Weekly Vulnerabilities Reports > May 21 to 27, 2012

Overview

110 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 59 vendors including Google, Linux, Symantec, Typo3, and Wordpress. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Resource Management Errors", and "SQL Injection".

  • 95 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 101 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Symantec has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-25 CVE-2012-2568 Seagate Permissions, Privileges, and Access Controls vulnerability in Seagate Blackarmor NAS

d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.

10.0
2012-05-25 CVE-2012-2429 Xarrow Numeric Errors vulnerability in Xarrow

The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2012-05-25 CVE-2012-2428 Xarrow Numeric Errors vulnerability in Xarrow

Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.

10.0
2012-05-25 CVE-2012-2427 Xarrow Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xarrow

Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.

10.0
2012-05-24 CVE-2011-3108 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.

10.0
2012-05-24 CVE-2011-3106 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2012-05-24 CVE-2012-2042 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator and Illustrator Cs5.5

Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.

10.0
2012-05-21 CVE-2012-2561 HP Permissions, Privileges, and Access Controls vulnerability in HP Business Service Management 9.12

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.

10.0
2012-05-21 CVE-2012-2271 Skincrafter Buffer Errors vulnerability in Skincrafter 3.0

Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).

10.0
2012-05-21 CVE-2012-0299 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.

10.0
2012-05-21 CVE-2012-0297 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

10.0
2012-05-21 CVE-2012-2376 PHP
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.

10.0
2012-05-25 CVE-2012-2176 IBM Buffer Errors vulnerability in IBM Lotus Quickr 8.2

Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.

9.3
2012-05-23 CVE-2012-0295 Symantec Code Injection vulnerability in Symantec Endpoint Protection 12.1/12.1.1000/12.1.671

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.

9.3
2012-05-21 CVE-2012-2915 Lattice Semiconductor Buffer Errors vulnerability in Lattice Semiconductor Pac-Designer 6.2.1344

Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.

9.3

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-24 CVE-2011-3191 Linux
Redhat
Buffer Errors vulnerability in Linux Kernel

Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.

8.3
2012-05-25 CVE-2012-2426 Xarrow Resource Management Errors vulnerability in Xarrow

The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.

7.8
2012-05-24 CVE-2011-3359 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.

7.8
2012-05-24 CVE-2011-2699 Linux
Redhat
Unspecified vulnerability in Linux Kernel

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

7.8
2012-05-22 CVE-2012-2562 Xelex
Google
Improper Input Validation vulnerability in Xelex Mobiletrack 2.3.7

The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.

7.6
2012-05-27 CVE-2012-2937 Pligg SQL Injection vulnerability in Pligg CMS

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module.

7.5
2012-05-24 CVE-2011-3115 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger "type corruption."

7.5
2012-05-24 CVE-2011-3114 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Multiple buffer overflows in the PDF functionality in Google Chrome before 19.0.1084.52 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unknown function calls.

7.5
2012-05-24 CVE-2011-3113 Google Multiple Security vulnerability in Google Chrome Prior to 19.0.1084.52

The PDF functionality in Google Chrome before 19.0.1084.52 does not properly perform a cast of an unspecified variable during handling of color spaces, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

7.5
2012-05-24 CVE-2011-3110 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.

7.5
2012-05-24 CVE-2011-3109 Google
Linux
Multiple Security vulnerability in Google Chrome Prior to 19.0.1084.52

Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI.

7.5
2012-05-24 CVE-2011-3107 Google Multiple Security vulnerability in Google Chrome Prior to 19.0.1084.52

Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5
2012-05-24 CVE-2011-3105 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

7.5
2012-05-24 CVE-2011-3103 Google Resource Management Errors vulnerability in Google Chrome

Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.

7.5
2012-05-24 CVE-2011-5091 Grboard SQL Injection vulnerability in Grboard 1.8.6.5

Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php.

7.5
2012-05-23 CVE-2012-2369 Cypherpunks
Pidgin
USE of Externally-Controlled Format String vulnerability in Cypherpunks Pidgin-Otr 3.2.0

Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.

7.5
2012-05-21 CVE-2012-2925 Simple PHP Agenda SQL Injection vulnerability in Simple PHP Agenda Simple PHP Agenda 2.2.8

SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.

7.5
2012-05-21 CVE-2012-2924 Hypermethod Code Injection vulnerability in Hypermethod Elearning Server 4G

PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2012-05-21 CVE-2012-2923 Hypermethod SQL Injection vulnerability in Hypermethod Elearning Server 4G

SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.

7.5
2012-05-21 CVE-2012-2338 Johan Cwiklinski SQL Injection vulnerability in Johan Cwiklinski Galette

SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.

7.5
2012-05-21 CVE-2012-2908 Viscacha SQL Injection vulnerability in Viscacha 0.8.1.1

Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.

7.5
2012-05-25 CVE-2012-1824 Measuresoft Unspecified vulnerability in Measuresoft Scadapro Client and Scadapro Server

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

7.2
2012-05-24 CVE-2011-2517 Linux
Redhat
Buffer Errors vulnerability in Linux Kernel

Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.

7.2
2012-05-23 CVE-2012-0289 Symantec Buffer Errors vulnerability in Symantec Endpoint Protection and Network Access Control

Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.

7.2

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-27 CVE-2012-2939 Itechscripts Remote vulnerability in Itechscripts Travelon Express 6.2.2

Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.

6.5
2012-05-27 CVE-2012-2435 Pligg Path Traversal vulnerability in Pligg CMS

Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a ..

6.5
2012-05-24 CVE-2011-3188 Linux
Redhat
F5
Unspecified vulnerability in Linux Kernel

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

6.4
2012-05-24 CVE-2011-5090 Grboard Improper Authentication vulnerability in Grboard 1.8.6.5

GR Board (aka grboard) 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to (1) mod_rewrite.php, (2) comment_write_ok.php, (3) poll/index.php, (4) update/index.php, (5) trackback.php, or (6) an arbitrary poll.php script under theme/.

6.4
2012-05-22 CVE-2012-2928 Gliffy
Atlassian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

6.4
2012-05-22 CVE-2012-2926 Atlassian Unspecified vulnerability in Atlassian products

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

6.4
2012-05-21 CVE-2012-0298 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.

6.4
2012-05-24 CVE-2011-3363 Linux
Redhat
Improper Input Validation vulnerability in Linux Kernel

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

6.1
2012-05-21 CVE-2010-5103 Typo3 SQL Injection vulnerability in Typo3

SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

6.0
2012-05-21 CVE-2012-2902 Ryan Demmer
Joomla
Unspecified vulnerability in Ryan Demmer Joomla Content Editor 2.0

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.

6.0
2012-05-24 CVE-2012-1172 PHP Improper Input Validation vulnerability in PHP

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

5.8
2012-05-23 CVE-2012-0294 Symantec Path Traversal vulnerability in Symantec Endpoint Protection 12.1/12.1.1000/12.1.671

Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors.

5.8
2012-05-27 CVE-2012-2942 Haproxy Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Haproxy

Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.

5.1
2012-05-27 CVE-2012-2943 Captcha Unspecified vulnerability in Captcha Cryptographp

CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter.

5.0
2012-05-24 CVE-2011-3112 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.

5.0
2012-05-24 CVE-2011-3111 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.

5.0
2012-05-24 CVE-2011-3104 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2012-05-24 CVE-2012-1821 Symantec
Microsoft
Unspecified vulnerability in Symantec Endpoint Protection

The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic.

5.0
2012-05-23 CVE-2012-2374 Tornadoweb Improper Input Validation vulnerability in Tornadoweb Tornado

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

5.0
2012-05-21 CVE-2012-2922 Drupal Information Exposure vulnerability in Drupal

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.

5.0
2012-05-21 CVE-2012-2921 Mark Pilgrim Resource Management Errors vulnerability in Mark Pilgrim Feedparser

Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.

5.0
2012-05-21 CVE-2012-2919 Chevereto Path Traversal vulnerability in Chevereto 1.91

Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a ..

5.0
2012-05-21 CVE-2012-1249 Lunascape
Google
Information Exposure vulnerability in Lunascape Ilunascape Android 1.0.4.0

The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.

5.0
2012-05-21 CVE-2010-5102 Typo3 Path Traversal vulnerability in Typo3

Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.

5.0
2012-05-21 CVE-2012-2905 Artiphp Permissions, Privileges, and Access Controls vulnerability in Artiphp CMS 5.5.0

Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

5.0
2012-05-24 CVE-2011-4081 Linux Null Pointer Dereference vulnerability in Linux Kernel

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

4.9
2012-05-24 CVE-2011-3353 Linux Classic Buffer Overflow vulnerability in Linux Kernel

Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.

4.9
2012-05-24 CVE-2011-2918 Linux Resource Exhaustion vulnerability in Linux Kernel

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.

4.9
2012-05-24 CVE-2011-2521 Linux Numeric Errors vulnerability in Linux Kernel

The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.

4.9
2012-05-24 CVE-2011-2518 Linux Improper Input Validation vulnerability in Linux Kernel

The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name.

4.9
2012-05-24 CVE-2011-2906 Linux Resource Exhaustion vulnerability in Linux Kernel

** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call.

4.7
2012-05-27 CVE-2012-2941 Yandex Cross-Site Scripting vulnerability in Yandex Yandex.Server 2010 9.0

Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.

4.3
2012-05-27 CVE-2012-2940 Mediachance Improper Input Validation vulnerability in Mediachance Real-Draw PRO 5.2.4

MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.

4.3
2012-05-27 CVE-2012-2938 Itechscripts Cross-Site Scripting vulnerability in Itechscripts Travelon Express 6.2.2

Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.

4.3
2012-05-27 CVE-2012-2936 Pligg Cross-Site Scripting vulnerability in Pligg CMS

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to (c) admin/admin_index.php.

4.3
2012-05-27 CVE-2012-2436 Pligg Cross-Site Scripting vulnerability in Pligg CMS

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.

4.3
2012-05-27 CVE-2012-2935 Oscommerce Cross-Site Scripting vulnerability in Oscommerce Online Merchant

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.

4.3
2012-05-27 CVE-2012-2235 Sitracker Cross-Site Scripting vulnerability in Sitracker Support Incident Tracker

Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.

4.3
2012-05-22 CVE-2012-2759 Netweblogic
Wordpress
Cross-Site Scripting vulnerability in Netweblogic Login With Ajax

Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.

4.3
2012-05-22 CVE-2012-1990 Schneider Electric Cross-Site Scripting vulnerability in Schneider-Electric Kerweb and Kerwin

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.

4.3
2012-05-21 CVE-2012-2920 User Photo
Wordpress
Cross-Site Scripting vulnerability in User Photo User Photo

Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php.

4.3
2012-05-21 CVE-2012-2918 Chevereto Cross-Site Scripting vulnerability in Chevereto 1.91

Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.

4.3
2012-05-21 CVE-2012-2339 Nancy Wichmann
Drupal
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."

4.3
2012-05-21 CVE-2012-0296 Symantec Cross-Site Scripting vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2

Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-05-21 CVE-2010-5104 Typo3 Information Exposure vulnerability in Typo3

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.

4.3
2012-05-21 CVE-2012-2917 Andrew Killen
Wordpress
Cross-Site Scripting vulnerability in Andrew Killen Share and Follow 1.80.3

Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php.

4.3
2012-05-21 CVE-2012-2916 DLO
Wordpress
Cross-Site Scripting vulnerability in DLO Simple Anti BOT Registration Engine Plugin

Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.

4.3
2012-05-21 CVE-2012-2914 Unijimpe Cross-Site Scripting vulnerability in Unijimpe Captcha

Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2012-05-21 CVE-2012-2913 Mapsmarker
Wordpress
Cross-Site Scripting vulnerability in Mapsmarker Leaflet Maps Marker Plugin 0.0.1

Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.

4.3
2012-05-21 CVE-2012-2912 Kolja Schleich
Wordpress
Cross-Site Scripting vulnerability in Kolja Schleich Leaguemanager 3.7

Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php.

4.3
2012-05-21 CVE-2012-2911 Silisoftware Cross-Site Scripting vulnerability in Silisoftware Backupdb() 1.2.7A

Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter.

4.3
2012-05-21 CVE-2012-2910 Silisoftware Cross-Site Scripting vulnerability in Silisoftware PHPthumb() 1.7.11

Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.

4.3
2012-05-21 CVE-2012-2909 Viscacha Cross-Site Scripting vulnerability in Viscacha 0.8.1.1

Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.

4.3
2012-05-21 CVE-2012-2906 Artiphp Cross-Site Scripting vulnerability in Artiphp CMS 5.5.0

Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.

4.3
2012-05-21 CVE-2012-2904 Longtailvideo Cross-Site Scripting vulnerability in Longtailvideo JW Player 5.9

player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.

4.3
2012-05-21 CVE-2012-2903 Chatelao Cross-Site Scripting vulnerability in Chatelao PHP Address Book

Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.

4.3
2012-05-21 CVE-2012-2901 Ryan Demmer
Joomla
Cross-Site Scripting vulnerability in Ryan Demmer Joomla Content Editor 2.0

Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.

4.3
2012-05-24 CVE-2011-4080 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment.

4.0
2012-05-22 CVE-2012-2927 TM Software
Atlassian
Resource Management Errors vulnerability in TM Software Tempo, Tempo6.3.0 and Tempo6.3.2

The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.

4.0
2012-05-21 CVE-2010-5101 Typo3 Path Traversal vulnerability in Typo3

Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-24 CVE-2011-2707 Linux Information Exposure vulnerability in Linux Kernel

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.

3.6
2012-05-21 CVE-2012-2340 Geoff Davies
Drupal
Permissions, Privileges, and Access Controls vulnerability in Geoff Davies Contact Forms 7.X1.1/7.X1.X

The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.

3.5
2012-05-21 CVE-2010-5100 Typo3 Cross-Site Scripting vulnerability in Typo3

Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2012-05-21 CVE-2010-5098 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2012-05-27 CVE-2012-1792 Oscommerce Cross-Site Scripting vulnerability in Oscommerce Online Merchant

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message.

2.6
2012-05-27 CVE-2012-1413 ZEN Cart Cross-Site Scripting vulnerability in Zen-Cart ZEN Cart

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.

2.6
2012-05-22 CVE-2012-2567 Xelex
Google
Credentials Management vulnerability in Xelex Mobiletrack 2.3.7

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session.

2.6
2012-05-21 CVE-2010-5097 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6
2012-05-21 CVE-2012-2907 Ishmael Sanchez
Drupal
Cross-Site Scripting vulnerability in Ishmael Sanchez Aberdeen 6.X1.10/6.X1.8/6.X1.9

Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.

2.6
2012-05-24 CVE-2011-2898 Linux Information Exposure vulnerability in Linux Kernel

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.

1.9
2012-05-25 CVE-2011-2722 HP Link Following vulnerability in HP Linux Imaging and Printing Project

The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.

1.2