Weekly Vulnerabilities Reports > December 5 to 11, 2011

Overview

70 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 68 products from 48 vendors including Opera, Microsoft, Oneclickorgs, Apple, and Google. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Path Traversal", "Information Exposure", and "Improper Input Validation".

  • 66 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 64 reported vulnerabilities are exploitable by an anonymous user.
  • Opera has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-09 CVE-2011-4719 Google
Acer
Samsung
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
10.0
2011-12-08 CVE-2011-2653 Novell Path Traversal vulnerability in Novell Zenworks Asset Management 7.5

Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.

10.0
2011-12-07 CVE-2011-4684 Opera Cryptographic Issues vulnerability in Opera Browser

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."

10.0
2011-12-07 CVE-2011-4683 Opera Remote Security vulnerability in Opera Web Browser

Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."

10.0
2011-12-07 CVE-2011-2462 Adobe
Apple
Microsoft
Unix
Unspecified vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

10.0
2011-12-05 CVE-2011-4051 Indusoft Improper Authentication vulnerability in Indusoft web Studio 6.1/7.0

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

10.0
2011-12-05 CVE-2011-2397 Ironmountain Improper Input Validation vulnerability in Ironmountain Connected Backup 8.4

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

10.0
2011-12-07 CVE-2011-4694 Adobe
Apple
Microsoft
Remote Security vulnerability in Adobe Flash Player 11.1.102.55

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA).

9.3
2011-12-07 CVE-2011-4693 Adobe
Apple
Microsoft
Remote Security vulnerability in Adobe Flash Player 11.1.102.55

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA).

9.3
2011-12-05 CVE-2011-4052 Indusoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Indusoft web Studio 6.1/7.0

Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name.

9.3
2011-12-06 CVE-2011-4130 Proftpd Resource Management Errors vulnerability in Proftpd

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

9.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-10 CVE-2011-4357 Brandon Long USE of Externally-Controlled Format String vulnerability in Brandon Long Clearsilver

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

7.5
2011-12-08 CVE-2011-4710 Getpixie
Lucidcrew
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.

7.5
2011-12-08 CVE-2011-2917 Mambo Foundation SQL Injection vulnerability in Mambo-Foundation Mambo

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

7.5
2011-12-06 CVE-2011-4677 Oneclickorgs Improper Authentication vulnerability in Oneclickorgs ONE Click Orgs

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

7.5
2011-12-05 CVE-2011-4543 Oscommerce Path Traversal vulnerability in Oscommerce 3.0.2

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2011-12-05 CVE-2011-4162 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Protecttools Device Access Manager 6.0.0.10/6.0.0.9

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

7.5
2011-12-08 CVE-2011-0291 Blackberry Information Exposure vulnerability in Blackberry Tablet OS 1.0.8.4985

The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive.

7.2

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-07 CVE-2011-4695 Microsoft Local Security vulnerability in Windows 7 Home Premium

Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS.

6.9
2011-12-05 CVE-2011-4356 Celeryproject Permissions, Privileges, and Access Controls vulnerability in Celeryproject Celery

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.

6.9
2011-12-08 CVE-2011-4315 Nginx
Fedoraproject
Suse
Out-Of-Bounds Write vulnerability in multiple products

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

6.8
2011-12-08 CVE-2011-1530 MIT Resource Management Errors vulnerability in MIT Kerberos 5.1.9/5.1.9.1/5.1.9.2

The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.

6.8
2011-12-08 CVE-2011-3636 Redhat Cross-Site Request Forgery (CSRF) vulnerability in Redhat Freeipa

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

6.8
2011-12-07 CVE-2011-4682 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.

6.4
2011-12-05 CVE-2011-4675 Widelands Path Traversal vulnerability in Widelands

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.

6.4
2011-12-05 CVE-2011-1932 Widelands Path Traversal vulnerability in Widelands

Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via .

6.4
2011-12-06 CVE-2011-4553 Oneclickorgs Improper Input Validation vulnerability in Oneclickorgs ONE Click Orgs

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain.

5.8
2011-12-06 CVE-2011-4554 Oneclickorgs Improper Input Validation vulnerability in Oneclickorgs ONE Click Orgs

One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue.

5.5
2011-12-08 CVE-2011-4716 Dream Multimedia TV Path Traversal vulnerability in Dream-Multimedia-Tv products

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.

5.0
2011-12-08 CVE-2011-4715 Koha Path Traversal vulnerability in Koha and Liblime Koha

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2011-12-08 CVE-2011-4714 Vvertex Path Traversal vulnerability in Vvertex Muster

Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \..

5.0
2011-12-08 CVE-2011-4713 Oscss Path Traversal vulnerability in Oscss

Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2011-12-08 CVE-2011-4712 Monoxide0184 Path Traversal vulnerability in Monoxide0184 Oxide Webserver

Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.

5.0
2011-12-08 CVE-2011-4711 Namazu Path Traversal vulnerability in Namazu

Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a ..

5.0
2011-12-08 CVE-2011-4539 ISC
Canonical
Debian
Improper Input Validation vulnerability in multiple products

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

5.0
2011-12-08 CVE-2011-3179 Novell Information Exposure vulnerability in Novell Groupwise Messenger and Messenger

The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.

5.0
2011-12-07 CVE-2011-4692 Apple
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.

5.0
2011-12-07 CVE-2011-4691 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5.0
2011-12-07 CVE-2011-4690 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5.0
2011-12-07 CVE-2011-4689 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft IE

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5.0
2011-12-07 CVE-2011-4688 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5.0
2011-12-07 CVE-2011-4687 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.

5.0
2011-12-07 CVE-2011-4686 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5.0
2011-12-07 CVE-2011-4685 Opera Improper Input Validation vulnerability in Opera Browser

Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.

5.0
2011-12-07 CVE-2011-4681 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.60 does not properly consider the number of .

5.0
2011-12-07 CVE-2010-5073 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

5.0
2011-12-07 CVE-2010-5072 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser 10.50

The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

5.0
2011-12-07 CVE-2010-5071 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft IE

The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

5.0
2011-12-07 CVE-2010-5070 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264.

5.0
2011-12-07 CVE-2002-2437 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

5.0
2011-12-06 CVE-2011-4678 Oneclickorgs Credentials Management vulnerability in Oneclickorgs ONE Click Orgs

The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests.

5.0
2011-12-10 CVE-2011-4349 Freedesktop SQL Injection vulnerability in Freedesktop Colord

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

4.6
2011-12-08 CVE-2011-4128 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Gnutls

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.

4.3
2011-12-08 CVE-2011-4709 Hotaru Cross-Site Scripting vulnerability in Hotaru CMS and Search Plugin

Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php.

4.3
2011-12-08 CVE-2011-4708 IBM Cross-Site Scripting vulnerability in IBM Rational Asset Manager

Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-12-08 CVE-2011-4707 SAP Cross-Site Scripting vulnerability in SAP Netweaver

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.

4.3
2011-12-08 CVE-2011-4265 Phpwebsite Cross-Site Scripting vulnerability in PHPwebsite

Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-12-08 CVE-2011-4264 Etomite Cross-Site Scripting vulnerability in Etomite

Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-12-08 CVE-2011-4054 CA Cross-Site Scripting vulnerability in CA Siteminder

Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.

4.3
2011-12-07 CVE-2011-4680 Vtiger Cross-Site Scripting vulnerability in Vtiger CRM

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-12-07 CVE-2011-4263 APC Cross-Site Scripting vulnerability in APC Powerchute 6.0/7.0.4/7.1

Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-12-07 CVE-2010-5074 Mozilla Race Condition vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.

4.3
2011-12-07 CVE-2010-5069 Google Information Exposure vulnerability in Google Chrome

The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.

4.3
2011-12-07 CVE-2010-5068 Opera Information Exposure vulnerability in Opera Browser 10.50

The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

4.3
2011-12-07 CVE-2002-2436 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

4.3
2011-12-07 CVE-2002-2435 Microsoft Information Exposure vulnerability in Microsoft IE

The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

4.3
2011-12-06 CVE-2011-4552 Oneclickorgs Cross-Site Scripting vulnerability in Oneclickorgs ONE Click Orgs

Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature.

4.3
2011-12-07 CVE-2011-4679 Vtiger Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.

4.0
2011-12-06 CVE-2011-4555 Oneclickorgs Credentials Management vulnerability in Oneclickorgs ONE Click Orgs

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-10 CVE-2011-4346 RED HAT Cross-Site Scripting vulnerability in RED HAT Network Satellite 5.4.1

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

3.5