Security Bulletins

Syndicate content
US-CERT Bulletins provide bi-weekly summaries of security issues and new vulnerabilities. They also provide patches, workarounds, and other actions to help mitigate risk. 2013-02-25T18:29:38Z
Updated: 1 year 21 weeks ago

SB12-269: Vulnerability Summary for the Week of September 17, 2012

Tue, 12/11/2012 - 00:00
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info N/A -- N/A Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461. 2012-09-25 7.5 CVE-2012-3259 adobe -- flash_player Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. 2012-09-24 9.3 CVE-2012-5054 anecms -- anecms Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. 2012-09-19 7.5 CVE-2012-4997 apple -- mac_os_x Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. 2012-09-20 7.5 CVE-2012-0650 apple -- mac_os_x CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. 2012-09-20 7.5 CVE-2012-3716 asus -- ipswcom_activex_component Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. 2012-09-15 9.3 CVE-2012-4924 bananadance -- banana_dance SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter. 2012-09-15 7.5 CVE-2011-5175 bioinformatics -- ordersys Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/. 2012-09-20 7.5 CVE-2011-5183 blueteck -- witze_addon SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. 2012-09-19 7.5 CVE-2012-5000 caminova -- djvu_browser_plug-in Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file. 2012-09-19 9.3 CVE-2012-5006 cisco -- secure_desktop The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. 2012-09-24 9.3 CVE-2012-4655 cleanersoft -- free_mp3_cd_ripper Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute aribitrary code via a crafted .wav file. 2012-09-15 9.3 CVE-2011-5165 cososys -- endpoint_protector_appliace_4 The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack. 2012-09-17 7.5 CVE-2012-2994 cyberlink -- power2go Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file. 2012-09-15 9.3 CVE-2011-5171 dedecms -- dedecms Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. 2012-09-23 7.5 CVE-2011-5200 dell -- sonicwall_viewpoint SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. 2012-09-15 7.5 CVE-2011-5169 digium -- asterisk Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header. 2012-09-18 7.5 CVE-2012-1184 emc -- rsa_authentication_agent The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. 2012-09-25 8.5 CVE-2012-2287 flashfxp -- flashfxp Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox. 2012-09-19 9.0 CVE-2012-4992 fultek -- wintr_scada Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request. 2012-09-25 7.8 CVE-2012-3011 hitachi -- jp1/cm2/network_node_manager Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. 2012-09-19 7.5 CVE-2012-5001 hp -- operations_orchestration Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors. 2012-09-19 10.0 CVE-2012-3258 imgpals -- img_pals_photo_host Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-15 7.5 CVE-2012-4925 j_waite -- php-x-links Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php. 2012-09-23 7.5 CVE-2012-5098 jextensions -- je_poll_component SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2012-09-23 7.5 CVE-2012-5101 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability." 2012-09-21 9.3 CVE-2012-1529 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability." 2012-09-21 9.3 CVE-2012-2546 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability." 2012-09-21 9.3 CVE-2012-2548 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability." 2012-09-21 9.3 CVE-2012-2557 microsoft -- internet_explorer Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. 2012-09-18 9.3 CVE-2012-4969 neturf -- ecommerce_shopping_cart SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information. 2012-09-23 7.5 CVE-2011-5198 novell -- groupwise Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. 2012-09-19 10.0 CVE-2012-0271 peter_kovacs -- timesheet_next_gen Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. 2012-09-19 7.5 CVE-2012-2105 rivetcode -- rivettracker torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact. 2012-09-19 7.5 CVE-2012-4993 rivetcode -- rivettracker Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php. 2012-09-19 7.5 CVE-2012-4996 siemens -- simatic_pcs7 SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. 2012-09-18 7.5 CVE-2012-3032 silverstripe -- silverstripe SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2012-09-17 7.5 CVE-2011-4960 steveyolam -- tinyguestbook Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are obtained from third party information. 2012-09-23 7.5 CVE-2011-5201 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app. 2012-09-19 4.3 CVE-2012-3373 apache -- cxf Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. 2012-09-24 4.3 CVE-2012-3451 apple -- safari Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. 2012-09-20 4.3 CVE-2012-3713 apple -- safari The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. 2012-09-20 4.3 CVE-2012-3714 apple -- safari Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network. 2012-09-20 4.3 CVE-2012-3715 apple -- mac_os_x Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. 2012-09-20 6.8 CVE-2012-3719 apple -- mac_os_x Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account. 2012-09-20 4.3 CVE-2012-3720 apple -- mac_os_x Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. 2012-09-20 5.0 CVE-2012-3721 apple -- iphone_os The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. 2012-09-20 6.8 CVE-2012-3722 apple -- mac_os_x Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. 2012-09-20 4.6 CVE-2012-3723 apple -- iphone_os CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. 2012-09-20 5.0 CVE-2012-3724 apple -- iphone_os Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. 2012-09-20 6.8 CVE-2012-3726 apple -- iphone_os Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. 2012-09-20 6.8 CVE-2012-3727 apple -- iphone_os The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. 2012-09-20 6.9 CVE-2012-3728 apple -- iphone_os Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender. 2012-09-20 4.3 CVE-2012-3730 apple -- iphone_os Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. 2012-09-20 6.4 CVE-2012-3732 apple -- iphone_os Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. 2012-09-20 4.3 CVE-2012-3733 apple -- iphone_os The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. 2012-09-20 4.6 CVE-2012-3736 apple -- iphone_os Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page. 2012-09-20 5.0 CVE-2012-3742 apple -- iphone_os The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. 2012-09-20 5.0 CVE-2012-3743 apple -- iphone_os Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address. 2012-09-20 5.0 CVE-2012-3744 apple -- iphone_os Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. 2012-09-20 5.0 CVE-2012-3745 apple -- iphone_os UIWebView in UIKit in Apple iOS before 6 does not properly use the Data protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. 2012-09-20 4.3 CVE-2012-3746 apple -- iphone_os WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2012-09-20 6.8 CVE-2012-3747 argyllcms -- cms Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. 2012-09-18 6.8 CVE-2012-4405 blairwilliams -- pretty_link_lite_plugin Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. 2012-09-23 4.3 CVE-2011-5191 blairwilliams -- pretty_link_lite_plugin Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. 2012-09-23 4.3 CVE-2011-5192 burnsy -- jbshop_plugin Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. 2012-09-20 4.3 CVE-2011-5186 cisco -- nexus_7000 Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. 2012-09-16 6.1 CVE-2012-3051 cisco -- intrusion_prevention_system The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144. 2012-09-16 5.0 CVE-2012-3901 cisco -- identity_services_engine_software Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684. 2012-09-16 6.8 CVE-2012-3908 cisco -- ios The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. 2012-09-16 5.0 CVE-2012-3915 cisco -- application_control_engine_module The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879. 2012-09-16 5.0 CVE-2012-3919 clickdesk -- clickdesk_live_support-live_chat_plugin Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. 2012-09-20 4.3 CVE-2011-5181 clonemonster -- social_book_facebook_clone_monster Multiple cross-site scripting (XSS) vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) signup.php, (2) lostpass.php, (3) login.php, (4) index.php, (5) help_tos.php, (6) help_contact.php, or (7) help.php. 2012-09-20 4.3 CVE-2011-5190 dariusz_handzlik -- vertrigoserv Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter. 2012-09-23 4.3 CVE-2012-5102 databasepublish -- admin:hover Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors. 2012-09-19 6.8 CVE-2012-1631 digium -- asterisk Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet. 2012-09-18 4.3 CVE-2012-1183 dnelubin -- gelinsguestbook Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parameter. 2012-09-23 4.3 CVE-2012-5103 dominique_clause -- search_autocomplete SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. 2012-09-19 6.0 CVE-2012-1638 endian -- firewall Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. 2012-09-15 4.3 CVE-2012-4923 erikwebb -- password_policy Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of admistrative users for requests that unblock a user. 2012-09-19 6.8 CVE-2012-1633 esyndicat -- esyndicat_pro Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page. 2012-09-20 4.3 CVE-2011-5177 flexcms -- flexcms Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save. 2012-09-18 6.8 CVE-2012-1901 frankdeveloper -- vr_gpub Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action. 2012-09-19 6.8 CVE-2012-5005 freedesktop -- libdbus libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." 2012-09-18 6.9 CVE-2012-3524 freedesktop -- spice-gtk libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. 2012-09-18 6.9 CVE-2012-4425 freeradius -- freeradius Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate. 2012-09-18 6.8 CVE-2012-3547 hp -- network_node_manager_i Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156. 2012-09-20 4.3 CVE-2011-5184 imgpals -- img_pals_photo_host approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action. 2012-09-15 6.4 CVE-2012-4926 infoblox -- netmri Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter. 2012-09-20 4.3 CVE-2011-5178 jam_warehouse -- knowledgetree_open_source Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php. 2012-09-19 4.3 CVE-2012-0988 karen_stevenson -- date SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. 2012-09-19 6.0 CVE-2012-1626 limesurvey -- limesurvey SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information. 2012-09-19 6.5 CVE-2012-4994 limesurvey -- limesurvey Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information. 2012-09-19 4.3 CVE-2012-4995 luizpicanco -- hserver Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO. 2012-09-23 5.0 CVE-2012-5100 mailtraq -- mailtraq Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element. 2012-09-19 4.3 CVE-2012-2586 mercurycom -- mr804 Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unupdated-Since. NOTE: some of these details are obtained from third party information. 2012-09-19 6.1 CVE-2012-4999 mike_carr -- flogr Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter. 2012-09-15 4.3 CVE-2012-4336 miura -- ubercart_bulk_stock_updater Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI. 2012-09-17 6.8 CVE-2012-2057 moodle -- moodle repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field. 2012-09-19 4.0 CVE-2012-4400 moodle -- moodle Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities. 2012-09-19 4.0 CVE-2012-4401 moodle -- moodle webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. 2012-09-19 4.9 CVE-2012-4402 moodle -- moodle theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response. 2012-09-19 5.0 CVE-2012-4403 moodle -- moodle lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file. 2012-09-19 5.0 CVE-2012-4407 moodle -- moodle course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation. 2012-09-19 5.5 CVE-2012-4408 nathan_brink -- content_lock Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2012-09-17 6.8 CVE-2012-2056 netwin -- surgemail Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. 2012-09-17 4.3 CVE-2012-2575 nijskens_raf -- admintools Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-17 4.3 CVE-2012-2060 nijskens_raf -- admintools Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens." 2012-09-17 6.8 CVE-2012-2061 nikola_posa -- webfoliocms Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields. 2012-09-17 4.3 CVE-2012-1899 nomachine -- nx_web_companion nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file. 2012-09-19 6.8 CVE-2012-5003 novell -- groupwise The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment. 2012-09-19 4.3 CVE-2011-3827 novell -- groupwise Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter. 2012-09-19 4.3 CVE-2012-0272 openstack -- keystone OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. 2012-09-18 4.0 CVE-2012-4413 oracle -- database_server The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." 2012-09-21 6.4 CVE-2012-3137 oscommerce -- online_merchant The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a updated value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. 2012-09-19 5.0 CVE-2012-2991 oxwall -- oxwall Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter. 2012-09-15 4.3 CVE-2012-4928 parallels -- h-sphere Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html. 2012-09-19 6.8 CVE-2012-5004 paypal -- ubercart_payflow The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. 2012-09-17 5.0 CVE-2012-2058 phpace -- samswhois Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. 2012-09-23 4.3 CVE-2011-5193 phpace -- samswhois Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193. 2012-09-23 4.3 CVE-2011-5194 phpb2b -- phpb2b Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. 2012-09-23 4.3 CVE-2012-5099 piwik -- piwik Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors. 2012-09-18 6.8 CVE-2011-4941 public_knowledge_project -- open_conference_systems Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of admistrators for requests that upload a PHP file. 2012-09-23 6.8 CVE-2011-5195 public_knowledge_project -- open_journal_systems Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of admistrators for requests that upload PHP files. 2012-09-23 6.8 CVE-2011-5196 public_knowledge_project -- open_harvester_systems Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of admistrators for requests that upload PHP files. 2012-09-23 6.8 CVE-2011-5197 python -- beaker Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. 2012-09-15 4.3 CVE-2012-3458 realmatrix -- online_subtitles_workshop Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. 2012-09-20 4.3 CVE-2011-5185 ricoh -- dl-10 Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command. 2012-09-19 6.8 CVE-2012-5002 sami_kiminki -- redirecting_click_bouncer Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2012-09-17 6.4 CVE-2012-2062 siemens -- simatic_pcs7 Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. 2012-09-18 6.8 CVE-2012-3028 siemens -- simatic_pcs7 WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. 2012-09-18 5.0 CVE-2012-3030 siemens -- simatic_pcs7 Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. 2012-09-18 4.3 CVE-2012-3031 siemens -- simatic_pcs7 WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. 2012-09-18 4.3 CVE-2012-3034 siemens -- simatic_s7-1200_plc The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. 2012-09-25 5.0 CVE-2012-3037 silverstripe -- silverstripe core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters. 2012-09-17 4.3 CVE-2010-4822 silverstripe -- silverstripe Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions." 2012-09-17 4.3 CVE-2010-4823 silverstripe -- silverstripe SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter. 2012-09-17 6.8 CVE-2010-4824 silverstripe -- silverstripe SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version. 2012-09-17 5.0 CVE-2010-5078 silverstripe -- silverstripe SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. 2012-09-17 5.0 CVE-2010-5079 silverstripe -- silverstripe SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2012-09-17 6.8 CVE-2011-4959 silverstripe -- silverstripe SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. 2012-09-17 6.0 CVE-2011-4961 silverstripe -- silverstripe code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized. 2012-09-17 6.8 CVE-2011-4962 silverstripe -- silverstripe Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976. 2012-09-17 4.3 CVE-2012-4968 skysa -- skysa_app_bar_integration_plugin Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. 2012-09-20 4.3 CVE-2011-5179 smartertools -- smartermail Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. 2012-09-19 4.3 CVE-2012-2578 sqlitemanager -- sqlitemanager Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php. 2012-09-23 4.3 CVE-2012-5105 starcms -- starcms Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. 2012-09-19 4.3 CVE-2012-4998 steve_lockwood -- ticketyboo_news_ticker Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-17 4.3 CVE-2012-2059 steveyolam -- tinyguestbook Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter. 2012-09-23 4.3 CVE-2011-5199 sven_decabooter -- uc_paydutchgroup_/_wedeal_payment Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. 2012-09-18 4.0 CVE-2012-1655 trendmicro -- interscan_messaging_security_suite Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss. 2012-09-17 4.3 CVE-2012-2995 trendmicro -- interscan_messaging_security_suite Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action. 2012-09-17 6.8 CVE-2012-2996 ubbcentral -- ubb.threads Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. 2012-09-23 4.3 CVE-2012-5104 wesjones -- multisite_search SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. 2012-09-18 6.8 CVE-2012-1656 wizonesolutions -- fillpdf Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information. 2012-09-19 6.0 CVE-2012-1625 wizonesolutions -- fillpdf The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information. 2012-09-19 5.0 CVE-2012-5007 wordpress -- lanoba_social_plugin ** DISPUTED ** Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf." 2012-09-20 4.3 CVE-2011-5182 zooeffect -- zooeffect Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party. 2012-09-20 4.3 CVE-2011-5180 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 63reasons -- supercron Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2012-09-19 3.5 CVE-2012-1628 alex_barth -- data Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc. 2012-09-18 2.1 CVE-2012-1654 alquimia -- managesite Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category. 2012-09-19 2.1 CVE-2012-1640 apple -- mac_os_x Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. 2012-09-20 2.1 CVE-2012-3718 apple -- iphone_os The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets. 2012-09-20 3.3 CVE-2012-3725 apple -- iphone_os The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. 2012-09-20 1.9 CVE-2012-3729 apple -- iphone_os Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. 2012-09-20 2.1 CVE-2012-3731 apple -- iphone_os Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. 2012-09-20 1.9 CVE-2012-3734 apple -- iphone_os The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. 2012-09-20 2.1 CVE-2012-3735 apple -- iphone_os The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. 2012-09-20 2.1 CVE-2012-3737 apple -- iphone_os The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. 2012-09-20 3.6 CVE-2012-3738 apple -- iphone_os The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. 2012-09-20 2.1 CVE-2012-3739 apple -- iphone_os The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. 2012-09-20 2.1 CVE-2012-3740 apple -- iphone_os The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. 2012-09-20 1.9 CVE-2012-3741 ariel_barreiro -- noderecommendation Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. 2012-09-18 2.1 CVE-2012-1659 cisco -- ios The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. 2012-09-16 3.5 CVE-2012-3923 collectivecolors -- taxonomy_view_integrator_module Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." 2012-09-19 3.5 CVE-2012-1653 dmitry_loac -- taxotouch Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. 2012-09-19 2.1 CVE-2012-1629 erik_webb -- password_policy Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. 2012-09-19 2.1 CVE-2012-1632 fourkitchens -- block_class Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. 2012-09-18 2.1 CVE-2012-1657 fourkitchens -- ed_readmore Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. 2012-09-18 2.1 CVE-2012-1658 google -- chrome The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. 2012-09-15 2.6 CVE-2012-4929 google -- chrome The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. 2012-09-15 2.6 CVE-2012-4930 marvil07 -- vote_up_down Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. 2012-09-19 3.5 CVE-2012-1627 microsoft -- windows_phone Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. 2012-09-17 2.6 CVE-2012-2993 nathan_haug -- webform Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. 2012-09-18 2.1 CVE-2012-1660 nestor_mata_cuthbert -- taxonomy_navigator Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. 2012-09-19 2.1 CVE-2012-1630 svendecabooter -- webform_validation Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. 2012-09-20 2.1 CVE-2011-5189 tag1consulting -- support Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors. 2012-09-20 2.1 CVE-2011-5187 tag1consulting -- support_timer Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors. 2012-09-20 2.1 CVE-2011-5188 thinkleft -- submenu_tree Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2012-09-19 3.5 CVE-2012-1651 wim_leers -- hierarchical_select Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." 2012-09-19 2.1 CVE-2012-1652 This product is provided subject to this Notification and this Privacy & Use policy.
Categories: Technical

SB12-261: Vulnerability Summary for the Week of September 10, 2012

Mon, 12/03/2012 - 20:00
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 8.3 CVE-2012-3703 chatelao -- php_address_book Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565. 2012-09-09 7.5 CVE-2012-1911 cisco -- jabber_extensible_communications_platform Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. 2012-09-12 7.8 CVE-2012-3935 cisco -- asa_cx_context-aware_security The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603. 2012-09-12 7.8 CVE-2012-4629 cybozu -- kunai The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. 2012-09-08 9.3 CVE-2012-4011 ffmpeg -- ffmpeg Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing with frame threading." 2012-09-10 10.0 CVE-2012-2772 ffmpeg -- ffmpeg Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof." 2012-09-10 10.0 CVE-2012-2775 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of picture write." 2012-09-10 10.0 CVE-2012-2776 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784. 2012-09-10 10.0 CVE-2012-2777 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context." 2012-09-10 10.0 CVE-2012-2779 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change." 2012-09-10 10.0 CVE-2012-2782 ffmpeg -- ffmpeg Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame." 2012-09-10 10.0 CVE-2012-2783 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777. 2012-09-10 10.0 CVE-2012-2784 ffmpeg -- ffmpeg Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value. 2012-09-10 10.0 CVE-2012-2785 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." 2012-09-10 10.0 CVE-2012-2786 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "setup width/height." 2012-09-10 10.0 CVE-2012-2787 ffmpeg -- ffmpeg Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk." 2012-09-10 10.0 CVE-2012-2788 ffmpeg -- ffmpeg Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs). 2012-09-10 10.0 CVE-2012-2789 ffmpeg -- ffmpeg Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode." 2012-09-10 10.0 CVE-2012-2790 ffmpeg -- ffmpeg Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors, related to the "transform size." 2012-09-10 10.0 CVE-2012-2791 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame. 2012-09-10 10.0 CVE-2012-2792 ffmpeg -- ffmpeg Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11 has unknown impact and attack vectors related to "too many zeros." 2012-09-10 10.0 CVE-2012-2793 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters." 2012-09-10 10.0 CVE-2012-2794 ffmpeg -- ffmpeg Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()." 2012-09-10 10.0 CVE-2012-2795 ffmpeg -- ffmpeg Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." 2012-09-10 10.0 CVE-2012-2796 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough." 2012-09-10 10.0 CVE-2012-2797 ffmpeg -- ffmpeg Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." 2012-09-10 10.0 CVE-2012-2798 ffmpeg -- ffmpeg Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset." 2012-09-10 10.0 CVE-2012-2799 ffmpeg -- ffmpeg Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array." 2012-09-10 10.0 CVE-2012-2800 ffmpeg -- ffmpeg Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes." 2012-09-10 10.0 CVE-2012-2801 ffmpeg -- ffmpeg Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." 2012-09-10 10.0 CVE-2012-2802 ffmpeg -- ffmpeg Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to resetting the data size value. 2012-09-10 10.0 CVE-2012-2803 ffmpeg -- ffmpeg Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. 2012-09-10 10.0 CVE-2012-2804 google -- chrome Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. 2012-09-13 9.3 CVE-2012-4907 google -- chrome Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. 2012-09-13 7.5 CVE-2012-4908 honeywellprocess -- enterprise_building_manager Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. 2012-09-08 7.5 CVE-2012-0254 isc -- dhcp ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. 2012-09-14 7.1 CVE-2012-3955 isc -- bind ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. 2012-09-14 7.8 CVE-2012-4244 open-emr -- openemr SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. 2012-09-09 7.5 CVE-2012-2115 realnetworks -- realplayer Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking. 2012-09-12 7.5 CVE-2012-2407 realnetworks -- realplayer Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410. 2012-09-12 7.5 CVE-2012-2409 realnetworks -- realplayer RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file. 2012-09-12 7.5 CVE-2012-3234 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 3ds -- 3d_xml_player Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4882 3ds -- 3dvia_composer Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4883 adobe -- coldfusion Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. 2012-09-12 5.0 CVE-2012-2048 amazon -- kindle_for_pc Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5268 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3598 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3601 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3602 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3606 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3607 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3612 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3613 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3614 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3616 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3617 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3621 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3622 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3623 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3624 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3632 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3643 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3647 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3648 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3649 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3651 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3652 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3654 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3657 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3658 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3659 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3660 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3671 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3672 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3673 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3675 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3676 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3677 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3684 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3685 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3687 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3688 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3692 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3699 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3700 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3701 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3702 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3704 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3705 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3706 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3707 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3708 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3709 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3710 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3711 apple -- itunes WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. 2012-09-13 6.8 CVE-2012-3712 bentley -- microstation Multiple untrusted search path vulnerabilities in MicroStation 7.1 allow local users to gain privileges via a Trojan horse (1) mptools.dll, (2) baseman.dll, (3) wintab32.dll, or (4) wintab.dll file in the current working directory, as demonstrated by a directory that contains a .hln or .rdl file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5230 chatelao -- php_address_book Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566. 2012-09-09 4.3 CVE-2012-1912 cyberlink -- powerdirector Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via a Trojan horse mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .pdl, .iso, .pds, .p2g, or .p2i file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5237 cybozu -- kunai The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. 2012-09-08 4.3 CVE-2012-4012 danielb -- cool_aid Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. 2012-09-09 4.9 CVE-2012-1649 f5 -- application_security_manager_appliance Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page. 2012-09-11 4.3 CVE-2012-2975 ffmpeg -- ffmpeg The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, relate to starting "a frame outside SETUP state." 2012-09-10 5.0 CVE-2012-2774 flatnux -- flatnux Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery. 2012-09-10 4.3 CVE-2012-4890 flatnux -- flatnux Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-10 4.3 CVE-2012-4892 geeklog -- geeklog Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism. 2012-09-09 4.3 CVE-2011-4942 geeklog -- geeklog Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942. 2012-09-09 4.3 CVE-2011-5159 gentoo -- webmin Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. 2012-09-11 6.0 CVE-2012-2981 gentoo -- webmin file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. 2012-09-11 6.5 CVE-2012-2982 gentoo -- webmin file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. 2012-09-11 5.0 CVE-2012-2983 gentoo -- webmin Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. 2012-09-11 6.8 CVE-2012-4893 google -- chrome Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. 2012-09-13 5.0 CVE-2012-4903 google -- chrome Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. 2012-09-13 4.3 CVE-2012-4904 google -- chrome Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." 2012-09-13 4.3 CVE-2012-4905 google -- chrome Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. 2012-09-13 5.0 CVE-2012-4906 google -- chrome Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. 2012-09-13 4.3 CVE-2012-4909 hp -- business_availability_center Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-08 4.3 CVE-2012-3255 hp -- business_availability_center Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2012-09-08 6.8 CVE-2012-3256 hp -- business_availability_center HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. 2012-09-08 4.6 CVE-2012-3257 ibm -- change_and_configuration_management_database Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2012-09-10 6.8 CVE-2012-0714 ibm -- change_and_configuration_management_database SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2012-09-10 6.5 CVE-2012-0727 ibm -- change_and_configuration_management_database SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2012-09-10 6.5 CVE-2012-0728 ibm -- change_and_configuration_management_database SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2012-09-10 6.5 CVE-2012-0747 ibm -- change_and_configuration_management_database Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors. 2012-09-10 6.8 CVE-2012-2183 ibm -- change_and_configuration_management_database Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors. 2012-09-10 6.8 CVE-2012-2184 ibm -- change_and_configuration_management_database IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors. 2012-09-10 4.0 CVE-2012-2185 ibm -- change_and_configuration_management_database Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-10 4.3 CVE-2012-3313 ibm -- change_and_configuration_management_database Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-10 4.3 CVE-2012-3326 ingy -- yaml::libyaml Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. 2012-09-09 5.0 CVE-2012-1152 intel -- threading_building_blocks Untrusted search path vulnerability in tbb.dll in Intel Threading Building Blocks (TBB) 2.2.013 allows local users to gain privileges via a Trojan horse tbbmalloc.dll file in the current working directory, as demonstrated by a directory that contains a .pbk file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5269 isobuster -- isobuster Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse (1) wnaspi32.dll or (2) ntaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .img file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5259 manageengine -- firewall_analyzer Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. 2012-09-10 4.3 CVE-2012-4889 manageengine -- firewall_analyzer Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-10 4.3 CVE-2012-4891 mediawiki -- mediawiki Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module. 2012-09-09 6.8 CVE-2012-1578 mediawiki -- mediawiki The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. 2012-09-09 5.0 CVE-2012-1579 mediawiki -- mediawiki Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files. 2012-09-09 6.8 CVE-2012-1580 mediawiki -- mediawiki MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users. 2012-09-09 5.0 CVE-2012-1581 mediawiki -- mediawiki Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension. 2012-09-09 4.3 CVE-2012-1582 mediawiki -- mediawiki The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function. 2012-09-09 5.0 CVE-2012-4885 microsoft -- visual_studio_team_foundation_server Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." 2012-09-11 4.3 CVE-2012-1892 microsoft -- system_center_configuration_manager Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." 2012-09-11 4.3 CVE-2012-2536 moinmo -- moinmoin security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. 2012-09-10 6.0 CVE-2012-4404 nurul_hidayah_hamazulan -- mymesyuarat Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. 2012-09-11 6.0 CVE-2012-3572 open-emr -- openemr Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. 2012-09-09 4.3 CVE-2011-5160 open-emr -- openemr Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. 2012-09-09 6.8 CVE-2011-5161 openkm -- openkm admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action. 2012-09-09 4.0 CVE-2012-2315 openkm -- openkm Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. 2012-09-09 6.8 CVE-2012-2316 perl -- perl Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. 2012-09-09 5.0 CVE-2012-1151 php -- php The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398. 2012-09-07 4.3 CVE-2012-4388 realflex -- flexview Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory. 2012-09-08 6.9 CVE-2012-3004 realnetworks -- realplayer The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding. 2012-09-12 6.8 CVE-2012-2408 realnetworks -- realplayer Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409. 2012-09-12 6.8 CVE-2012-2410 sony -- dvd_architect_pro Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a directory that contains a .dar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4880 sony -- moviez_hd Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4881 vmware -- fusion Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. 2012-09-08 6.9 CVE-2012-1666 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info danielb -- cool_aid Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. 2012-09-09 2.1 CVE-2012-1648 ibm -- change_and_configuration_management_database Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2012-09-10 3.5 CVE-2012-0746 This product is provided subject to this Notification and this Privacy & Use policy.
Categories: Technical

SB12-254: Vulnerability Summary for the Week of September 3, 2012

Mon, 11/26/2012 - 20:02
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- photoshop_cs5.5 Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression. 2012-09-04 10.0 CVE-2012-0275 adobe -- photoshop_cs6 Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file. 2012-08-31 9.3 CVE-2012-4170 arbiter -- power_sentinel The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan. 2012-09-05 7.8 CVE-2012-3012 artifex -- gpl_ghostscript ** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it. 2012-09-06 9.3 CVE-2012-4875 asterisk -- business_edition Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. 2012-08-31 9.0 CVE-2012-2186 awpcp -- another_wordpress_classifieds_plugin Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." 2012-09-06 10.0 CVE-2012-4874 buddypress -- buddypress_plugin SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. 2012-09-04 7.5 CVE-2012-2109 diy-cms -- blog Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php. 2012-08-31 7.5 CVE-2011-5140 egroupware -- egroupware SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2012-08-31 7.5 CVE-2011-4949 emc -- networker Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message. 2012-09-04 9.3 CVE-2012-2288 eos.pe -- siche_search_module Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters. 2012-08-31 7.5 CVE-2012-4743 etalabs -- musl Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr. 2012-08-31 7.5 CVE-2012-2114 freepbx -- freepbx The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. 2012-09-06 7.5 CVE-2012-4869 garrettcom -- magnum_managed_networks_software-6k The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. 2012-09-04 7.7 CVE-2012-3014 google -- chrome Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. 2012-08-31 7.5 CVE-2012-2866 google -- chrome Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." 2012-08-31 7.5 CVE-2012-2869 joomla -- com_weblinks SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. 2012-09-06 7.5 CVE-2006-7247 kunena -- kunena SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. 2012-09-06 7.5 CVE-2012-4868 oreans -- winlicense Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file. 2012-09-06 9.3 CVE-2012-4864 oreans -- themida Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file. 2012-09-06 9.3 CVE-2012-4865 owncloud -- owncloud index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. 2012-09-05 7.5 CVE-2012-4392 packetfence -- packetfence The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. 2012-08-31 7.5 CVE-2012-4742 phplist -- phplist SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. 2012-09-06 7.5 CVE-2012-2740 pkp -- open_journal_systems Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php. 2012-09-06 7.5 CVE-2012-1467 preprojects -- business_cards_designer SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter. 2012-08-31 7.5 CVE-2011-5139 tforum -- tforum Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php. 2012-08-31 7.5 CVE-2011-5137 trendnet -- securview_wireless_internet_camera_activex_control Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. 2012-09-06 10.0 CVE-2012-4876 viscomsoft -- image_viewer_cp_gold_sdk Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter. 2012-08-31 9.3 CVE-2010-5193 viscomsoft -- image_viewer_cp_gold_sdk Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter. 2012-08-31 9.3 CVE-2010-5194 wago -- wago_i/o_system_758_industrial_pc_device WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. 2012-09-06 10.0 CVE-2012-3013 wago -- wago_i/o_system_758_industrial_pc_device The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. 2012-09-06 10.0 CVE-2012-4879 wikkawiki -- wikkawiki SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action. 2012-09-05 7.5 CVE-2011-4448 x.org -- x.org The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. 2012-09-05 8.5 CVE-2010-4818 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info N/A -- N/A Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .dbdif file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5273 3ds -- 3d_xml_player Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4882 3ds -- 3dvia_composer Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4883 acdsee -- picture_frame_manager Untrusted search path vulnerability in ACDSee Picture Frame Manager 1.0 Build 81 allows local users to gain privileges via a Trojan horse ShellIntMgrPFMU.dll file in the current working directory, as demonstrated by a directory that contains a .jpg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2011-5151 acdsee -- photo_editor_2008 Multiple untrusted search path vulnerabilities in ACDSee Photo Editor 2008 5.x build 291 allow local users to gain privileges via a Trojan horse (1) Wintab32.dll or (2) CV11-DialogEditor.dll file in the current working directory, as demonstrated by a directory that contains a .apd file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2011-5152 acdsee -- fotoslate Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .plp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.3 CVE-2011-5153 adobe -- livecycle_designer_es2 Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9.0.0.20091029.1.612548 allows local users to gain privileges via a Trojan horse objectassisten_US.dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2010-5212 adobe -- livecycle_designer Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1.3144.1.471865 allows local users to gain privileges via a Trojan horse .dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5213 adobe -- audition Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by a directory that contains a .ses file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5258 adobe -- device_central_cs4 Multiple untrusted search path vulnerabilities in Adobe Device Central CS4 2.0.0 0476 allow local users to gain privileges via a Trojan horse (1) ibfs32.dll or (2) amt_cdb.dll file in the current working directory, as demonstrated by a directory that contains a .adcp file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5270 adobe -- adobe_air Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs. 2012-08-31 5.0 CVE-2012-4171 agrinsoft -- argin_all_dvd_ripper Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .ifo file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5260 albelli -- fotobook_editor_5.0 Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dtp file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5214 altova -- mapforce Untrusted search path vulnerability in Altova MapForce 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mfd file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5271 altova -- databasespy_2011 Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .qprj file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5272 amazon -- kindle_for_pc Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5268 apache -- struts The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute. 2012-09-05 6.8 CVE-2012-4386 apache -- struts Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. 2012-09-05 5.0 CVE-2012-4387 attachmate -- reflection_for_hp Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2011-5157 audiotool -- ease_jukebox Untrusted search path vulnerability in Ease Jukebox 1.40 allows local users to gain privileges via a Trojan horse wmaudsdk.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 or .wav file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2010-5222 autodesk -- design_review_2011 Multiple untrusted search path vulnerabilities in Autodesk Design Review 2011 11.0.0.86 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll, (2) whiptk_wt.7.12.601.dll, or (3) xaml_wt.7.6.0.dll file in the current working directory, as demonstrated by a directory that contains a .dwf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5226 autodesk -- autocad Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dwg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5241 babylon -- babylon Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local users to gain privileges via a Trojan horse BESExtension.dll file in the current working directory, as demonstrated by a directory that contains a .bgl file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5225 barracudanetworks -- barracuda_ssl_vpn Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do. 2012-08-31 4.3 CVE-2012-4739 bentley -- microstation Multiple untrusted search path vulnerabilities in MicroStation 7.1 allow local users to gain privileges via a Trojan horse (1) mptools.dll, (2) baseman.dll, (3) wintab32.dll, or (4) wintab.dll file in the current working directory, as demonstrated by a directory that contains a .hln or .rdl file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5230 brian_altenhofel -- slidebox The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. 2012-09-04 5.0 CVE-2012-2063 cdisplay -- cdisplay Untrusted search path vulnerability in CDisplay 1.8.1 allows local users to gain privileges via a Trojan horse TRACE32.DLL file in the current working directory, as demonstrated by a directory that contains a .cba file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5256 celframe -- office_2008 Multiple untrusted search path vulnerabilities in CelFrame Office 2008 Standard Edition allow local users to gain privileges via a Trojan horse (1) java_msci.dll or (2) msci_java.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .odg file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5207 ckeditor -- ckeditor Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-04 4.3 CVE-2012-2066 ckeditor -- ckeditor Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. 2012-09-04 6.8 CVE-2012-2067 commerceguys -- commerce_reorder Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. 2012-08-31 6.8 CVE-2012-2116 coolrecordedit -- cool_iphone_ringtone_maker Untrusted search path vulnerability in Cool iPhone Ringtone Maker 2.2.3 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5224 coppermine-gallery -- coppermine_photo_gallery Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message. 2012-09-04 5.0 CVE-2012-1614 corel -- coreldraw_x5 Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5240 cyberlink -- powerdirector Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via a Trojan horse mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .pdl, .iso, .pds, .p2g, or .p2i file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5237 cyberlink -- powerdirector Untrusted search path vulnerability in CyberLink PowerDirector 8.00.3022 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdl, .iso, .pds, .p2g, or .p2i file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5238 cyberlink -- pwer2go Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .p2g, .iso, .pdl, .pds, or .p2i file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5243 cyberlink -- labelprint Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .lpp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2012-4756 cyberlink -- streamauthor Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2012-4757 cyberlink -- powerproducer Multiple untrusted search path vulnerabilities in CyberLink PowerProducer 5.5.3.2325 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .ppp or .rdf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2012-4758 cybozu -- cybozu_live The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. 2012-08-31 6.8 CVE-2012-4008 cybozu -- cybozu_live The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. 2012-08-31 6.8 CVE-2012-4009 daemon-tools -- daemon_tools Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that contains a .mds file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5239 datemill -- etano Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php. 2012-09-06 4.3 CVE-2012-1110 datev -- datev_grunpaket_basis Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2011-5158 dell -- crowbar The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names. 2012-09-05 4.6 CVE-2012-3537 dell -- crowbar Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils. 2012-09-05 4.3 CVE-2012-3551 digium -- asterisk channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. 2012-08-31 6.0 CVE-2012-4737 divx -- divx_player Untrusted search path vulnerability in DivX Player 7.2.019 allows local users to gain privileges via a Trojan horse VersionCheckDLL.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5231 divx -- divx_plus_player Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows local users to gain privileges via a Trojan horse ssleay32.dll file in a certain directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5232 dupehunter -- dupehunter Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dhjb file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5218 e-press -- one_office_author Multiple untrusted search path vulnerabilities in e-press ONE Office Author allow local users to gain privileges via a Trojan horse (1) java_msci.dll or (2) msci_java.dll file in the current working directory, as demonstrated by a directory that contains a .psw file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5205 e-press -- one_office_e-notetaker Multiple untrusted search path vulnerabilities in e-press ONE Office E-NoteTaker and E-Zip allow local users to gain privileges via a Trojan horse (1) mfc71enu.dll or (2) mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .rar, or .tar file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5206 e107 -- e107 SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter. 2012-08-31 6.8 CVE-2011-4946 e107 -- e107 Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter. 2012-08-31 6.8 CVE-2011-4947 egroupware -- egroupware Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter. 2012-08-31 5.0 CVE-2011-4948 egroupware -- egroupware Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 2012-08-31 4.3 CVE-2011-4950 egroupware -- egroupware Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter. 2012-08-31 5.8 CVE-2011-4951 eos.pe -- siche_search_module Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter. 2012-08-31 4.3 CVE-2012-4744 estsoft -- alsee Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp, .cal, .hdp, .jpe, .mac, .pbm, .pcx, .pgm, .png, .psd, .ras, .tga, or .tiff file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5211 ezb_systems -- ultraiso Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5255 flatnux -- flatnux Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts. 2012-09-06 6.8 CVE-2012-4877 flatnux -- flatnux Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. 2012-09-06 5.0 CVE-2012-4878 foxitsoftware -- foxit_reader Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2012-4759 freepbx -- freepbx Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php. 2012-09-06 4.3 CVE-2012-4870 freewebshop -- freewebshop Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php. 2012-08-31 5.0 CVE-2011-5147 fusiondrupalthemes -- fusion Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. 2012-08-31 4.3 CVE-2012-2083 gfi -- gfi_backup_2009 Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5254 gimp -- gimp The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. 2012-08-31 6.8 CVE-2012-4245 gnome -- librsvg librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. 2012-09-05 6.8 CVE-2011-3146 gnu -- binutils Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. 2012-09-05 5.0 CVE-2012-3509 gnugk -- gnu_gatekeeper GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections. 2012-08-31 5.0 CVE-2012-3534 google -- chrome Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. 2012-08-31 4.3 CVE-2012-2865 google -- chrome The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. 2012-08-31 5.0 CVE-2012-2867 google -- chrome Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. 2012-08-31 6.8 CVE-2012-2868 google -- chrome libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. 2012-08-31 4.3 CVE-2012-2870 google -- chrome libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. 2012-08-31 6.8 CVE-2012-2871 google -- chrome Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-08-31 4.3 CVE-2012-2872 graphisoft -- archicad Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 allow local users to gain privileges via a Trojan horse (1) srcsrv.dll or (2) GSAutoTester.DLL file in the current working directory, as demonstrated by a directory that contains a .2df file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5257 gromada -- multimedia_conversion_library Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in Gromada Multimedia Conversion Library 5.4.0 allow local users to gain privileges via a Trojan horse (1) libgif-1.1.0.dll or (2) libhav-1.0.1.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5262 helpandmanual -- help_&_manual Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.3 CVE-2011-5155 httrack -- httrack Untrusted search path vulnerability in HTTrack 3.43-9 allows local users to gain privileges via a Trojan horse httrack-plugin.dll file in the current working directory, as demonstrated by a directory that contains a .whtt file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5252 ibm -- lotus_symphony Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw, .sxg, or .sxw file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5204 ibm -- lotus_notes Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5251 intel -- threading_building_blocks Untrusted search path vulnerability in tbb.dll in Intel Threading Building Blocks (TBB) 2.2.013 allows local users to gain privileges via a Trojan horse tbbmalloc.dll file in the current working directory, as demonstrated by a directory that contains a .pbk file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5269 intuit -- quickbooks Multiple untrusted search path vulnerabilities in Intuit QuickBooks 2010 allow local users to gain privileges via a Trojan horse (1) dbicudtx11.dll, (2) mfc90enu.dll, or (3) mfc90loc.dll file in the current working directory, as demonstrated by a directory that contains a .des, .qbo, or .qpg file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5198 isobuster -- isobuster Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse (1) wnaspi32.dll or (2) ntaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .img file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5259 izarc -- izarc Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows local users to gain privileges via a Trojan horse ztv7z.dll file in the current working directory, as demonstrated by a directory that contains a .arj file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5235 jetaudio -- jetaudio Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5202 john_franklin -- advertisement The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. 2012-08-31 5.0 CVE-2012-2704 joomla -- joomla! Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. 2012-09-06 5.0 CVE-2012-0819 joomla -- joomla! Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822. 2012-09-06 4.3 CVE-2012-0820 joomla -- joomla! Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. 2012-09-06 5.0 CVE-2012-0821 joomla -- joomla! Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. 2012-09-06 4.3 CVE-2012-0822 joomla -- joomla! Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." 2012-09-06 5.0 CVE-2012-0835 joomla -- joomla! Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. 2012-09-06 5.0 CVE-2012-0836 joomla -- joomla! Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." 2012-09-06 5.0 CVE-2012-0837 joomla -- joomla! Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. 2012-09-06 5.0 CVE-2012-1611 joomla -- joomla! Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-06 4.3 CVE-2012-1612 kayako -- kayako_fusion Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description. 2012-09-06 4.3 CVE-2012-4872 keepass -- password_safe Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5196 keepass -- keepass Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5200 ksoffice -- office_2010 Multiple untrusted search path vulnerabilities in the (1) Presentation, (2) Writer, and (3) Spreadsheets components in Kingsoft Office 2010 6.6.0.2477 allow local users to gain privileges via a Trojan horse plgpf.dll file in the current working directory, as demonstrated by a directory that contains a .xls, .ppt, .rtf, or .doc file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5208 lindo -- lingo Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 allows local users to gain privileges via a Trojan horse myuser.dll file in the current working directory, as demonstrated by a directory that contains a .ltf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2010-5216 litespeedtech -- litespeed_web_server Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter. 2012-09-06 4.3 CVE-2012-4871 magix -- samplitude_producer Untrusted search path vulnerability in MAGIX Samplitude Producer 11 allows local users to gain privileges via a Trojan horse PlayRIplA6.dll file in the current working directory, as demonstrated by a directory that contains a .vip file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5201 mark_theunissen -- views_lang_switch Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. 2012-09-04 4.3 CVE-2012-2064 maxthon -- maxthon_browser Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6.7.35 and 2.5.15 allow local users to gain privileges via a Trojan horse (1) RSRC32.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .html file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5246 mclewin -- wishlist Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. 2012-09-06 6.8 CVE-2012-2069 mindjet -- mindmanager_2012 Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mmap file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.3 CVE-2012-4754 mozilla -- bugzilla Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. 2012-09-04 5.0 CVE-2012-3981 mozilla -- bugzilla Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. 2012-09-04 5.0 CVE-2012-4747 munsoft -- easy_office_recovery Untrusted search path vulnerability in MunSoft Easy Office Recovery 1.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .ppt file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5267 nchsoftware -- meo_encryption_software Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .meo or .cry file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5220 ncp-e -- secure_client Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5203 nirsoft -- smartsniff Untrusted search path vulnerability in SmartSniff 1.71 allows local users to gain privileges via a Trojan horse wpcap.dll file in the current working directory, as demonstrated by a directory that contains a .cfg or .ssp file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5265 novadevelopement -- photoimpact_x3 Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 allows local users to gain privileges via a Trojan horse bwsconst.dll file in the current working directory, as demonstrated by a directory that contains a .ufp or .ufo file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2010-5199 nuance -- pdf_reader Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) exceptiondumpdll.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5209 obm -- open_business_management Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action. 2012-08-31 6.0 CVE-2011-5141 obm -- open_business_management Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php. 2012-08-31 4.3 CVE-2011-5142 obm -- open_business_management Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-08-31 4.3 CVE-2011-5143 obm -- open_business_management Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function. 2012-08-31 5.0 CVE-2011-5144 obm -- open_business_management Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php. 2012-08-31 5.5 CVE-2011-5145 open-realty -- open-realty Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. 2012-09-06 6.8 CVE-2012-1112 openjpeg -- openjpeg Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. 2012-09-05 6.8 CVE-2012-3535 openstack -- horizon Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. 2012-09-05 5.8 CVE-2012-3540 openstack -- essex OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540. 2012-09-05 4.3 CVE-2012-3542 opera -- opera Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5227 ovirt -- ovirt The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack. 2012-08-31 5.0 CVE-2012-3533 owncloud -- owncloud Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. 2012-09-05 6.8 CVE-2012-4389 owncloud -- owncloud (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. 2012-09-05 4.0 CVE-2012-4390 owncloud -- owncloud Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. 2012-09-05 6.8 CVE-2012-4391 owncloud -- owncloud Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/. 2012-09-05 6.8 CVE-2012-4393 owncloud -- owncloud Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. 2012-09-05 4.3 CVE-2012-4394 owncloud -- owncloud Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. 2012-09-05 4.3 CVE-2012-4395 owncloud -- owncloud Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php. 2012-09-05 4.3 CVE-2012-4396 owncloud -- owncloud Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php. 2012-09-05 4.3 CVE-2012-4397 owncloud -- owncloud appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. 2012-09-05 5.0 CVE-2012-4752 owncloud -- owncloud Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2012-09-05 6.8 CVE-2012-4753 packetfence -- packetfence Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-08-31 4.3 CVE-2012-4740 packetfence -- packetfence The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute. 2012-08-31 5.0 CVE-2012-4741 phoenixcpm -- phoenix_project_manager Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse (1) wbtrv32.dll or (2) w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5223 phplist -- phplist Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. 2012-09-06 4.3 CVE-2012-2741 pixia -- pixia Untrusted search path vulnerability in Pixia 4.70j allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pxa file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5197 pkp -- open_journal_systems Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions. 2012-09-06 6.0 CVE-2012-1468 pkp -- open_journal_systems Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php. 2012-09-06 4.3 CVE-2012-1469 pkware -- pkzip Untrusted search path vulnerability in PKZIP before 12.50.0014 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .zip file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5274 prof-uis -- prof-uis Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ProfUIS290m.dll and ProfUIS290m-RDE.dll in Prof-UIS before 2.9.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5264 qtweb -- qtweb Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5247 realnetworks -- realplayer_sp Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges via a Trojan horse rio500.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5228 ross_johnson -- pthreads-win32 Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5250 roxio -- mydvd Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5195 roxio -- easy_media_creator Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, or .gi file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5236 sap -- gui Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2011-5154 scitools -- understand Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2012-4755 scott_wheeler -- taglib The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error. 2012-09-06 4.3 CVE-2012-1107 scott_wheeler -- taglib The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. 2012-09-06 4.3 CVE-2012-1108 scott_wheeler -- taglib Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation. 2012-09-06 4.3 CVE-2012-1584 sir -- gnuboard Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. 2012-09-06 4.3 CVE-2012-4873 sisoftware -- sandra_2012 Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 2010.7.16.52 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .sis file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5244 smartftp -- smartftp Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .html, or .mpg file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5219 snowfoxsoft -- snowfox_total_video_converter Untrusted search path vulnerability in SnowFox Total Video Converter 2.5.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5261 sony -- dvd_architect_pro Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a directory that contains a .dar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4880 sony -- moviez_hd Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2012-4881 sonycreativesoftware -- sound_forge Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5242 sophos -- free_encryption Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 and Sophos SafeGuard PrivateCrypto 2.40.1.2 allows local users to gain privileges via a Trojan horse pcrypt0406.dll file in the current working directory, as demonstrated by a directory that contains a .uti file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5249 soraxsoft -- sorax_reader Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5210 sothink -- swf_decompiler Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Build 610 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .flv file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5263 sowsoft -- effective_file_search Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2011-5156 spamtitan -- spamtitan Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php. 2012-08-31 4.3 CVE-2011-5149 spamtitan -- spamtitan Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-08-31 4.3 CVE-2011-5150 stdutility -- stdu_explorer Untrusted search path vulnerability in STDU Explorer 1.0.201 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5221 sweetscape -- 010_editor Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5229 swishzone -- swish_max3 Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 2009.11.30 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) SWiSHmax3res.dll file in the current working directory, as demonstrated by a directory that contains a .swi file. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2010-5215 techsmith -- camtasia_studio Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0.1 build 57 allow local users to gain privileges via a Trojan horse (1) MFC90ENU.DLL or (2) MFC90LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .cmmp or .camrec file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-07 6.9 CVE-2010-5234 tforum -- tforum Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action. 2012-08-31 4.3 CVE-2011-5138 the_collective -- acuity_cms Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. 2012-08-31 4.3 CVE-2012-4745 thomas_eibner -- mod_rpaf The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request. 2012-09-05 5.0 CVE-2012-3526 tracker-software -- pdf-xchange Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5245 tuneup -- tuneup_utilities_2009 Multiple untrusted search path vulnerabilities in TuneUp Utilities 2009 8.0.3310 and 2010 9.0.4600 allow local users to gain privileges via a Trojan horse (1) wscapi.dll or (2) vclib32.dll file in the current working directory, as demonstrated by a directory that contains a .tvs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2012-09-06 6.9 CVE-2010-5217 typo3 -- typo3 The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." 2012-09-04 5.0 CVE-2012-1605 typo3 -- typo3 The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. 2012-09-04 5.0 CVE-2012-1607 typo3 -- typo3 The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. 2012-09-04 5.0 CVE-2012-1608 typo3 -- typo3 view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)." 2012-09-05 4.6 CVE-2012-3527 typo3 -- typo3 Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. 2012-09-05 4.0 CVE-2012-3528 typo3 -- typo3 Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events. 2012-09-05 4.3 CVE-2012-3530 typo3 -- typo3 Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-09-05 4.3 CVE-2012-3531 ultravnc -- ultravnc Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5248 videocharge -- videocharge_studio Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .vsc file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5266 virtualdj -- virtual_dj Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 allows local users to gain privileges via a Trojan horse HDJAPI.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5233 vtiger -- vtiger_crm Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. 2012-09-06 5.0 CVE-2012-4867 wasen -- mod_simplefileupload Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. 2012-08-31 6.8 CVE-2011-5148 wikkawiki -- wikkawiki actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file. 2012-09-05 6.8 CVE-2011-4449 wikkawiki -- wikkawiki Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action. 2012-09-05 6.4 CVE-2011-4450 wikkawiki -- wikkawiki ** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter. 2012-09-05 4.3 CVE-2011-4451 wikkawiki -- wikkawiki Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action. 2012-09-05 6.8 CVE-2011-4452 winimage -- winimage Untrusted search path vulnerability in WinImage 8.50 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .imz file. NOTE: some of these details are obtained from third party information. 2012-09-07 6.9 CVE-2010-5253 xtremerat -- xtremerat Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as the current working directory. NOTE: some of these details are obtained from third party information. 2012-09-06 6.9 CVE-2012-4866 yaniv_aran-shamir -- gigya Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-08-31 4.3 CVE-2012-2117 zte -- zxdsl Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. 2012-08-31 6.8 CVE-2012-4746 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info coppermine-gallery -- coppermine_photo_gallery Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. 2012-09-04 3.5 CVE-2012-1613 freso -- languageicons Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors. 2012-09-04 3.5 CVE-2012-2065 gnome -- at-spi2-atk The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. 2012-08-31 3.3 CVE-2012-3378 ingumadev -- bokken Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot. 2012-08-31 2.6 CVE-2011-5146 naxsi_project -- naxsi Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. 2012-08-31 2.1 CVE-2012-3380 otrs -- otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. 2012-08-31 2.6 CVE-2012-4600 rssh -- rssh rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. 2012-08-31 2.1 CVE-2012-3478 symantec -- pgp_universal_server Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. 2012-09-04 2.9 CVE-2012-3582 tiger-fish -- fancy_slide Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. 2012-09-04 2.1 CVE-2012-2068 typo3 -- typo3 Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. 2012-09-04 3.5 CVE-2012-1606 typo3 -- typo3 The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. 2012-09-05 3.5 CVE-2012-3529 unixodbc -- unixodbc ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. 2012-08-31 2.1 CVE-2012-2657 unixodbc -- unixodbc ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. 2012-08-31 2.1 CVE-2012-2658 x -- x.org-xserver The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." 2012-09-05 3.6 CVE-2010-4819 This product is provided subject to this Notification and this Privacy & Use policy.
Categories: Technical

SB12-248: Vulnerability Summary for the Week of August 27, 2012

Mon, 11/19/2012 - 23:00
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info asterisk -- business_edition Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. 2012-08-31 9.0 CVE-2012-2186 bluecoat -- proxysg Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session. 2012-08-26 9.3 CVE-2010-5189 bluecoat -- proxyav Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device. 2012-08-26 9.3 CVE-2010-5191 bluecoat -- proxyone Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp). 2012-08-26 10.0 CVE-2011-5124 bluecoat -- reporter Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request. 2012-08-26 10.0 CVE-2011-5127 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors. 2012-08-25 10.0 CVE-2010-5185 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors. 2012-08-25 10.0 CVE-2011-5121 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors. 2012-08-25 10.0 CVE-2011-5123 condor_project -- condor Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. 2012-08-25 7.5 CVE-2012-3416 emc -- applicationxtender_desktop EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. 2012-08-25 7.5 CVE-2012-2289 google -- tunnelblick Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. 2012-08-26 7.2 CVE-2012-3484 google -- tunnelblick Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call. 2012-08-26 7.2 CVE-2012-3485 hp -- intelligent_management_center Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet. 2012-08-30 10.0 CVE-2012-3253 hp -- inode_management_center_pc Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet. 2012-08-30 10.0 CVE-2012-3254 icinga -- icinga The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors. 2012-08-25 7.5 CVE-2012-3441 mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2012-08-29 10.0 CVE-2012-1970 mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. 2012-08-29 9.3 CVE-2012-1971 mozilla -- firefox Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-1972 mozilla -- firefox Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-1973 mozilla -- firefox Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-1974 mozilla -- firefox Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-1975 mozilla -- firefox Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-1976 mozilla -- firefox Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-3956 mozilla -- firefox Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. 2012-08-29 10.0 CVE-2012-3957 mozilla -- firefox Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-3958 mozilla -- firefox Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-3959 mozilla -- firefox Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-3960 mozilla -- firefox Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-3961 mozilla -- firefox Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. 2012-08-29 9.3 CVE-2012-3962 mozilla -- firefox Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. 2012-08-29 10.0 CVE-2012-3963 mozilla -- firefox Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2012-08-29 10.0 CVE-2012-3964 mozilla -- firefox Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. 2012-08-29 9.3 CVE-2012-3965 mozilla -- firefox Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. 2012-08-29 10.0 CVE-2012-3966 mozilla -- firefox Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. 2012-08-29 10.0 CVE-2012-3968 mozilla -- firefox Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. 2012-08-29 9.3 CVE-2012-3969 mozilla -- firefox Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. 2012-08-29 10.0 CVE-2012-3970 mozilla -- firefox Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. 2012-08-29 10.0 CVE-2012-3971 mozilla -- firefox The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. 2012-08-29 7.6 CVE-2012-3973 mozilla -- firefox The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. 2012-08-29 9.3 CVE-2012-3980 mybb -- mybb Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list." 2012-08-30 10.0 CVE-2011-5133 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. 2012-08-30 10.0 CVE-2012-1682 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682. 2012-08-30 10.0 CVE-2012-3136 oracle -- jdk Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class. 2012-08-27 10.0 CVE-2012-4681 pluxml -- pluxml Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter. 2012-08-26 7.5 CVE-2012-2227 samsung -- kies The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document. 2012-08-24 9.3 CVE-2012-2990 sitecom -- wlm-2501 Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter. 2012-08-26 9.3 CVE-2012-1921 sourcefabric -- newscoop SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. 2012-08-27 7.5 CVE-2012-1934 symantec -- messaging_gateway Symantec Messaging Gateway before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. 2012-08-29 7.9 CVE-2012-3579 symantec -- messaging_gateway Symantec Messaging Gateway before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. 2012-08-29 7.7 CVE-2012-3580 thomas_hunter -- neoinvoice SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. 2012-08-25 7.5 CVE-2012-3477 thomas_hunter -- neoinvoice SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477. 2012-08-25 7.5 CVE-2012-4673 vbulletin -- vbulletin SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. 2012-08-28 7.5 CVE-2012-4686 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info mozilla -- firefox Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. 2012-08-29 5.8 CVE-2012-3976 3dprotect -- 3d_eqsecure ** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5150 agnitum -- outpost_security_suite ** DISPUTED ** Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5171 andreas_gohr -- dokuwiki ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token." 2012-08-27 6.8 CVE-2012-2128 andreas_gohr -- dokuwiki Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action. 2012-08-27 4.3 CVE-2012-2129 anti-virus -- virusblockada32 ** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5180 apache -- qpid Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. 2012-08-27 5.0 CVE-2012-3467 apple -- ichat_server Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. 2012-08-25 5.8 CVE-2012-4672 arbornetworks -- peakflow_sp Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index. 2012-08-28 4.3 CVE-2012-4685 avast! -- avast!_internet_security ** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5151 avg -- internet_security ** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5152 avira -- premium_security_suite ** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5153 bitdefender -- bitdefender_total_security_2010 ** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5154 bluecoat -- proxysg The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. 2012-08-26 5.0 CVE-2010-5190 bluecoat -- proxysg Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-08-26 4.3 CVE-2010-5192 bluecoat -- director Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method. 2012-08-26 4.3 CVE-2011-5125 bluecoat -- sgos Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file. 2012-08-26 5.0 CVE-2011-5126 bueltge -- adminimize Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2012-08-29 4.3 CVE-2011-4926 bueltge -- adminimize Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926. 2012-08-29 4.3 CVE-2011-5128 ca -- internet_security_suite_2010 ** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5156 checkpoint -- zonealarm_extreme_security ** DISPUTED ** Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5184 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file. 2012-08-25 4.3 CVE-2009-5123 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (application crash) via a crafted packed file. 2012-08-25 4.3 CVE-2009-5124 comodo -- comodo_internet_security Comodo Internet Security before 3.9.95478.509 allows remote attackers to bypass malware detection in an RAR archive via an unspecified manipulation of the archive file format. 2012-08-25 4.3 CVE-2009-5125 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to cause a denial of service (application crash) via a crafted file. 2012-08-25 4.3 CVE-2009-5126 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 3.8.64739.471 allows remote attackers to cause a denial of service (application crash) via a crafted file. 2012-08-25 4.3 CVE-2009-5127 comodo -- comodo_internet_security Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. 2012-08-25 6.2 CVE-2010-5157 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 4.1.150349.920 allows remote attackers to cause a denial of service (application crash) via a crafted file. 2012-08-25 4.3 CVE-2010-5186 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 5.4.189822.1355 allows remote attackers to cause a denial of service (application crash) via a crafted .PST file. 2012-08-25 4.3 CVE-2011-5120 comodo -- comodo_internet_security The Antivirus component in Comodo Internet Security before 5.3.175888.1227 allows remote attackers to cause a denial of service (application crash) via a crafted compressed file. 2012-08-25 4.3 CVE-2011-5122 cybozu -- cybozu_live The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. 2012-08-31 6.8 CVE-2012-4008 cybozu -- cybozu_live The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. 2012-08-31 6.8 CVE-2012-4009 danielb -- finder The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. 2012-08-28 6.0 CVE-2012-1641 darold -- squidclamav The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A. 2012-08-25 5.0 CVE-2012-3501 darold -- squidclamav Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/. 2012-08-25 4.3 CVE-2012-4667 docebo -- docebolms Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php. 2012-08-30 6.0 CVE-2011-5135 drweb -- web_security_space ** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5159 eeye -- blink ** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5155 elefantcms -- elefantcms Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview. 2012-08-26 4.3 CVE-2012-1296 elxis -- elxis_cms Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php. 2012-08-29 4.3 CVE-2011-4918 ematia -- elixir Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. 2012-08-26 4.3 CVE-2012-2146 emc -- cloud_tiering_appliance_virtual_edition EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase. 2012-08-29 6.8 CVE-2012-2285 emisoft -- online_armor ** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5169 epractizelabs -- subscription_manager showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter. 2012-08-30 6.4 CVE-2011-5136 eset -- smart_security ** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5160 f-secure -- f-secure_internet_security_2010 ** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5161 ffmpeg -- ffmpeg Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value. 2012-08-27 4.3 CVE-2012-0849 ffmpeg -- ffmpeg Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable. 2012-08-27 5.0 CVE-2012-0855 fribidi -- pyfribidi Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence. 2012-08-26 5.0 CVE-2012-1176 gajim -- gajim The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. 2012-08-28 6.8 CVE-2012-2085 gdata -- totalcare_2010 ** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5162 gfi -- vipre_antivirus ** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5181 giantrobot -- zipcart The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions. 2012-08-28 6.0 CVE-2012-1650 gimp -- gimp Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909. 2012-08-25 6.8 CVE-2012-3402 gimp -- gimp Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free." 2012-08-25 6.8 CVE-2012-3403 gimp -- gimp Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. 2012-08-25 6.8 CVE-2012-3481 gnome -- libgdata libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. 2012-08-26 5.1 CVE-2012-1177 gnu -- gnash Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. 2012-08-26 6.8 CVE-2012-1175 gnu -- bash Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. 2012-08-27 4.6 CVE-2012-3410 gnu -- emacs lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. 2012-08-25 6.8 CVE-2012-3479 gnu -- glibc Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. 2012-08-25 4.6 CVE-2012-3480 google -- tunnelblick Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. 2012-08-26 6.2 CVE-2012-3483 google -- tunnelblick Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. 2012-08-26 6.9 CVE-2012-3486 google -- tunnelblick Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. 2012-08-26 4.4 CVE-2012-4677 haudenschilt -- family_connections_cms dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter. 2012-08-30 6.8 CVE-2011-5130 ibm -- websphere_mq IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. 2012-08-29 4.3 CVE-2012-3295 ibm -- infosphere_guardium Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. 2012-08-29 6.8 CVE-2012-3309 ibm -- infosphere_guardium The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network. 2012-08-29 5.0 CVE-2012-3312 ibm -- websphere_application_server IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. 2012-08-30 6.0 CVE-2012-3325 ioserver -- ioserver Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI. 2012-08-27 4.3 CVE-2012-4680 isode -- m-link M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. 2012-08-25 5.8 CVE-2012-4669 jabber2 -- jabberd2 s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. 2012-08-25 5.8 CVE-2012-3525 jason_savino -- fp The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors. 2012-08-28 5.0 CVE-2012-1643 kaspersky -- kaspersky_internet_security_2010 ** DISPUTED ** Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5163 katello -- katello The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token. 2012-08-25 6.5 CVE-2012-3503 kingsoft -- personal_firewall_9 ** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5164 mediafront -- mediafront Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION. 2012-08-28 4.3 CVE-2012-1647 mozilla -- firefox Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. 2012-08-29 4.3 CVE-2012-1956 mozilla -- firefox The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. 2012-08-29 6.8 CVE-2012-3967 mozilla -- firefox The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. 2012-08-29 5.0 CVE-2012-3972 mozilla -- firefox Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. 2012-08-29 6.9 CVE-2012-3974 mozilla -- firefox The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. 2012-08-29 4.3 CVE-2012-3975 mozilla -- firefox The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. 2012-08-29 6.8 CVE-2012-3978 mozilla -- firefox Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. 2012-08-29 6.8 CVE-2012-3979 munin-monitoring -- munin cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request. 2012-08-26 6.8 CVE-2012-2104 munin-monitoring -- munin munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. 2012-08-26 5.0 CVE-2012-2147 munin-monitoring -- munin munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. 2012-08-26 5.0 CVE-2012-4678 mybb -- mybb Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. 2012-08-30 6.8 CVE-2011-5131 mybb -- mybb Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX." 2012-08-30 4.3 CVE-2011-5132 nicolas_cannasse -- ocaml_xml-light_library OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors. 2012-08-25 5.0 CVE-2012-3514 norman -- security_suite ** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5167 online-solutions -- online_solutions_security_suite ** DISPUTED ** Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5170 openttd -- openttd OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. 2012-08-25 4.3 CVE-2012-0048 opera -- opera_browser Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660. 2012-08-30 5.0 CVE-2012-4010 pandasecurity -- panda_internet_security_2010 ** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5172 pbboard -- pbboard Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216. 2012-08-27 6.8 CVE-2012-4036 pcsecurityshield -- security_shield_2010 ** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5176 pctools -- pctools_firewall ** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5173 pctools -- threatfire ** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5178 php -- php The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 does not properly handle %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. 2012-08-30 4.3 CVE-2011-1398 pluxml -- pluxml PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. 2012-08-26 5.0 CVE-2012-4674 pluxml -- pluxml Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. 2012-08-26 4.3 CVE-2012-4675 prevx -- prevx ** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5174 psyced -- psyced psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. 2012-08-25 5.8 CVE-2012-4671 pwicorp -- privatefirewall ** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5175 rik_de_boer -- revisioning The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content. 2012-08-28 6.4 CVE-2012-1635 roundcube -- webmail Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email. 2012-08-25 4.3 CVE-2012-3508 roundcube -- webmail Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. 2012-08-25 4.3 CVE-2012-4668 sgi -- performance_co-pilot libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads. 2012-08-27 5.0 CVE-2012-3418 sgi -- performance_co-pilot Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. 2012-08-27 5.0 CVE-2012-3419 sgi -- performance_co-pilot Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. 2012-08-27 5.0 CVE-2012-3420 sgi -- performance_co-pilot The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." 2012-08-27 5.0 CVE-2012-3421 silverstripe -- silverstripe The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." 2012-08-26 6.8 CVE-2010-5080 silverstripe -- silverstripe SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller. 2012-08-26 5.0 CVE-2010-5087 silverstripe -- silverstripe Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087. 2012-08-26 6.8 CVE-2010-5088 silverstripe -- silverstripe SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. 2012-08-26 4.3 CVE-2010-5089 silverstripe -- silverstripe SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security. 2012-08-26 4.0 CVE-2010-5090 silverstripe -- silverstripe The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file. 2012-08-26 6.0 CVE-2010-5091 silverstripe -- silverstripe Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user. 2012-08-26 5.0 CVE-2010-5093 silverstripe -- silverstripe The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing." 2012-08-26 5.0 CVE-2010-5094 silverstripe -- silverstripe Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination. 2012-08-26 4.3 CVE-2010-5095 silverstripe -- silverstripe SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message. 2012-08-26 4.3 CVE-2010-5187 silverstripe -- silverstripe SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php. 2012-08-26 5.0 CVE-2010-5188 softsphere -- defensewall_personal_firewall ** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5158 sophos -- sophos_endpoint_security_and_control ** DISPUTED ** Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5177 sourcefabric -- newscoop Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php. 2012-08-27 6.8 CVE-2012-1933 sourcefabric -- newscoop Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php. 2012-08-27 4.3 CVE-2012-1935 sourcefabric -- newscoop Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. 2012-08-27 4.3 CVE-2012-4679 symantec -- norton_internet_security_2010 ** DISPUTED ** Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5168 symantec -- messaging_gateway Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. 2012-08-29 4.3 CVE-2012-0307 symantec -- messaging_gateway Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway before 10.0 allows remote attackers to hijack the authentication of administrators. 2012-08-29 6.8 CVE-2012-0308 tedfelix -- acpid2 samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands. 2012-08-29 4.6 CVE-2011-2777 tedfelix -- acpid2 event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls. 2012-08-29 4.6 CVE-2011-4578 tigase -- tigase_xmpp_server Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. 2012-08-25 6.4 CVE-2012-4670 tor -- tor Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. 2012-08-25 5.0 CVE-2012-3517 tor -- tor The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document. 2012-08-25 5.0 CVE-2012-3518 tor -- tor routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. 2012-08-25 5.0 CVE-2012-3519 torchsoft -- malware_defender ** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5165 trendmicro -- internet_security_2010 ** DISPUTED ** Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5179 typo3 -- typo3 Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages. 2012-08-27 4.3 CVE-2012-2112 virusbuster -- virusbuster_internet_securit_suite ** DISPUTED ** Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5182 webroot -- internet_security_essentials ** DISPUTED ** Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. 2012-08-25 6.2 CVE-2010-5183 websense -- websense_v10000 The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering. 2012-08-26 5.0 CVE-2009-5128 websense -- websense_v10000 The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password. 2012-08-26 5.0 CVE-2009-5129 websense -- websense_email_security The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size. 2012-08-26 4.3 CVE-2009-5130 websense -- websense_email_security The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. 2012-08-26 5.0 CVE-2009-5131 websense -- websense_web_filter The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before 7.1 allow remote attackers to cause a denial of service (filtering outage) via a crafted URL. 2012-08-26 5.0 CVE-2009-5132 websense -- websense_content_content_gateway Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter. 2012-08-24 4.3 CVE-2012-2984 widgetfactorylimited -- com_jce Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information. 2012-08-30 6.0 CVE-2011-5134 wireshark -- wireshark The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. 2012-08-30 4.3 CVE-2012-3548 xchat -- xchat Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string. 2012-08-30 5.0 CVE-2011-5129 yaml-fuer-drupal -- linkchecker includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. 2012-08-28 5.0 CVE-2012-1642 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info comodo -- comodo_internet_security Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors. 2012-08-25 1.9 CVE-2011-5118 comodo -- comodo_internet_security Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors. 2012-08-25 1.9 CVE-2011-5119 creative_commons_module_project -- creativecommons Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. 2012-08-26 2.1 CVE-2012-2297 debian -- cifs-utils mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. 2012-08-27 2.1 CVE-2012-1586 gizra -- og_vocab The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors. 2012-08-28 2.1 CVE-2012-1644 google -- tunnelblick Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. 2012-08-26 1.2 CVE-2012-3487 google -- tunnelblick The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. 2012-08-26 1.2 CVE-2012-4676 munin-monitoring -- munin The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. 2012-08-26 1.2 CVE-2012-2103 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. 2012-08-30 0.0 CVE-2012-0547 python -- python Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. 2012-08-27 1.9 CVE-2011-4944 roundcube -- roundcube_webmail Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. 2012-08-25 2.6 CVE-2012-3507 silverstripe -- silverstripe The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database. 2012-08-26 1.9 CVE-2010-5092 sophos -- safeguard_enterprise The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations. 2012-08-29 3.3 CVE-2012-4736 symantec -- messaging_gateway Symantec Messaging Gateway before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. 2012-08-29 3.3 CVE-2012-3581 wimleers -- cdn The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php. 2012-08-28 2.6 CVE-2012-1645 This product is provided subject to this Notification and this Privacy & Use policy.
Categories: Technical

SB12-240: Vulnerability Summary for the Week of August 20, 2012

Tue, 11/13/2012 - 00:00
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- adobe_air Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164, CVE-2012-4165, and CVE-2012-4166. 2012-08-21 10.0 CVE-2012-4163 adobe -- adobe_air Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4165, and CVE-2012-4166. 2012-08-21 10.0 CVE-2012-4164 adobe -- adobe_air Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4164, and CVE-2012-4166. 2012-08-21 10.0 CVE-2012-4165 adobe -- adobe_air Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4164, and CVE-2012-4165. 2012-08-21 10.0 CVE-2012-4166 adobe -- adobe_air Integer overflow in Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors. 2012-08-21 10.0 CVE-2012-4167 adobe -- acrobat_reader Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems." 2012-08-21 9.3 CVE-2012-4363 alurian -- prismotube_video_script SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. 2012-08-23 7.5 CVE-2011-5103 att -- status The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. 2012-08-21 7.1 CVE-2012-2980 blueflyingfish -- com_alameda SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. 2012-08-23 7.5 CVE-2011-5112 calligra -- calligra Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. 2012-08-20 7.5 CVE-2012-3456 foxitsoftware -- foxit_reader Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. 2012-08-23 9.3 CVE-2012-4337 google -- chrome_os Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." 2012-08-22 10.0 CVE-2012-2864 hp -- san/iq lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. 2012-08-20 7.7 CVE-2012-2986 hp -- serviceguard Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors. 2012-08-20 7.8 CVE-2012-3252 hp -- san/iq lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. 2012-08-20 7.7 CVE-2012-4361 john_geo -- freelancer_calendar Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory. 2012-08-23 7.5 CVE-2011-5109 john_geo -- blogs_manager Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/. 2012-08-23 7.5 CVE-2011-5110 kajianwebsite -- cms_balitbang Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php. 2012-08-23 7.5 CVE-2011-5111 kde -- koffice Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. 2012-08-20 7.5 CVE-2012-3455 korenix -- jetport The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. 2012-08-21 10.0 CVE-2012-4577 mcafee -- virusscan_enterprise Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. 2012-08-22 9.3 CVE-2009-5118 mcafee -- firewall_reporter The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. 2012-08-22 7.5 CVE-2011-5100 mcafee -- email_and_web_security McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. 2012-08-22 7.5 CVE-2012-4595 mcafee -- epo_mcafee_virtual_technician An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. 2012-08-22 9.3 CVE-2012-4598 mcafee -- smartfilter_administration McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBOSS Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file. 2012-08-22 10.0 CVE-2012-4599 setseed -- setseed_cms SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie. 2012-08-23 7.5 CVE-2011-5116 sielcosistemi -- winlog_lite Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. 2012-08-19 9.3 CVE-2012-4353 sielcosistemi -- winlog_lite TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. 2012-08-19 9.3 CVE-2012-4354 sielcosistemi -- winlog_lite TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. 2012-08-19 9.3 CVE-2012-4355 sielcosistemi -- winlog_lite Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. 2012-08-19 9.3 CVE-2012-4357 sielcosistemi -- winlog_lite Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. 2012-08-19 9.3 CVE-2012-4358 sielcosistemi -- winlog_lite Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358. 2012-08-19 9.3 CVE-2012-4359 techdeluge -- com_techfolio SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. 2012-08-23 7.5 CVE-2011-5113 websense -- websense_web_filter The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. 2012-08-23 7.5 CVE-2011-5102 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adaptcms -- adaptcms Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified. 2012-08-23 4.3 CVE-2011-5108 adobe -- adobe_air Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. 2012-08-21 4.3 CVE-2012-4168 apache -- http_server The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. 2012-08-22 4.3 CVE-2012-3502 apple -- apple_remote_desktop Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. 2012-08-22 4.3 CVE-2012-0681 avg -- anti-virus AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. 2012-08-22 6.4 CVE-2010-3498 barraguard -- barracuda_link_balancer_series_firmware Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope parameter. 2012-08-23 4.3 CVE-2011-5114 cypherpunks -- libotr The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow. 2012-08-20 4.3 CVE-2012-3461 debian -- devotee devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. 2012-08-20 5.0 CVE-2012-2387 dlguard -- dlguard Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php. 2012-08-23 4.3 CVE-2011-5115 f-secure -- anti-virus F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors." 2012-08-22 6.4 CVE-2010-3499 ffmpeg -- ffmpeg The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file. 2012-08-20 6.8 CVE-2011-3929 ffmpeg -- ffmpeg The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. 2012-08-20 4.3 CVE-2011-3936 ffmpeg -- ffmpeg nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams." 2012-08-20 6.8 CVE-2011-3940 ffmpeg -- ffmpeg The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file. 2012-08-20 6.8 CVE-2011-3945 ffmpeg -- ffmpeg Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. 2012-08-20 6.8 CVE-2011-3947 ffmpeg -- ffmpeg The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file. 2012-08-20 6.8 CVE-2011-3951 ffmpeg -- ffmpeg The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. 2012-08-20 6.8 CVE-2011-3952 ffmpeg -- ffmpeg Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow. 2012-08-20 6.8 CVE-2011-4352 ffmpeg -- ffmpeg The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. 2012-08-20 4.3 CVE-2011-4353 ffmpeg -- ffmpeg Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams. 2012-08-20 6.8 CVE-2011-4364 ffmpeg -- ffmpeg The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed." 2012-08-20 4.3 CVE-2011-4579 ffmpeg -- ffmpeg Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. 2012-08-20 4.3 CVE-2012-0847 ffmpeg -- ffmpeg Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." 2012-08-20 4.3 CVE-2012-0848 ffmpeg -- ffmpeg The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. 2012-08-20 4.3 CVE-2012-0850 ffmpeg -- ffmpeg The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value. 2012-08-20 6.8 CVE-2012-0851 ffmpeg -- ffmpeg The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two. 2012-08-20 6.8 CVE-2012-0852 ffmpeg -- ffmpeg The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. 2012-08-20 6.8 CVE-2012-0853 ffmpeg -- ffmpeg The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow. 2012-08-20 5.0 CVE-2012-0854 ffmpeg -- ffmpeg Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. 2012-08-20 5.0 CVE-2012-0857 ffmpeg -- ffmpeg The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". 2012-08-20 6.8 CVE-2012-0858 ffmpeg -- ffmpeg The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. 2012-08-20 6.8 CVE-2012-0859 fractalia -- flexible_custom_post_type Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2012-08-23 4.3 CVE-2011-5106 getshopped -- wp_e-commerce Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. 2012-08-23 4.3 CVE-2011-5104 gnome -- libsoup libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. 2012-08-20 5.0 CVE-2012-2132 gree -- gree The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. 2012-08-17 4.3 CVE-2012-4006 hp -- san/iq hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. 2012-08-20 4.0 CVE-2012-4362 ibm -- rational_clearquest IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. 2012-08-17 5.0 CVE-2012-0744 ibm -- rational_clearquest The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack. 2012-08-17 5.5 CVE-2012-2164 ibm -- rational_clearquest IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. 2012-08-17 4.0 CVE-2012-2168 ibm -- websphere_application_server IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol. 2012-08-21 5.0 CVE-2012-2190 ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. 2012-08-21 4.3 CVE-2012-3293 ibm -- power_hardware_management_console Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-08-17 4.3 CVE-2012-3296 ibm -- lotus_domino Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers. 2012-08-21 4.3 CVE-2012-3301 ibm -- lotus_domino Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server. 2012-08-21 4.3 CVE-2012-3302 jease -- jease Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter. 2012-08-20 4.3 CVE-2012-4052 libav -- libav Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size. 2012-08-20 6.8 CVE-2012-0947 mcafee -- common_management_agent McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. 2012-08-22 6.5 CVE-2009-5115 mcafee -- linuxshield McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. 2012-08-22 6.5 CVE-2009-5116 mcafee -- virusscan_enterprise McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. 2012-08-22 6.4 CVE-2010-3496 mcafee -- saas_endpoint_protection The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam. 2012-08-22 5.0 CVE-2011-5101 mcafee -- email_and_web_security Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. 2012-08-22 4.3 CVE-2012-4580 mcafee -- email_and_web_security McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. 2012-08-22 6.8 CVE-2012-4581 mcafee -- email_and_web_security McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. 2012-08-22 4.9 CVE-2012-4582 mcafee -- email_and_web_security McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. 2012-08-22 4.0 CVE-2012-4583 mcafee -- email_and_web_security McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL. 2012-08-22 4.0 CVE-2012-4585 mcafee -- enterprise_mobility_manager McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames. 2012-08-22 4.3 CVE-2012-4588 mcafee -- enterprise_mobility_manager Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. 2012-08-22 4.3 CVE-2012-4590 mcafee -- enterprise_mobility_manager About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. 2012-08-22 5.0 CVE-2012-4591 mcafee -- enterprise_mobility_manager The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2012-08-22 5.0 CVE-2012-4592 mcafee -- application_control McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. 2012-08-22 5.0 CVE-2012-4593 mcafee -- epolicy_orchestrator McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a updated ID value in a console URL. 2012-08-22 4.0 CVE-2012-4594 mcafee -- email_gateway Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. 2012-08-22 4.3 CVE-2012-4596 mcafee -- email_and_web_security Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. 2012-08-22 4.3 CVE-2012-4597 mixi -- mixi The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. 2012-08-17 4.3 CVE-2012-4007 openstack -- folsom virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. 2012-08-20 4.9 CVE-2012-3447 otrs -- otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. 2012-08-23 4.3 CVE-2012-2582 phpmyadmin -- phpmyadmin show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. 2012-08-21 5.0 CVE-2012-4219 sielcosistemi -- winlog_lite Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. 2012-08-19 4.3 CVE-2012-4356 sophos -- disk_encryption Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials. 2012-08-24 6.9 CVE-2011-5117 symantec -- norton_antivirus Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." 2012-08-22 6.4 CVE-2010-3497 tecnick -- tcexam Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. 2012-08-20 6.8 CVE-2012-4237 totalshopuk -- ecommerce Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. 2012-08-20 4.3 CVE-2012-4236 websense -- enterprise The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address. 2012-08-23 5.0 CVE-2008-7312 websense -- websense_web_filter The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. 2012-08-23 4.3 CVE-2009-5119 websense -- websense_web_filter The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. 2012-08-23 4.3 CVE-2009-5120 websense -- websense_email_security Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. 2012-08-23 5.0 CVE-2009-5121 websense -- websense_email_security The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query. 2012-08-23 5.0 CVE-2009-5122 websense -- websense The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. 2012-08-23 4.3 CVE-2010-5144 websense -- websense_web_filter The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. 2012-08-23 4.3 CVE-2010-5145 websense -- websense_web_filter The Remote Filtering component in Websense Web Security and Web Filter before 6.3.3 Hotfix 18 and 7.x before 7.1.1 allows remote attackers to cause a denial of service (daemon exit) via a large volume of traffic. 2012-08-23 5.0 CVE-2010-5147 websense -- websense_web_filter Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2012-08-23 5.0 CVE-2010-5148 websense -- websense_web_filter Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x before 7.1.1 allow remote attackers to cause a denial of service (Blue Coat appliance integration outage) via a long URL. 2012-08-23 5.0 CVE-2010-5149 websense -- websense_web_security The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. 2012-08-23 4.3 CVE-2012-4604 websense -- websense_email_security The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. 2012-08-23 5.0 CVE-2012-4605 wordpress -- alert_before_you_post Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. 2012-08-23 4.3 CVE-2011-5107 zohocorp -- manageengine_adselfservice_plus Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. 2012-08-23 4.3 CVE-2011-5105 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- http_server Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. 2012-08-22 2.6 CVE-2012-2687 cutesoft_components -- cute_editor Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter. 2012-08-21 3.5 CVE-2012-2985 ffmpeg -- ffmpeg Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. 2012-08-20 2.6 CVE-2012-0856 ibm -- db2 Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. 2012-08-24 3.5 CVE-2012-0713 ibm -- rational_clearquest IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. 2012-08-17 3.5 CVE-2012-2165 ibm -- rational_clearquest Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. 2012-08-17 3.5 CVE-2012-2169 ibm -- rational_clearquest Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. 2012-08-17 3.5 CVE-2012-2205 mcafee -- host_data_loss_prevention The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files. 2012-08-22 1.9 CVE-2009-5117 mcafee -- virusscan_enterprise McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. 2012-08-22 2.6 CVE-2010-5143 mcafee -- email_and_web_security McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes. 2012-08-22 3.5 CVE-2012-4584 mcafee -- email_and_web_security McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. 2012-08-22 3.5 CVE-2012-4586 mcafee -- enterprise_mobility_manager McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. 2012-08-22 3.5 CVE-2012-4587 mcafee -- enterprise_mobility_manager Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. 2012-08-22 2.1 CVE-2012-4589 pawel_jakub_dawidek -- geli The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. 2012-08-21 2.1 CVE-2012-4578 phpmyadmin -- phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. 2012-08-21 3.5 CVE-2012-4345 phpmyadmin -- phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. 2012-08-21 3.5 CVE-2012-4579 tecnick -- tcexam Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. 2012-08-20 2.1 CVE-2012-4238 websense -- websense_web_filter The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files. 2012-08-23 2.1 CVE-2010-5146 This product is provided subject to this Notification and this Privacy & Use policy.
Categories: Technical