Security Vulnerabilities, CVEs, Published In July 2011 CVSS score >= 5

foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.

TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.

Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.

Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.

Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.

Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.

Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption.

AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.

templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.

Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.

Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.

Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.

SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.