LiveActive security incident?Get immediate response
CVE archive

July 2011

Browse CVE records published in July 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 362 matching CVEs · Page 3 of 8.

Unknown · CVSS Not scored

CVE-2011-4279: Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control...

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

Published Jul 16, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4286: Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugi...

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.

Published Jul 16, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4293: The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of...

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.

Published Jul 16, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4086: The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not proper...

The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.

Published Jul 3, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2889: templates/system/error.php in Joomla!

templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.

Published Jul 27, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2891: Joomla!

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.

Published Jul 27, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2753: Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote...

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.

Published Jul 17, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2745: upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript cod...

upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.

Published Jul 27, 2011 · Updated Aug 6, 2024