Security Vulnerabilities, CVEs, Published In July 2011
Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that (1) disable the current user account, (2) add user accounts, or (3) modify user accounts to have administrator privileges.
Max CVSS
6.8
EPSS Score
0.16%
Published
2011-07-27
Updated
2017-08-17
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
Max CVSS
9.3
EPSS Score
0.33%
Published
2011-07-21
Updated
2011-07-22
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.
Max CVSS
4.3
EPSS Score
0.11%
Published
2011-07-21
Updated
2011-07-22
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
Max CVSS
6.8
EPSS Score
0.44%
Published
2011-07-18
Updated
2018-10-10
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Max CVSS
4.3
EPSS Score
0.45%
Published
2011-07-14
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.
Max CVSS
4.3
EPSS Score
0.32%
Published
2011-07-14
Updated
2017-08-17
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
Max CVSS
5.5
EPSS Score
0.05%
Published
2011-07-18
Updated
2023-02-13
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.
Max CVSS
7.8
EPSS Score
0.04%
Published
2011-07-18
Updated
2023-02-13
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-07-08
Updated
2017-08-29
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-07-08
Updated
2017-08-29
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php.
Max CVSS
7.5
EPSS Score
1.18%
Published
2011-07-08
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action.
Max CVSS
4.3
EPSS Score
0.19%
Published
2011-07-08
Updated
2017-08-29
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php.
Max CVSS
6.5
EPSS Score
0.23%
Published
2011-07-08
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
Max CVSS
3.5
EPSS Score
0.11%
Published
2011-07-08
Updated
2017-08-29
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-07-08
Updated
2017-08-29
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.
Max CVSS
5.0
EPSS Score
0.08%
Published
2011-07-21
Updated
2011-07-22
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.
Max CVSS
9.3
EPSS Score
0.88%
Published
2011-07-21
Updated
2011-10-14
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
Max CVSS
9.3
EPSS Score
1.09%
Published
2011-07-21
Updated
2013-02-07
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.
Max CVSS
4.3
EPSS Score
0.18%
Published
2011-07-21
Updated
2011-07-22
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
Max CVSS
9.3
EPSS Score
6.22%
Published
2011-07-21
Updated
2011-10-21
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.
Max CVSS
5.8
EPSS Score
0.16%
Published
2011-07-21
Updated
2011-07-22
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
Max CVSS
9.3
EPSS Score
6.22%
Published
2011-07-21
Updated
2011-10-21
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
Max CVSS
9.3
EPSS Score
54.64%
Published
2011-07-21
Updated
2011-10-21
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
Max CVSS
9.3
EPSS Score
1.04%
Published
2011-07-21
Updated
2011-10-14
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
Max CVSS
9.3
EPSS Score
6.22%
Published
2011-07-21
Updated
2011-10-21