TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
Max CVSS
10.0
EPSS Score
12.06%
Published
2011-07-29
Updated
2011-08-01
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
Max CVSS
9.3
EPSS Score
3.89%
Published
2011-07-29
Updated
2017-08-29
Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.
Max CVSS
10.0
EPSS Score
1.84%
Published
2011-07-29
Updated
2011-08-01
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
Max CVSS
10.0
EPSS Score
6.89%
Published
2011-07-29
Updated
2011-08-01
Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.
Max CVSS
10.0
EPSS Score
0.93%
Published
2011-07-29
Updated
2011-08-01
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
Max CVSS
10.0
EPSS Score
0.56%
Published
2011-07-27
Updated
2017-08-29
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
Max CVSS
9.3
EPSS Score
0.08%
Published
2011-07-21
Updated
2011-07-22

CVE-2011-2882

Public exploit
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
Max CVSS
9.3
EPSS Score
96.37%
Published
2011-07-21
Updated
2011-09-22
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
Max CVSS
9.3
EPSS Score
2.72%
Published
2011-07-28
Updated
2017-08-29
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
Max CVSS
9.3
EPSS Score
12.43%
Published
2011-07-21
Updated
2012-01-19
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.34%
Published
2011-07-07
Updated
2017-08-29
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."
Max CVSS
10.0
EPSS Score
0.32%
Published
2011-07-07
Updated
2017-08-29
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
Max CVSS
10.0
EPSS Score
16.56%
Published
2011-07-28
Updated
2021-04-12
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
Max CVSS
10.0
EPSS Score
31.57%
Published
2011-07-01
Updated
2012-02-14
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
Max CVSS
10.0
EPSS Score
0.31%
Published
2011-07-01
Updated
2011-09-07
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
Max CVSS
9.0
EPSS Score
0.37%
Published
2011-07-28
Updated
2017-08-29
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
Max CVSS
10.0
EPSS Score
0.13%
Published
2011-07-08
Updated
2011-07-08
Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM.
Max CVSS
10.0
EPSS Score
0.53%
Published
2011-07-21
Updated
2011-10-05
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.
Max CVSS
10.0
EPSS Score
95.51%
Published
2011-07-20
Updated
2016-11-22
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.
Max CVSS
10.0
EPSS Score
92.86%
Published
2011-07-14
Updated
2018-10-09
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.
Max CVSS
10.0
EPSS Score
85.44%
Published
2011-07-11
Updated
2018-10-09
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
Max CVSS
10.0
EPSS Score
87.19%
Published
2011-07-01
Updated
2018-10-09

CVE-2011-1865

Public exploit
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
Max CVSS
10.0
EPSS Score
94.79%
Published
2011-07-01
Updated
2017-08-17
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
Max CVSS
9.3
EPSS Score
1.03%
Published
2011-07-21
Updated
2015-01-07
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
Max CVSS
10.0
EPSS Score
32.28%
Published
2011-07-19
Updated
2018-10-09
52 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!