Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-27 | CVE-2011-2886 | Resource Management Errors vulnerability in IBM Lotus Symphony 3.0.0/3.0.0.1/3.0.0.2 IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets. | 4.3 |
| 2011-07-27 | CVE-2011-2885 | Resource Management Errors vulnerability in IBM Lotus Symphony 3.0.0/3.0.0.1/3.0.0.2 IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar. | 4.3 |
| 2011-07-27 | CVE-2011-2884 | Denial of Service vulnerability and Unspecified vulnerability in IBM Lotus Symphony 3.0.0/3.0.0.1/3.0.0.2 Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." | 10.0 |
| 2011-07-27 | CVE-2011-2488 | Information Exposure vulnerability in Joomla Joomla! Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2011-07-27 | CVE-2011-2745 | Permissions, Privileges, and Access Controls vulnerability in Chyrp 2.0 upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/. | 6.5 |
| 2011-07-27 | CVE-2011-2687 | Permissions, Privileges, and Access Controls vulnerability in Drupal 7.0/7.1/7.2 Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. | 7.5 |
| 2011-07-27 | CVE-2011-2490 | Improper Input Validation vulnerability in NRL Opie opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes. | 7.2 |
| 2011-07-27 | CVE-2011-2489 | Numeric Errors vulnerability in NRL Opie Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line. | 7.2 |
| 2011-07-27 | CVE-2011-2467 | SQL Injection vulnerability in Likewise Open 5.4/6.0/6.1 SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors. | 5.8 |
| 2011-07-27 | CVE-2011-2185 | Link Following vulnerability in Fabfile Fabric Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. | 4.4 |