Latest CVE Vulnerabilities

CVE-2010-0939 (abb_forum)
(03/08/2010) Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. Read More

CVE-2010-0938 (todoo_forum)
(03/08/2010) Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action. Read More

CVE-2010-0937 (visualization_library)
(03/08/2010) Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors. Read More

CVE-2010-0936 (dkvm-ip8)
(03/08/2010) Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. Read More

CVE-2009-4679 (com_if_nexus)
(03/08/2010) Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Read More

CVE-2009-4678 (winn_guestbook)
(03/08/2010) Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Read More

CVE-2009-4677 (phpfk_php_forum)
(03/08/2010) Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are ... Read More

CVE-2010-0935 (perforce_server)
(03/05/2010) Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. Read More

CVE-2010-0934 (perforce_server)
(03/05/2010) The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. Read More

CVE-2010-0933 (perforce_server)
(03/05/2010) Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. Read More


For more information on any of our services, sign up here!



Press Releases (View All)

January 8, 2010 Digital Defense Receives Major Vulnerability Scanner Validation From NIST View

Upcoming Webinars (View All)

March 10, 2010 Streamline Vulnerability Management with the Active View

March 18, 2010 Social Networks — Hackers Love Them Too

March 24, 2010 Maximize Threat Analysis with the RRC (Risks, Ratings and Certification)




Security Training Education and Awareness Demo


See available DDI RSS feeds              Click here to follow Digital Defense on Twitter!              Click here to follow Digital Defense on LinkedIn!

Valid XHTML 1.0 Transitional Valid CSS!

This site has been optimized for FF2/3 and IE7/IE8. Site functionality may be reduced when utilized with other web browsing software.