Security Vulnerabilities, CVEs, Published In July 2011
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
Max CVSS
6.8
EPSS Score
6.54%
Published
2011-07-29
Updated
2017-08-29
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
Max CVSS
10.0
EPSS Score
14.25%
Published
2011-07-29
Updated
2011-08-01
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
Max CVSS
9.3
EPSS Score
3.89%
Published
2011-07-29
Updated
2017-08-29
Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.
Max CVSS
10.0
EPSS Score
1.84%
Published
2011-07-29
Updated
2011-08-01
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
Max CVSS
10.0
EPSS Score
8.34%
Published
2011-07-29
Updated
2011-08-01
Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.
Max CVSS
10.0
EPSS Score
0.93%
Published
2011-07-29
Updated
2011-08-01
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2011-07-28
Updated
2017-08-29
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-07-28
Updated
2011-08-12
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.
Max CVSS
7.8
EPSS Score
0.66%
Published
2011-07-28
Updated
2011-07-29
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Max CVSS
4.3
EPSS Score
2.20%
Published
2011-07-27
Updated
2011-07-29
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
Max CVSS
5.0
EPSS Score
0.73%
Published
2011-07-27
Updated
2017-08-29
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-07-27
Updated
2017-08-29
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
Max CVSS
5.0
EPSS Score
0.34%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar.
Max CVSS
4.3
EPSS Score
3.32%
Published
2011-07-27
Updated
2017-08-29
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
Max CVSS
10.0
EPSS Score
0.56%
Published
2011-07-27
Updated
2017-08-29
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
Max CVSS
9.3
EPSS Score
0.08%
Published
2011-07-21
Updated
2011-07-22
CVE-2011-2882
Public exploit
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
Max CVSS
9.3
EPSS Score
96.37%
Published
2011-07-21
Updated
2011-09-22
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
Max CVSS
5.0
EPSS Score
3.33%
Published
2011-07-19
Updated
2018-10-09
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.
Max CVSS
3.6
EPSS Score
0.04%
Published
2011-07-19
Updated
2017-08-29
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.
Max CVSS
4.3
EPSS Score
1.59%
Published
2011-07-18
Updated
2017-09-19
Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.
Max CVSS
5.0
EPSS Score
0.62%
Published
2011-07-17
Updated
2017-08-29