Weekly Vulnerabilities Reports > June 11 to 17, 2012

Overview

74 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 48 vendors including Opera, Oracle, SUN, Wordpress, and Redhat. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Out-of-bounds Write".

  • 67 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 67 reported vulnerabilities are exploitable by an anonymous user.
  • Opera has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-16 CVE-2012-1725 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
10.0
2012-06-16 CVE-2012-1722 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721.

10.0
2012-06-16 CVE-2012-1721 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722.

10.0
2012-06-16 CVE-2012-1716 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
10.0
2012-06-16 CVE-2012-1713 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
10.0
2012-06-16 CVE-2012-3576 Jquindlen
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Jquindlen Wpstorecart

Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.

10.0
2012-06-16 CVE-2012-3575 RBX Gallery
Wordpress
Permissions, Privileges, and Access Controls vulnerability in RBX Gallery RBX Gallery 2.1

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.

10.0
2012-06-14 CVE-2012-3561 Opera Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.

10.0
2012-06-14 CVE-2012-3559 Opera
Apple
Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."

10.0
2012-06-16 CVE-2012-1723 Oracle
Redhat
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
9.8
2012-06-17 CVE-2012-2091 Flightgear
Simgear
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.

9.3
2012-06-17 CVE-2012-2090 Flightgear
Simgear
USE of Externally-Controlled Format String vulnerability in multiple products

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.

9.3
2012-06-16 CVE-2011-3194 QT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in QT 4.7.4

Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.

9.3
2012-06-16 CVE-2011-3193 Gnome
QT
Canonical
Redhat
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

9.3
2012-06-14 CVE-2012-3288 Vmware Improper Input Validation vulnerability in VMWare products

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.

9.3
2012-06-14 CVE-2012-3556 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.

9.3
2012-06-12 CVE-2012-1849 Microsoft Unspecified vulnerability in Microsoft Lync 2010

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039 AV:N per "How could an attacker exploit the vulnerability? An attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file.

9.3
2012-06-12 CVE-2012-0677 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-13 CVE-2012-1889 Microsoft Out-of-bounds Write vulnerability in Microsoft XML Core Services

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8
2012-06-14 CVE-2012-3289 Vmware Code Injection vulnerability in VMWare products

VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.

7.8
2012-06-14 CVE-2012-3555 Opera Unspecified vulnerability in Opera Browser

Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.

7.6
2012-06-17 CVE-2012-3577 Nmedia
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Nmedia Member Conversation 1.0/1.2/1.3

Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.

7.5
2012-06-17 CVE-2012-2691 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.

7.5
2012-06-17 CVE-2012-2671 Rtomayko Unspecified vulnerability in Rtomayko Rack-Cach

The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.

7.5
2012-06-16 CVE-2012-1711 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
7.5
2012-06-16 CVE-2012-3574 Tbelmans
Wordpress
Unspecified vulnerability in Tbelmans MM Forms Community 2.2.5/2.2.6

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.

7.5
2012-06-16 CVE-2012-1502 Pypam Resource Management Errors vulnerability in Pypam

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

7.5
2012-06-16 CVE-2011-4409 Canonical Improper Input Validation vulnerability in Canonical Ubuntu Linux

The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.

7.5
2012-06-12 CVE-2012-0217 Freebsd
Illumos
Joyent
XEN
Microsoft
Citrix
Netbsd
SUN
Buffer Errors vulnerability in Freebsd

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.

7.2

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-12 CVE-2012-1868 Microsoft Race Condition vulnerability in Microsoft Windows XP

Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."

6.9
2012-06-17 CVE-2012-3578 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress Fcchat Widget

Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.

6.8
2012-06-16 CVE-2011-4408 Canonical Unspecified vulnerability in Canonical Ubuntu Linux 11.04/11.10

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

6.8
2012-06-13 CVE-2012-2605 Bradfordnetworks Cross-Site Request Forgery (CSRF) vulnerability in Bradfordnetworks products

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.

6.8
2012-06-17 CVE-2012-2670 O DYN Improper Input Validation vulnerability in O-Dyn Collabtive

manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.

6.5
2012-06-17 CVE-2012-0037 Librdf
Libreoffice
Apache
Fedoraproject
Redhat
Debian
XXE vulnerability in multiple products

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

6.5
2012-06-13 CVE-2012-1828 Efstechnology Permissions, Privileges, and Access Controls vulnerability in Efstechnology Autoform PDM Archive 6.9/6.920/7.0

The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function.

6.5
2012-06-13 CVE-2012-1827 Efstechnology Permissions, Privileges, and Access Controls vulnerability in Efstechnology Autoform PDM Archive 6.9/6.920/7.0

The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request.

6.5
2012-06-16 CVE-2012-1726 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

6.4
2012-06-13 CVE-2012-3347 Efstechnology Permissions, Privileges, and Access Controls vulnerability in Efstechnology Autoform PDM Archive 6.9/6.920

AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828.

6.0
2012-06-15 CVE-2012-3345 Ioquake3 Link Following vulnerability in Ioquake3 Engine

ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.

5.6
2012-06-11 CVE-2012-2959 BMC Cross-Site Request Forgery (CSRF) vulnerability in BMC Identity Management Suite 7.5.00.103

Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

5.1
2012-06-16 CVE-2012-1724 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.
5.0
2012-06-16 CVE-2012-1719 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
5.0
2012-06-16 CVE-2012-1718 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
5.0
2012-06-16 CVE-2012-1145 Redhat Improper Authentication vulnerability in Redhat Satellite 5.4

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.

5.0
2012-06-14 CVE-2012-3568 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.

5.0
2012-06-14 CVE-2012-3567 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.

5.0
2012-06-14 CVE-2012-3565 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."

5.0
2012-06-14 CVE-2012-3564 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.

5.0
2012-06-14 CVE-2012-3563 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.

5.0
2012-06-14 CVE-2012-3557 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.

5.0
2012-06-13 CVE-2012-2606 Bradfordnetworks Improper Authentication vulnerability in Bradfordnetworks products

The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.

5.0
2012-06-17 CVE-2012-2417 Dlitz Cryptographic Issues vulnerability in Dlitz Pycrypto

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

4.3
2012-06-15 CVE-2012-2635 Dolphin Browser
Google
Information Exposure vulnerability in Dolphin-Browser Dolphin Browser HD and Dolphin for PAD

The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

4.3
2012-06-15 CVE-2012-2633 Wordpress Cross-Site Scripting vulnerability in Wordpress Wassup Plugin

Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3
2012-06-15 CVE-2012-2631 Atmarkweb Cross-Site Scripting vulnerability in Atmarkweb @Web Shoppingcart and @Web Shoppingcart T

Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-14 CVE-2012-3566 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.

4.3
2012-06-14 CVE-2012-3562 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.

4.3
2012-06-14 CVE-2012-3560 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.

4.3
2012-06-13 CVE-2012-2011 HP Cross-Site Scripting vulnerability in HP web Jetadmin 8.0/8.1

Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-13 CVE-2011-2545 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

4.3
2012-06-13 CVE-2012-2041 Adobe Code Injection vulnerability in Adobe Coldfusion 8.0/8.0.1/9.0

CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3
2012-06-12 CVE-2012-1857 Microsoft Cross-Site Scripting vulnerability in Microsoft Dynamics AX 2012

Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."

4.3
2012-06-11 CVE-2012-1825 Forescout Cross-Site Scripting vulnerability in Forescout Counteract 6.3.3.2/6.3.4.10

Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.

4.3

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-17 CVE-2012-2693 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

3.7
2012-06-16 CVE-2012-1720 Oracle
SUN
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
3.7
2012-06-17 CVE-2012-2692 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

3.6
2012-06-13 CVE-2012-1829 Efstechnology Cross-Site Scripting vulnerability in Efstechnology Autoform PDM Archive 6.9

Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5
2012-06-13 CVE-2012-2604 Bradfordnetworks Cross-Site Scripting vulnerability in Bradfordnetworks products

Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5
2012-06-13 CVE-2012-1820 Quagga Remote Denial Of Service vulnerability in Quagga bgpd 'bgp_capability_orf()' BGP OPEN Message

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.

2.9
2012-06-15 CVE-2012-2634 Newsgator Cross-Site Scripting vulnerability in Newsgator Feeddemon

Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed.

2.6
2012-06-15 CVE-2012-2632 Seil Unspecified vulnerability in Seil products

SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intended URL restrictions via a TCP session.

2.6
2012-06-14 CVE-2012-3558 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.

2.6
2012-06-17 CVE-2012-2672 Oracle Unspecified vulnerability in Oracle Mojarra 2.1.7

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

2.1