Alert Before Your Post <= 0.1.1 - Cross-Site Scripting

A cross-site scripting vulnerability in postalert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. id: CVE-2011-5107 info: name: Alert Before Your Post = 0.1.1 - Cross-Site...

Adminimize 1.7.22 - Cross-Site Scripting

A cross-site scripting vulnerability in adminimize/adminimizepage.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4926 info: name: Adminimize 1.7.22 - Cross-Site Scripting author: daffainf...

Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal

A directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...

WebTitan < 3.60 - Local File Inclusion

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. dot dot in the fname parameter in a view action. id: CVE-2011-4640 info: name: WebTitan 3.60 - Local File Inclusion author: ctflearner severity:...

Orchard 'ReturnUrl' Parameter URI - Open Redirect

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. id: CVE-2011-52...

Joomla! Component com_kp - 'Controller' Local File Inclusion

A directory traversal vulnerability in the obSuggest comobsuggest component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2011-4804 info: name: Joomla! Component comkp - 'Controller' Local File Inclusion...

Linux Distros Unpatched Vulnerability : CVE-2011-2826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins. CVE-2011-2826 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2011-1462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application...

CVE-2011-3548 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-25-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-17-openj9...

DEBIAN-CVE-2011-4945

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication...

ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-343 December 7, 2011 - -- CVE ID: CVE2011-4260 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

CVE-2011-3974

Integer signedness error in the decoderesidualinter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service incorrect write operation and application crash via an invalid bitstream in a Chinese AVS video aka CAVS file,...