CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2011 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-2963 287 1 DoS +Info 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
2 CVE-2011-2962 119 DoS Exec Code Overflow 2011-07-29 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
3 CVE-2011-2961 119 DoS Exec Code Overflow 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.
4 CVE-2011-2960 119 DoS Exec Code Overflow 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
5 CVE-2011-2959 119 DoS Exec Code Overflow 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.
6 CVE-2011-2884 2011-07-27 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
7 CVE-2011-2883 20 Exec Code 2011-07-21 2011-07-22
9.3
None Remote Medium Not required Complete Complete Complete
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
8 CVE-2011-2882 119 Exec Code Overflow 2011-07-21 2011-09-22
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
9 CVE-2011-2747 94 Exec Code 2011-07-28 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
10 CVE-2011-2685 119 Exec Code Overflow 2011-07-21 2012-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
11 CVE-2011-2681 20 2011-07-07 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.
12 CVE-2011-2680 2011-07-07 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."
13 CVE-2011-2667 119 DoS Exec Code Overflow Mem. Corr. 2011-07-28 2021-04-12
10.0
None Remote Low Not required Complete Complete Complete
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
14 CVE-2011-2628 20 DoS Exec Code Mem. Corr. 2011-07-01 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
15 CVE-2011-2610 2011-07-01 2011-09-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
16 CVE-2011-2547 264 Exec Code 2011-07-28 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
17 CVE-2011-2344 310 +Priv 2011-07-08 2011-07-08
10.0
None Remote Low Not required Complete Complete Complete
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
18 CVE-2011-2288 2011-07-21 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM.
19 CVE-2011-2261 2011-07-20 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.
20 CVE-2011-2220 119 Exec Code Overflow 2011-07-14 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.
21 CVE-2011-1867 119 Exec Code Overflow 2011-07-11 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.
22 CVE-2011-1866 119 1 Exec Code Overflow 2011-07-01 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
23 CVE-2011-1865 119 4 Exec Code Overflow 2011-07-01 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
24 CVE-2011-1797 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2015-01-07
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
25 CVE-2011-1741 119 Exec Code Overflow 2011-07-19 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
26 CVE-2011-1462 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
27 CVE-2011-1457 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
28 CVE-2011-1453 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
29 CVE-2011-1336 119 Exec Code Overflow 2011-07-07 2011-07-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
30 CVE-2011-1331 119 DoS Exec Code Overflow Mem. Corr. 2011-07-18 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.
31 CVE-2011-1288 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
32 CVE-2011-0548 119 DoS Exec Code Overflow 2011-07-18 2013-02-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217.
33 CVE-2011-0255 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
34 CVE-2011-0254 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
35 CVE-2011-0253 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
36 CVE-2011-0241 119 DoS Exec Code Overflow 2011-07-21 2012-05-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.
37 CVE-2011-0240 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
38 CVE-2011-0238 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
39 CVE-2011-0237 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
40 CVE-2011-0235 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
41 CVE-2011-0234 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
42 CVE-2011-0233 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
43 CVE-2011-0232 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
44 CVE-2011-0226 189 DoS Exec Code Mem. Corr. 2011-07-19 2011-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
45 CVE-2011-0225 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
46 CVE-2011-0223 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-14
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
47 CVE-2011-0222 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
48 CVE-2011-0221 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
49 CVE-2011-0218 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
50 CVE-2011-0216 189 DoS Exec Code Overflow 2011-07-21 2013-02-07
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
Total number of vulnerabilities : 52   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.