Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-29 | CVE-2011-2964 | Code Injection vulnerability in Linuxfoundation Foomatic 4.0.6 foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697. | 6.8 |
| 2011-07-29 | CVE-2011-2697 | Improper Input Validation vulnerability in HP Linux Imaging and Printing Project 3.11.5 foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. | 6.8 |
| 2011-07-29 | CVE-2011-2522 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. | 6.8 |
| 2011-07-29 | CVE-2011-2400 | Cross-Site Scripting vulnerability in HP Sitescope Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-07-28 | CVE-2011-2546 | SQL Injection vulnerability in Cisco products SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. | 5.0 |
| 2011-07-28 | CVE-2011-2958 | Cross-Site Scripting vulnerability in Ecava Integraxor Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-07-28 | CVE-2011-2957 | Remote Code Execution vulnerability in Rockwellautomation Factorytalk Diagnostics Viewer 2.10/2.10.01 Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption. local rockwellautomation | 6.9 |
| 2011-07-28 | CVE-2011-1339 | Cross-Site Scripting vulnerability in Google Search Appliance Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-07-27 | CVE-2011-2893 | Resource Management Errors vulnerability in IBM Lotus Symphony 3.0.0/3.0.0.1/3.0.0.2 The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference. | 4.3 |
| 2011-07-27 | CVE-2011-2892 | Improper Input Validation vulnerability in Joomla Joomla! 1.6/1.6.0/1.6.1 Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |