CVE-2011-3392

This is an entry in the Common Vulnerability Index under number CVE-2011-3392. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-3392

Description: Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.

Continue Reading …

CVE-2011-2907

This is an entry in the Common Vulnerability Index under number CVE-2011-2907. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-2907

Description: Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.

Continue Reading …

CVE-2011-1679

This is an entry in the Common Vulnerability Index under number CVE-2011-1679. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-1679

Description: ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere,

Continue Reading …

CVE-2011-3878

This is an entry in the Common Vulnerability Index under number CVE-2011-3878. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-3878

Description: Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.

Continue Reading …

CVE-2011-3255

This is an entry in the Common Vulnerability Index under number CVE-2011-3255. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-3255

Description: CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.

Continue Reading …

CVE-2011-5204

This is an entry in the Common Vulnerability Index under number CVE-2011-5204. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-5204

Description: Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2011-0340

This is an entry in the Common Vulnerability Index under number CVE-2011-0340. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-0340

Description: Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05,

Continue Reading …

CVE-2011-2138

This is an entry in the Common Vulnerability Index under number CVE-2011-2138. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-2138

Description: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android,

Continue Reading …

CVE-2011-4757

This is an entry in the Common Vulnerability Index under number CVE-2011-4757. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-4757

Description: Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation,

Continue Reading …

CVE-2011-4831

This is an entry in the Common Vulnerability Index under number CVE-2011-4831. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-4831

Description: Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.

Continue Reading …