Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-19 | CVE-2011-2385 | Permissions, Privileges, and Access Controls vulnerability in Otrs Iphonehandle and Otrs The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. | 6.5 |
| 2011-07-19 | CVE-2011-1741 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Documentum Eroom 7.4.1/7.4.2/7.4.3 Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP. | 10.0 |
| 2011-07-19 | CVE-2011-1356 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. | 2.1 |
| 2011-07-19 | CVE-2011-1355 | Improper Input Validation vulnerability in IBM Websphere Application Server Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. | 5.8 |
| 2011-07-19 | CVE-2011-0770 | Cross-Site Scripting vulnerability in HP products Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file. | 4.3 |
| 2011-07-18 | CVE-2011-2761 | Resource Management Errors vulnerability in Google Chrome 14.0.794.0 Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods. | 4.3 |
| 2011-07-18 | CVE-2011-1331 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Justsystems products JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011. | 9.3 |
| 2011-07-18 | CVE-2011-0548 | Buffer Errors vulnerability in Symantec products Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. | 9.3 |
| 2011-07-18 | CVE-2010-3271 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do. | 6.8 |
| 2011-07-18 | CVE-2010-4656 | Out-of-bounds Write vulnerability in multiple products The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. | 7.8 |