CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2011-2536 200 +Info 2011-07-06 2011-09-07
5.0
None Remote Low Not required Partial None None
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.
102 CVE-2011-2535 20 DoS 2011-07-06 2017-08-29
5.0
None Remote Low Not required None None Partial
chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.
103 CVE-2011-2529 119 DoS Overflow Mem. Corr. 2011-07-06 2017-08-29
5.0
None Remote Low Not required None None Partial
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
104 CVE-2011-2528 +Priv 2011-07-19 2011-07-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
105 CVE-2011-2526 20 DoS Bypass 2011-07-14 2019-03-25
4.4
None Local Medium Not required Partial Partial Partial
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
106 CVE-2011-2522 352 1 CSRF 2011-07-29 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
107 CVE-2011-2520 264 +Priv 2011-07-21 2017-08-29
6.0
None Local High ??? Complete Complete Complete
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.
108 CVE-2011-2516 189 DoS Overflow 2011-07-11 2021-09-17
5.0
None Remote Low Not required None None Partial
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
109 CVE-2011-2510 79 XSS 2011-07-14 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.
110 CVE-2011-2509 79 XSS 2011-07-27 2018-08-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.
111 CVE-2011-2508 22 Dir. Trav. 2011-07-14 2018-10-09
6.0
None Remote Medium ??? Partial Partial Partial
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
112 CVE-2011-2507 94 Exec Code 2011-07-14 2018-10-09
6.5
None Remote Low ??? Partial Partial Partial
libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.
113 CVE-2011-2506 94 1 2011-07-14 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
114 CVE-2011-2505 94 1 2011-07-14 2018-10-09
6.4
None Remote Low Not required None Partial Partial
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
115 CVE-2011-2501 125 DoS 2011-07-17 2020-08-06
4.3
None Remote Medium Not required None None Partial
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
116 CVE-2011-2492 200 +Info 2011-07-28 2020-07-31
1.9
None Local Medium Not required Partial None None
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
117 CVE-2011-2490 20 +Priv 2011-07-27 2011-09-07
7.2
None Local Low Not required Complete Complete Complete
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
118 CVE-2011-2489 189 +Priv 2011-07-27 2011-09-07
7.2
None Local Low Not required Complete Complete Complete
Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.
119 CVE-2011-2488 200 +Info 2011-07-27 2011-07-28
5.0
None Remote Low Not required Partial None None
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
120 CVE-2011-2467 89 Exec Code Sql 2011-07-27 2017-08-29
5.8
None Local Network Low Not required Partial Partial Partial
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.
121 CVE-2011-2465 DoS 2011-07-08 2018-10-09
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
122 CVE-2011-2464 DoS 2011-07-08 2018-10-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
123 CVE-2011-2401 2011-07-29 2017-08-29
8.3
None Remote Medium Not required Complete Partial Partial
Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.
124 CVE-2011-2400 79 XSS 2011-07-29 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
125 CVE-2011-2398 DoS +Priv 2011-07-11 2017-09-19
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
126 CVE-2011-2385 264 +Priv 2011-07-19 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.
127 CVE-2011-2344 310 +Priv 2011-07-08 2011-07-08
10.0
None Remote Low Not required Complete Complete Complete
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
128 CVE-2011-2307 2011-07-21 2011-10-05
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade servers allows remote attackers to affect confidentiality, integrity, and availability, related to Sun Integrated Lights Out Manager (ILOM).
129 CVE-2011-2305 2011-07-21 2017-09-19
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
130 CVE-2011-2300 2011-07-21 2017-09-19
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
131 CVE-2011-2299 2011-07-21 2011-10-05
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to XSCF Control Package (XCP).
132 CVE-2011-2298 2011-07-21 2011-10-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.
133 CVE-2011-2297 2011-07-21 2011-10-05
6.1
None Local Low Not required Partial Partial Complete
Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Data Service for WebLogic Server.
134 CVE-2011-2296 2011-07-21 2011-10-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.
135 CVE-2011-2295 2011-07-21 2011-10-05
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.
136 CVE-2011-2294 2011-07-21 2011-10-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.
137 CVE-2011-2293 2011-07-21 2011-10-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.
138 CVE-2011-2291 2011-07-21 2011-10-05
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.
139 CVE-2011-2290 2011-07-21 2011-10-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.
140 CVE-2011-2289 2011-07-21 2011-10-05
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.
141 CVE-2011-2288 2011-07-21 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM.
142 CVE-2011-2287 2011-07-21 2011-10-05
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.
143 CVE-2011-2285 2011-07-21 2011-10-05
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer.
144 CVE-2011-2284 2011-07-21 2011-10-05
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.
145 CVE-2011-2283 2011-07-21 2011-10-05
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Payables.
146 CVE-2011-2282 2011-07-21 2016-08-19
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.20 and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors.
147 CVE-2011-2281 2011-07-21 2011-10-05
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 Update 2011-D allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core.
148 CVE-2011-2280 2011-07-21 2016-11-23
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-2274.
149 CVE-2011-2279 2011-07-21 2011-10-05
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager.
150 CVE-2011-2278 2011-07-21 2011-10-05
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9, Bundle, #24, 9.0, Bundle, #17, 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager.
Total number of vulnerabilities : 307   Page : 1 2 3 (This Page)4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.