Vulnerability Summary for the Week of October 1, 2012
Released
Oct 08, 2012
Document ID
SB12-282
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accomplishtechnology -- phpmydirectory | SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-10-04 | 7.5 | CVE-2012-5288 |
| akiva -- webboard | SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. | 2012-10-04 | 7.5 | CVE-2011-5203 |
| atar2b -- atar2b_cms | Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php. | 2012-10-04 | 7.5 | CVE-2012-5292 |
| ca -- license_software | CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors. | 2012-10-02 | 7.2 | CVE-2012-0691 |
| ca -- license_software | CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors. | 2012-10-02 | 7.2 | CVE-2012-0692 |
| condor_project -- condor | Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors. | 2012-09-28 | 10.0 | CVE-2012-5196 |
| condor_project -- condor | Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls." | 2012-09-28 | 10.0 | CVE-2012-5197 |
| crawlability -- vbseo | The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch. | 2012-10-01 | 7.5 | CVE-2012-5223 |
| devscripts_devel_team -- devscripts | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | 2012-09-30 | 7.5 | CVE-2012-2240 |
| google -- sketchup | Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file. | 2012-10-05 | 9.3 | CVE-2012-4894 |
| guac-dev -- guacamole | Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. | 2012-09-30 | 7.5 | CVE-2012-4415 |
| harmistechnology -- com_jesubmit | Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. | 2012-10-01 | 7.5 | CVE-2012-5230 |
| jessgramp -- minicms | miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/. | 2012-10-01 | 7.5 | CVE-2012-5231 |
| krzysztof_kowalczyk -- sumatrapdf | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896. | 2012-10-05 | 9.3 | CVE-2012-4895 |
| krzysztof_kowalczyk -- sumatrapdf | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895. | 2012-10-05 | 9.3 | CVE-2012-4896 |
| linux -- linux_kernel | Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. | 2012-10-03 | 7.6 | CVE-2012-3400 |
| linux -- linux_kernel | The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. | 2012-10-03 | 7.8 | CVE-2012-3412 |
| mavili_guestbook_project -- mavili_guestbook | SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-10-04 | 7.5 | CVE-2012-5297 |
| mavili_guestbook_project -- mavili_guestbook | Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via direct a request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. | 2012-10-04 | 7.5 | CVE-2012-5299 |
| mystorexpress -- tienda_virtual | SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-10-04 | 7.5 | CVE-2012-5294 |
| mystorexpress -- tienda_virtual | SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-10-04 | 7.5 | CVE-2012-5300 |
| nextbbs -- nextbbs | user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | 2012-10-01 | 7.5 | CVE-2012-1602 |
| nextbbs -- nextbbs | Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | 2012-10-01 | 7.5 | CVE-2012-1603 |
| optipng -- optipng | Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction." | 2012-09-30 | 7.5 | CVE-2012-4432 |
| peel -- peel_shopping | SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-10-01 | 7.5 | CVE-2012-5227 |
| plogger -- plogger | Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. | 2012-10-04 | 7.5 | CVE-2012-5289 |
| possesports -- posse_softball_director_cms | SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter. | 2012-10-04 | 7.5 | CVE-2012-5291 |
| redgraphic -- sapid_cms | Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php. | 2012-10-04 | 7.5 | CVE-2012-5293 |
| redhat -- enterprise_mrg | Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. | 2012-09-28 | 7.5 | CVE-2012-2684 |
| vbadvanced -- vbadvanced_cmps | PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter. | 2012-10-01 | 7.5 | CVE-2012-5224 |
| wcs4web -- easywebrealestate | Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php. | 2012-10-04 | 7.5 | CVE-2012-5290 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- qpid | Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections. | 2012-09-28 | 5.0 | CVE-2012-2145 |
| atheme -- atheme | The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. | 2012-10-01 | 6.0 | CVE-2012-1576 |
| cerberusftp -- ftp_server | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify. | 2012-10-04 | 6.8 | CVE-2012-2999 |
| cerberusftp -- ftp_server | The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. | 2012-10-04 | 5.0 | CVE-2012-5301 |
| condor_project -- condor | src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors. | 2012-09-28 | 4.0 | CVE-2012-3491 |
| condor_project -- condor | The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory. | 2012-09-28 | 6.4 | CVE-2012-3492 |
| condor_project -- condor | The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId. | 2012-09-28 | 5.8 | CVE-2012-3493 |
| dart -- powertcp_activex | Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request. | 2012-10-04 | 5.0 | CVE-2012-3819 |
| david_king -- vino | Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. | 2012-09-30 | 5.0 | CVE-2012-4429 |
| devscripts_devel_team -- devscripts | scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. | 2012-09-30 | 5.0 | CVE-2012-2241 |
| devscripts_devel_team -- devscripts | scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. | 2012-09-30 | 6.8 | CVE-2012-2242 |
| drupal -- drupal | The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page. | 2012-09-30 | 4.0 | CVE-2012-1590 |
| drupal -- drupal | The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | 2012-09-30 | 5.0 | CVE-2012-1591 |
| drupal -- drupal | Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | 2012-09-30 | 4.0 | CVE-2012-2153 |
| eliteweaver -- xclick_cart | Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. | 2012-10-01 | 4.3 | CVE-2012-5225 |
| emerson -- deltav | Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. | 2012-10-01 | 5.0 | CVE-2012-3035 |
| eucalyptus -- eucalyptus | The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. | 2012-10-01 | 5.0 | CVE-2012-4063 |
| eucalyptus -- eucalyptus | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id. | 2012-10-01 | 6.5 | CVE-2012-4064 |
| fedoraproject -- 389_directory_server | 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. | 2012-09-30 | 6.0 | CVE-2012-4450 |
| finalbeta -- mywebsearch | Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | 2012-10-05 | 4.3 | CVE-2012-4018 |
| fusetalk -- fusetalk | Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. | 2012-10-04 | 4.3 | CVE-2012-5295 |
| gnome -- gnome-shell | The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | 2012-09-30 | 6.8 | CVE-2012-4427 |
| hp -- ibrix | Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors. | 2012-10-02 | 5.0 | CVE-2012-3266 |
| hp -- network_node_manager_i | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. | 2012-10-04 | 5.0 | CVE-2012-3267 |
| ibm -- rational_team_concert | Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items. | 2012-10-01 | 6.8 | CVE-2012-0748 |
| ibm -- tivoli_federated_identity_manager | IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate. | 2012-10-02 | 5.8 | CVE-2012-3314 |
| ibm -- rational_business_developer | IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product. | 2012-10-01 | 5.0 | CVE-2012-3319 |
| ibm -- websphere_commerce | Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. | 2012-10-01 | 5.0 | CVE-2012-4830 |
| ivano_binetti -- wolf_cms | Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters. | 2012-10-01 | 4.3 | CVE-2012-1898 |
| linux -- linux_kernel | The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. | 2012-10-03 | 4.9 | CVE-2011-3209 |
| linux -- linux_kernel | The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. | 2012-10-03 | 4.9 | CVE-2012-3375 |
| linux -- linux_kernel | Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. | 2012-10-03 | 5.6 | CVE-2012-3510 |
| linux -- linux_kernel | Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. | 2012-10-03 | 4.7 | CVE-2012-3511 |
| linux -- linux_kernel | The IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. | 2012-10-03 | 5.4 | CVE-2012-3552 |
| luke_herrington -- stickynote | Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | 2012-10-01 | 4.3 | CVE-2012-1636 |
| matthew_fries -- mf_gig_calendar | Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | 2012-10-01 | 4.3 | CVE-2012-4242 |
| mavili_guestbook_project -- mavili_guestbook | Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp. | 2012-10-04 | 4.3 | CVE-2012-5296 |
| mavili_guestbook_project -- mavili_guestbook | Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. | 2012-10-04 | 5.0 | CVE-2012-5298 |
| mediafire -- mod_quick_form | Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-10-01 | 4.3 | CVE-2012-5232 |
| michael_biebl -- policykit | PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication. | 2012-10-01 | 4.4 | CVE-2011-4945 |
| nextbbs -- nextbbs | Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. | 2012-10-01 | 4.3 | CVE-2012-1604 |
| ocportal -- ocportal | Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. | 2012-10-01 | 4.3 | CVE-2012-1470 |
| ocportal -- ocportal | Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 2012-10-01 | 5.0 | CVE-2012-1471 |
| ocportal -- ocportal | Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. | 2012-10-01 | 5.8 | CVE-2012-5234 |
| oneorzero -- action_and_information_management_system | Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | 2012-10-01 | 4.3 | CVE-2012-0989 |
| peel -- peel_shopping | Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php. | 2012-10-01 | 4.3 | CVE-2012-5226 |
| postgresql -- postgresql | The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. | 2012-10-03 | 5.8 | CVE-2012-3488 |
| postgresql -- postgresql | The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. | 2012-10-03 | 5.0 | CVE-2012-3489 |
| rapidleech -- rapidleech | Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter. | 2012-10-04 | 4.3 | CVE-2011-5205 |
| rapidleech -- rapidleech | Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter. | 2012-10-04 | 4.3 | CVE-2011-5206 |
| redhat -- enterprise_mrg | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." | 2012-09-28 | 5.0 | CVE-2012-2680 |
| redhat -- enterprise_mrg | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. | 2012-09-28 | 5.8 | CVE-2012-2681 |
| redhat -- enterprise_mrg | Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." | 2012-09-28 | 4.3 | CVE-2012-2683 |
| redhat -- enterprise_mrg | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. | 2012-09-28 | 4.0 | CVE-2012-2685 |
| redhat -- enterprise_mrg | Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. | 2012-09-28 | 6.8 | CVE-2012-2734 |
| redhat -- enterprise_mrg | Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. | 2012-09-28 | 4.3 | CVE-2012-2735 |
| redhat -- enterprise_mrg | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. | 2012-09-28 | 4.9 | CVE-2012-3459 |
| smarty -- smarty | Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. | 2012-09-30 | 4.3 | CVE-2012-4437 |
| springsource -- grails | VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application. | 2012-09-28 | 5.0 | CVE-2012-1833 |
| thecartpress -- thecartpress | Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. | 2012-10-04 | 4.3 | CVE-2011-5207 |
| tikiwiki -- tikiki_cms_groupware | Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | 2012-09-30 | 4.3 | CVE-2011-4551 |
| tincan -- phplist | Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information. | 2012-10-01 | 4.3 | CVE-2012-5228 |
| ubiquity_slideshow_team -- ubiquity-slideshow-ubuntu | ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed. | 2012-09-28 | 6.8 | CVE-2012-0956 |
| wireshark -- wireshark | Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. | 2012-10-04 | 5.8 | CVE-2012-5240 |
| wolfcms -- wolf_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout. | 2012-10-01 | 6.8 | CVE-2012-1897 |
| wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. | 2012-09-28 | 6.8 | CVE-2012-4448 |
| wordpress -- slideshow_gallery2 | Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | 2012-10-01 | 4.3 | CVE-2012-5229 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| akiva -- webboard | Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. | 2012-10-04 | 1.9 | CVE-2011-5204 |
| bywombats -- commerce | Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. | 2012-10-01 | 3.5 | CVE-2012-1639 |
| devscripts_devel_team -- devscripts | scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. | 2012-09-30 | 1.2 | CVE-2012-3500 |
| drupal -- drupal | Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. | 2012-09-30 | 3.5 | CVE-2012-1588 |
| eucalyptus -- eucalyptus | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting. | 2012-10-01 | 3.5 | CVE-2012-4065 |
| ibm -- aix | fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | 2012-10-01 | 2.1 | CVE-2012-4833 |
| linux -- linux_kernel | Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. | 2012-10-03 | 3.3 | CVE-2011-1833 |
| linux -- linux_kernel | The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. | 2012-10-03 | 2.1 | CVE-2012-3430 |
| linux -- linux_kernel | The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager. | 2012-10-03 | 1.9 | CVE-2012-3520 |
| luke_herrington -- stickynote | Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | 2012-10-01 | 2.1 | CVE-2012-5233 |
| sysprogs -- wincdemu | BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe. | 2012-10-01 | 2.1 | CVE-2011-5202 |
| wireshark -- wireshark | The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | 2012-10-04 | 3.3 | CVE-2012-5237 |
| wireshark -- wireshark | epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. | 2012-10-04 | 3.3 | CVE-2012-5238 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.