CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4139 352 CSRF 2011-07-27 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that (1) disable the current user account, (2) add user accounts, or (3) modify user accounts to have administrator privileges.
2 CVE-2010-1383 255 Exec Code 2011-07-21 2011-07-22
9.3
None Remote Medium Not required Complete Complete Complete
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
3 CVE-2010-1420 79 XSS 2011-07-21 2011-07-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.
4 CVE-2010-3271 352 1 CSRF 2011-07-18 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
5 CVE-2010-4554 20 2011-07-14 2017-08-17
4.3
None Remote Medium Not required None Partial None
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
6 CVE-2010-4555 79 XSS 2011-07-14 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.
7 CVE-2010-4655 665 +Info 2011-07-18 2020-08-14
2.1
None Local Low Not required Partial None None
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
8 CVE-2010-4656 787 DoS Overflow +Priv 2011-07-18 2020-08-03
7.2
None Local Low Not required Complete Complete Complete
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.
9 CVE-2010-4808 89 2 Exec Code Sql 2011-07-08 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.
10 CVE-2010-4809 89 2 Exec Code Sql 2011-07-08 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
11 CVE-2010-4810 94 1 Exec Code File Inclusion 2011-07-08 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php.
12 CVE-2010-4811 79 XSS 2011-07-08 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action.
13 CVE-2010-4812 89 Exec Code Sql 2011-07-08 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php.
14 CVE-2010-4813 79 XSS 2011-07-08 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
15 CVE-2010-4814 89 2 Exec Code Sql 2011-07-08 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
16 CVE-2011-0214 310 Bypass 2011-07-21 2011-07-22
5.0
None Remote Low Not required None Partial None
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.
17 CVE-2011-0215 20 DoS Exec Code 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.
18 CVE-2011-0216 189 DoS Exec Code Overflow 2011-07-21 2013-02-07
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
19 CVE-2011-0217 200 +Info 2011-07-21 2011-07-22
4.3
None Remote Medium Not required Partial None None
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.
20 CVE-2011-0218 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
21 CVE-2011-0219 264 Bypass 2011-07-21 2011-07-22
5.8
None Remote Medium Not required None Partial Partial
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.
22 CVE-2011-0221 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
23 CVE-2011-0222 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
24 CVE-2011-0223 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
25 CVE-2011-0225 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
26 CVE-2011-0226 189 DoS Exec Code Mem. Corr. 2011-07-19 2011-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
27 CVE-2011-0227 264 +Priv 2011-07-19 2011-07-26
7.2
None Local Low Not required Complete Complete Complete
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
28 CVE-2011-0232 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
29 CVE-2011-0233 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
30 CVE-2011-0234 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
31 CVE-2011-0235 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
32 CVE-2011-0237 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
33 CVE-2011-0238 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
34 CVE-2011-0240 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
35 CVE-2011-0241 119 DoS Exec Code Overflow 2011-07-21 2012-05-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.
36 CVE-2011-0242 79 XSS 2011-07-21 2011-10-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.
37 CVE-2011-0244 200 +Info 2011-07-21 2011-07-22
4.3
None Remote Medium Not required Partial None None
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.
38 CVE-2011-0253 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
39 CVE-2011-0254 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
40 CVE-2011-0255 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
41 CVE-2011-0287 DoS 2011-07-14 2011-07-19
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors.
42 CVE-2011-0548 119 DoS Exec Code Overflow 2011-07-18 2013-02-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217.
43 CVE-2011-0549 89 Exec Code Sql 2011-07-11 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.
44 CVE-2011-0726 20 2011-07-18 2015-10-06
2.1
None Local Low Not required Partial None None
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.
45 CVE-2011-0770 79 XSS 2011-07-19 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.
46 CVE-2011-0811 2011-07-20 2011-10-05
4.9
None Local Low Not required Complete None None
Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, allows local users to affect confidentiality via unknown vectors.
47 CVE-2011-0816 2011-07-20 2011-10-05
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
48 CVE-2011-0822 2011-07-20 2014-10-04
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
49 CVE-2011-0830 2011-07-20 2011-10-05
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI.
50 CVE-2011-0831 2011-07-20 2011-10-05
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
Total number of vulnerabilities : 307   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.