foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
Max CVSS
6.8
EPSS Score
6.54%
Published
2011-07-29
Updated
2017-08-29
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
Max CVSS
10.0
EPSS Score
12.06%
Published
2011-07-29
Updated
2011-08-01
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
Max CVSS
9.3
EPSS Score
3.89%
Published
2011-07-29
Updated
2017-08-29
Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.
Max CVSS
10.0
EPSS Score
1.84%
Published
2011-07-29
Updated
2011-08-01
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
Max CVSS
10.0
EPSS Score
6.89%
Published
2011-07-29
Updated
2011-08-01
Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.
Max CVSS
10.0
EPSS Score
0.93%
Published
2011-07-29
Updated
2011-08-01
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2011-07-28
Updated
2017-08-29
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-07-28
Updated
2011-08-12
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.
Max CVSS
7.8
EPSS Score
0.67%
Published
2011-07-28
Updated
2011-07-29
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Max CVSS
4.3
EPSS Score
2.20%
Published
2011-07-27
Updated
2011-07-29
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
Max CVSS
5.0
EPSS Score
0.73%
Published
2011-07-27
Updated
2017-08-29
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-07-27
Updated
2017-08-29
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
Max CVSS
5.0
EPSS Score
0.34%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
Max CVSS
10.0
EPSS Score
0.56%
Published
2011-07-27
Updated
2017-08-29
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
Max CVSS
9.3
EPSS Score
0.08%
Published
2011-07-21
Updated
2011-07-22

CVE-2011-2882

Public exploit
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
Max CVSS
9.3
EPSS Score
96.37%
Published
2011-07-21
Updated
2011-09-22
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
Max CVSS
5.0
EPSS Score
3.33%
Published
2011-07-19
Updated
2018-10-09
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.
Max CVSS
3.6
EPSS Score
0.04%
Published
2011-07-19
Updated
2017-08-29
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.
Max CVSS
4.3
EPSS Score
1.59%
Published
2011-07-18
Updated
2017-09-19
Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.
Max CVSS
5.0
EPSS Score
0.62%
Published
2011-07-17
Updated
2017-08-29
302 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!