Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-28 | CVE-2011-2747 | Code Injection vulnerability in Google Picasa Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file. | 9.3 |
| 2011-07-28 | CVE-2011-2688 | SQL Injection vulnerability in multiple products SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field. | 7.5 |
| 2011-07-28 | CVE-2011-1339 | Cross-Site Scripting vulnerability in Google Search Appliance Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-07-27 | CVE-2011-2893 | Resource Management Errors vulnerability in IBM Lotus Symphony 3.0.0/3.0.0.1/3.0.0.2 The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference. | 4.3 |
| 2011-07-27 | CVE-2011-2892 | Improper Input Validation vulnerability in Joomla Joomla! 1.6/1.6.0/1.6.1 Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
| 2011-07-27 | CVE-2011-2891 | Information Exposure vulnerability in Joomla Joomla! 1.6/1.6.0/1.6.1 Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. | 5.0 |
| 2011-07-27 | CVE-2011-2890 | Information Exposure vulnerability in Joomla Joomla! The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. | 5.0 |
| 2011-07-27 | CVE-2011-2889 | Information Exposure vulnerability in Joomla Joomla! templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. | 5.0 |
| 2011-07-27 | CVE-2011-2888 | Resource Management Errors vulnerability in IBM Lotus Symphony 3.0.0/3.0.0.1/3.0.0.2 IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation. | 4.3 |
| 2011-07-27 | CVE-2011-2887 | Resource Management Errors vulnerability in IBM Lotus Symphony 3.0.0/3.0.0.1/3.0.0.2 IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document. | 4.3 |