposure vulnerability in Dietrich Ayala Nusoap 0.9.5 NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files. | 5.0 |
2011-09-24 | CVE-2011-3760 | Nucleuscms | Information Exposure vulnerability in Nucleuscms Nucleus CMS 3.61 Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3759 | Mybb | Information Exposure vulnerability in Mybb 1.6.0 MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3758 | Moundlabs | Information Exposure vulnerability in Moundlabs ::Mound:: 2.1.6 ::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smarty_internal_template.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3757 | Moodle | Information Exposure vulnerability in Moodle 2.0.1 Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3756 | Microblog | Information Exposure vulnerability in Microblog 0.9.5 MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3755 | Mantisbt | Information Exposure vulnerability in Mantisbt 1.2.4 MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3754 | Mambo Foundation | Information Exposure vulnerability in Mambo-Foundation Mambo 4.6.5 Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3753 | Linpha | Information Exposure vulnerability in Linpha 1.3.4 LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3752 | Limesurvey | Information Exposure vulnerability in Limesurvey 1.90+ LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3751 | Lifetype | Information Exposure vulnerability in Lifetype 1.2.10 LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbehavior/pluginbadbehavior.class.php. | 5.0 |
2011-09-23 | CVE-2011-3750 | Kplaylist | Information Exposure vulnerability in Kplaylist 1.8.502 kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3749 | Maptools | Information Exposure vulnerability in Maptools Ka-Map 1.020070205 ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3748 | Kamads Classifieds | Information Exposure vulnerability in Kamads Classifieds 2 B3 Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2A_XHTML/style/view.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3747 | Joomla | Information Exposure vulnerability in Joomla Joomla! 1.6.0 Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. | 5.0 |
2011-09-23 | CVE-2011-3746 | Jcow | Information Exposure vulnerability in Jcow 4.2.1 Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3745 | Hycus | Information Exposure vulnerability in Hycus CMS 1.0.3 HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php. | 5.0 |
2011-09-23 | CVE-2011-3744 | Htmlpurifier | Information Exposure vulnerability in Htmlpurifier Html Purifier 4.2.0 HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3743 | Hesk | Information Exposure vulnerability in Hesk 2.2 Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3742 | Helpcenterlive | Information Exposure vulnerability in Helpcenterlive Helpcenter Live 2.1.7 HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3741 | Ganglia | Information Exposure vulnerability in Ganglia 3.1.7 Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3740 | Frontaccounting | Information Exposure vulnerability in Frontaccounting 2.3.1 FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3739 | Openfreeway | Information Exposure vulnerability in Openfreeway Freeway 1.5 Freeway 1.5 Alpha allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/Freeway/boxes/last_product.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3738 | Fengoffice | Information Exposure vulnerability in Fengoffice Feng Office 1.7.2 Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3737 | Eyeos | Information Exposure vulnerability in Eyeos 2.2.0.0 eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3736 | Exoscripts | Information Exposure vulnerability in Exoscripts Exophpdesk 1.2.1 ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3735 | Escortwebsitedesign | Information Exposure vulnerability in Escortwebsitedesign Escort-Agency-Cms Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethumb.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3734 | Energine | Information Exposure vulnerability in Energine 2.3.8 Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3733 | Elgg | Information Exposure vulnerability in Elgg 1.7.6 Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3732 | Eggblog | Information Exposure vulnerability in Eggblog 4.1.2 eggBlog 4.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3731 | E107 | Information Exposure vulnerability in E107 0.7.24 e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3730 | Drupal | Information Exposure vulnerability in Drupal 7.0 Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3729 | Dotproject | Information Exposure vulnerability in Dotproject 2.1.4 dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3728 | Boonex | Information Exposure vulnerability in Boonex Dolphin 7.0.4 Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3727 | Dokuwiki | Information Exposure vulnerability in Dokuwiki 20091225C DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3726 | Docebo | Information Exposure vulnerability in Docebo Docebolms 4.0.4 DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/show.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3725 | Deluxebb | Information Exposure vulnerability in Deluxebb 1.3 DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by header_html.php. | 5.0 |
2011-09-23 | CVE-2011-3724 | Cubecart | Information Exposure vulnerability in Cubecart 4.4.3 CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3723 | Craftysyntax | Information Exposure vulnerability in Craftysyntax Crafty Syntax 3.0.2 Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3722 | Coppermine Gallery | Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.12 Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3721 | Concrete5 | Information Exposure vulnerability in Concrete5 Concrete 5.4.0.5/5.4.1/5.4.1.1 concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3720 | Conceptcms | Information Exposure vulnerability in Conceptcms 5.3.1 conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by sys_libs/umlib/um_authserver.inc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3719 | Codeigniter | Information Exposure vulnerability in Codeigniter 1.7.2 CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3718 | Cmsmadesimple | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple 1.9.2 CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3717 | Clip Bucket | Information Exposure vulnerability in Clip-Bucket Clipbucket 2.0.9 ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3716 | Claroline | Information Exposure vulnerability in Claroline 1.9.7 Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3715 | Clantiger | Information Exposure vulnerability in Clantiger 1.1.3 ClanTiger 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/statistics.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3714 | Csphere | Information Exposure vulnerability in Csphere Clansphere 2010.0 ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php. | 5.0 |
2011-09-23 | CVE-2011-3713 | Powerdrummer | Information Exposure vulnerability in Powerdrummer Cftp R80 cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3712 | Cakefoundation | Information Exposure vulnerability in Cakefoundation Cakephp 1.3.7 CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3711 | Bigace | Information Exposure vulnerability in Bigace 2.7.5 BIGACE 2.7.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/libs/javascript.inc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3710 | Bbpress | Information Exposure vulnerability in Bbpress 1.0.2 bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3709 | B2Evolution | Information Exposure vulnerability in B2Evolution 3.3.3 b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3708 | Automne CMS | Information Exposure vulnerability in Automne-Cms Automne 4.0.2 Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php. | 5.0 |
2011-09-23 | CVE-2011-3707 | Janrain | Information Exposure vulnerability in Janrain PHP-Openid 2.2.2 JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3706 | Atutor | Information Exposure vulnerability in Atutor 2.0 ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3705 | Michael Armbruster | Information Exposure vulnerability in Michael Armbruster Arctic FOX CMS 0.9.4 Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3704 | Apprain | Information Exposure vulnerability in Apprain 0.1.0 appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php. | 5.0 |
2011-09-23 | CVE-2011-3703 | Anecms | Information Exposure vulnerability in Anecms 1.0 AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3702 | Anantasoft | Information Exposure vulnerability in Anantasoft Ananta Gazelle 1.0 Ananta Gazelle 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/template.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3701 | Alegrocart | Information Exposure vulnerability in Alegrocart 1.2.3 AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3700 | Anelectron | Information Exposure vulnerability in Anelectron Advanced Electron Forum 1.0.8 Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php. | 5.0 |
2011-09-23 | CVE-2011-3699 | John LIM | Information Exposure vulnerability in John LIM Adodb 5.11 John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3698 | Adaptcms | Information Exposure vulnerability in Adaptcms 2.0.2 AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3697 | Achievo | Information Exposure vulnerability in Achievo 1.4.5 Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3696 | 60Cyclecms Project | Information Exposure vulnerability in 60Cyclecms Project 60Cyclecms 2.5.2 60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files. | 5.0 |
2011-09-23 | CVE-2011-3695 | 111Webcalendar | Information Exposure vulnerability in 111Webcalendar 1.2.3 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files. | 5.0 |
2011-09-22 | CVE-2011-3210 | Openssl | Resource Management Errors vulnerability in Openssl The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. | 5.0 |
2011-09-22 | CVE-2011-3207 | Openssl | Permissions, Privileges, and Access Controls vulnerability in Openssl crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | 5.0 |
2011-09-22 | CVE-2011-2429 | Adobe Apple Linux Microsoft SUN | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." | 5.0 |
2011-09-20 | CVE-2011-1509 | Manageengine | Cryptographic Issues vulnerability in Manageengine Servicedesk Plus 8.0 The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2011-09-19 | CVE-2011-3234 | Google Apple | Out-Of-Bounds Read vulnerability in Google Chrome Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 |
2011-09-20 | CVE-2011-2925 | Redhat | Improper Authentication vulnerability in Redhat Enterprise MRG 2.0 Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | 4.6 |
2011-09-22 | CVE-2011-2444 | Adobe Apple Linux Microsoft SUN | Cross-Site Scripting vulnerability in Adobe Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. | 4.3 |
2011-09-21 | CVE-2011-3578 | Mantisbt | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357. | 4.3 |
2011-09-21 | CVE-2011-3358 | Mantisbt | Cross-Site Scripting vulnerability in Mantisbt Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library. | 4.3 |
2011-09-21 | CVE-2011-3356 | Mantisbt | Cross-Site Scripting vulnerability in Mantisbt Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php. | 4.3 |
2011-09-21 | CVE-2011-2938 | Mantisbt | Cross-Site Scripting vulnerability in Mantisbt Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php. | 4.3 |
2011-09-21 | CVE-2011-2937 | Roundcube | Cross-Site Scripting vulnerability in Roundcube Webmail Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. | 4.3 |
2011-09-20 | CVE-2011-3484 | Wireshark | Improper Input Validation vulnerability in Wireshark 1.6.0/1.6.1 The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. | 4.3 |
2011-09-20 | CVE-2011-3483 | Wireshark | Buffer Errors vulnerability in Wireshark 1.6.0/1.6.1 Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." | 4.3 |
2011-09-20 | CVE-2011-3482 | Wireshark | Resource Management Errors vulnerability in Wireshark 1.6.0/1.6.1 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 4.3 |
2011-09-20 | CVE-2011-2672 | Christian Weiske | Cross-Site Scripting vulnerability in Christian Weiske Semanticscuttle Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-09-20 | CVE-2011-1510 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
2011-09-19 | CVE-2011-3576 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.2 Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. | 4.3 |
2011-09-19 | CVE-2011-3424 | Tibco | Cross-Site Scripting vulnerability in Tibco products Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
2011-09-19 | CVE-2011-3423 | Tibco | Cross-Site Scripting vulnerability in Tibco products Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-23 | CVE-2011-2544 | Cisco | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. | 3.5 |