Security Vulnerabilities Published In July 2011

foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
Max Base Score
6.8
Published 2011-07-29
Updated 2017-08-29
EPSS 5.95%
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
Max Base Score
10.0
Published 2011-07-29
Updated 2011-08-01
EPSS 8.81%
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
Max Base Score
9.3
Published 2011-07-29
Updated 2017-08-29
EPSS 3.89%
Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.
Max Base Score
10.0
Published 2011-07-29
Updated 2011-08-01
EPSS 8.66%
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
Max Base Score
10.0
Published 2011-07-29
Updated 2011-08-01
EPSS 28.36%
Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.
Max Base Score
10.0
Published 2011-07-29
Updated 2011-08-01
EPSS 4.67%
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max Base Score
4.3
Published 2011-07-28
Updated 2017-08-29
EPSS 0.22%
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption.
Max Base Score
6.9
Published 2011-07-28
Updated 2011-08-12
EPSS 0.04%
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.
Max Base Score
7.8
Published 2011-07-28
Updated 2011-07-29
EPSS 1.48%
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference.
Max Base Score
4.3
Published 2011-07-27
Updated 2017-08-29
EPSS 3.32%
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Max Base Score
4.3
Published 2011-07-27
Updated 2011-07-29
EPSS 0.25%
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
Max Base Score
5.0
Published 2011-07-27
Updated 2017-08-29
EPSS 0.73%
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
Max Base Score
5.0
Published 2011-07-27
Updated 2017-08-29
EPSS 0.29%
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
Max Base Score
5.0
Published 2011-07-27
Updated 2017-08-29
EPSS 0.34%
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation.
Max Base Score
4.3
Published 2011-07-27
Updated 2017-08-29
EPSS 3.32%
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document.
Max Base Score
4.3
Published 2011-07-27
Updated 2017-08-29
EPSS 3.32%
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets.
Max Base Score
4.3
Published 2011-07-27
Updated 2017-08-29
EPSS 3.32%
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar.
Max Base Score
4.3
Published 2011-07-27
Updated 2017-08-29
EPSS 3.32%
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
Max Base Score
10.0
Published 2011-07-27
Updated 2017-08-29
EPSS 0.56%
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
Max Base Score
9.3
Published 2011-07-21
Updated 2011-07-22
EPSS 0.08%

CVE-2011-2882

Public exploit exists
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
Max Base Score
9.3
Published 2011-07-21
Updated 2011-09-22
EPSS 96.06%
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
Max Base Score
5.0
Published 2011-07-19
Updated 2018-10-09
EPSS 3.33%
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.
Max Base Score
3.6
Published 2011-07-19
Updated 2017-08-29
EPSS 0.04%
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.
Max Base Score
4.3
Published 2011-07-18
Updated 2017-09-19
EPSS 1.59%
Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.
Max Base Score
5.0
Published 2011-07-17
Updated 2017-08-29
EPSS 0.62%
307 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!