Weekly Vulnerabilities Reports > June 11 to 17, 2012

Overview

123 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 113 products from 56 vendors including Microsoft, Linux, Oracle, Opera, and SUN. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Code Injection", "Cross-site Scripting", "Improper Input Validation", and "Numeric Errors".

  • 95 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 116 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 24 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-16 CVE-2012-1725 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

10.0
2012-06-16 CVE-2012-1723 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

10.0
2012-06-16 CVE-2012-1722 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721.

10.0
2012-06-16 CVE-2012-1721 Oracle Remote Code Execution vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722.

10.0
2012-06-16 CVE-2012-1716 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.

10.0
2012-06-16 CVE-2012-1713 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2012-06-16 CVE-2012-3576 Jquindlen
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Jquindlen Wpstorecart

Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.

10.0
2012-06-16 CVE-2012-3575 RBX Gallery
Wordpress
Permissions, Privileges, and Access Controls vulnerability in RBX Gallery RBX Gallery 2.1

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.

10.0
2012-06-14 CVE-2012-3561 Opera Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.

10.0
2012-06-14 CVE-2012-3559 Opera
Apple
Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."

10.0
2012-06-17 CVE-2012-2091 Flightgear
Simgear
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.

9.3
2012-06-17 CVE-2012-2090 Flightgear
Simgear
USE of Externally-Controlled Format String vulnerability in multiple products

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.

9.3
2012-06-16 CVE-2012-0212 Devscripts Devel Team Improper Input Validation vulnerability in Devscripts Devel Team Devscripts

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

9.3
2012-06-16 CVE-2012-0211 Devscripts Devel Team Improper Input Validation vulnerability in Devscripts Devel Team Devscripts

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.

9.3
2012-06-16 CVE-2012-0210 Devscripts Devel Team Improper Input Validation vulnerability in Devscripts Devel Team Devscripts

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.

9.3
2012-06-16 CVE-2011-3194 QT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in QT 4.7.4

Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.

9.3
2012-06-16 CVE-2011-3193 Gnome
QT
Canonical
Redhat
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

9.3
2012-06-14 CVE-2012-3288 Vmware Improper Input Validation vulnerability in VMWare products

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.

9.3
2012-06-14 CVE-2012-3556 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.

9.3
2012-06-13 CVE-2012-1889 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft XML Core Services

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3
2012-06-12 CVE-2012-1881 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8/9

Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-1880 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-1879 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-1878 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-1877 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-1876 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

9.3
2012-06-12 CVE-2012-1875 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-1874 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8/9

Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-1855 Microsoft Code Injection vulnerability in Microsoft .Net Framework 2.0/3.5.1/4.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."

9.3
2012-06-12 CVE-2012-1849 Microsoft Unspecified vulnerability in Microsoft Lync 2010

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039 AV:N per "How could an attacker exploit the vulnerability? An attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file.

9.3
2012-06-12 CVE-2012-1523 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."

9.3
2012-06-12 CVE-2012-0173 Microsoft Code Injection vulnerability in Microsoft products

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.

9.3
2012-06-12 CVE-2012-0677 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

9.3

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-14 CVE-2012-3289 Vmware Code Injection vulnerability in VMWare products

VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.

7.8
2012-06-14 CVE-2012-3555 Opera Unspecified vulnerability in Opera Browser

Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.

7.6
2012-06-17 CVE-2012-3577 Nmedia
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Nmedia Member Conversation 1.0/1.2/1.3

Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.

7.5
2012-06-17 CVE-2012-2691 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.

7.5
2012-06-17 CVE-2012-2671 Rtomayko Unspecified vulnerability in Rtomayko Rack-Cach

The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.

7.5
2012-06-16 CVE-2012-1711 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.

7.5
2012-06-16 CVE-2012-3574 Tbelmans
Wordpress
Unspecified vulnerability in Tbelmans MM Forms Community 2.2.5/2.2.6

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.

7.5
2012-06-16 CVE-2012-2395 Michael Dehaan Unspecified vulnerability in Michael Dehaan Cobbler 2.2.0

Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.

7.5
2012-06-16 CVE-2012-1502 Pypam Resource Management Errors vulnerability in Pypam

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

7.5
2012-06-16 CVE-2011-4409 Canonical Improper Input Validation vulnerability in Canonical Ubuntu Linux

The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.

7.5
2012-06-13 CVE-2011-2211 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory.

7.2
2012-06-13 CVE-2011-2182 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table.

7.2
2012-06-12 CVE-2012-1867 Microsoft Resource Management Errors vulnerability in Microsoft products

Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."

7.2
2012-06-12 CVE-2012-1866 Microsoft Improper Input Validation vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."

7.2
2012-06-12 CVE-2012-1865 Microsoft Improper Input Validation vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.

7.2
2012-06-12 CVE-2012-1864 Microsoft Improper Input Validation vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.

7.2
2012-06-12 CVE-2012-0217 Freebsd
Illumos
Joyent
XEN
Microsoft
Citrix
Netbsd
SUN
Buffer Errors vulnerability in Freebsd

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.

7.2

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-12 CVE-2012-1868 Microsoft Race Condition vulnerability in Microsoft Windows XP

Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."

6.9
2012-06-17 CVE-2012-3578 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress Fcchat Widget

Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.

6.8
2012-06-16 CVE-2011-4408 Canonical Unspecified vulnerability in Canonical Ubuntu Linux 11.04/11.10

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

6.8
2012-06-13 CVE-2012-2605 Bradfordnetworks Cross-Site Request Forgery (CSRF) vulnerability in Bradfordnetworks products

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.

6.8
2012-06-17 CVE-2012-2670 O DYN Improper Input Validation vulnerability in O-Dyn Collabtive

manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.

6.5
2012-06-13 CVE-2012-1828 Efstechnology Permissions, Privileges, and Access Controls vulnerability in Efstechnology Autoform PDM Archive 6.9/6.920/7.0

The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function.

6.5
2012-06-13 CVE-2012-1827 Efstechnology Permissions, Privileges, and Access Controls vulnerability in Efstechnology Autoform PDM Archive 6.9/6.920/7.0

The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request.

6.5
2012-06-16 CVE-2012-1726 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

6.4
2012-06-13 CVE-2011-1759 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition.

6.2
2012-06-13 CVE-2012-3347 Efstechnology Permissions, Privileges, and Access Controls vulnerability in Efstechnology Autoform PDM Archive 6.9/6.920

AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828.

6.0
2012-06-15 CVE-2012-3345 Ioquake3 Link Following vulnerability in Ioquake3 Engine

ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.

5.6
2012-06-13 CVE-2011-1768 Linux Race Condition vulnerability in Linux Kernel

The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.

5.4
2012-06-13 CVE-2011-1767 Linux Unspecified vulnerability in Linux Kernel

net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.

5.4
2012-06-11 CVE-2012-2959 BMC Cross-Site Request Forgery (CSRF) vulnerability in BMC Identity Management Suite 7.5.00.103

Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

5.1
2012-06-16 CVE-2012-1724 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.

5.0
2012-06-16 CVE-2012-1719 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.

5.0
2012-06-16 CVE-2012-1718 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.

5.0
2012-06-16 CVE-2012-1583 Linux Resource Management Errors vulnerability in Linux Kernel

Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.

5.0
2012-06-16 CVE-2011-1473 Openssl Permissions, Privileges, and Access Controls vulnerability in Openssl

** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.

5.0
2012-06-16 CVE-2012-1145 RED HAT Improper Authentication vulnerability in RED HAT Network Satellite 5.4

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.

5.0
2012-06-16 CVE-2011-4328 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Gnash

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.

5.0
2012-06-14 CVE-2012-3568 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.

5.0
2012-06-14 CVE-2012-3567 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.

5.0
2012-06-14 CVE-2012-3565 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."

5.0
2012-06-14 CVE-2012-3564 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.

5.0
2012-06-14 CVE-2012-3563 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.

5.0
2012-06-14 CVE-2012-3557 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.

5.0
2012-06-13 CVE-2012-3287 Poul Henning Kamp Cryptographic Issues vulnerability in Poul-Henning Kamp Md5Crypt

Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware.

5.0
2012-06-13 CVE-2012-2606 Bradfordnetworks Improper Authentication vulnerability in Bradfordnetworks products

The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.

5.0
2012-06-13 CVE-2011-1927 Linux Unspecified vulnerability in Linux Kernel

The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets.

5.0
2012-06-13 CVE-2012-2390 Linux Resource Management Errors vulnerability in Linux Kernel

Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations.

4.9
2012-06-13 CVE-2012-2384 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call.

4.9
2012-06-13 CVE-2012-2383 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call.

4.9
2012-06-13 CVE-2011-2496 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping.

4.9
2012-06-13 CVE-2012-2375 Linux Numeric Errors vulnerability in Linux Kernel

The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply.

4.6
2012-06-17 CVE-2012-2668 Openldap Information Exposure vulnerability in Openldap

libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.

4.3
2012-06-17 CVE-2012-2417 Dlitz Cryptographic Issues vulnerability in Dlitz Pycrypto

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

4.3
2012-06-17 CVE-2012-0037 Apache
Redland
Libreoffice
Information Exposure vulnerability in multiple products

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

4.3
2012-06-16 CVE-2011-5094 Mozilla Unspecified vulnerability in Mozilla Network Security Services

** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473.

4.3
2012-06-15 CVE-2012-2635 Dolphin Browser
Google
Information Exposure vulnerability in Dolphin-Browser Dolphin Browser HD and Dolphin for PAD

The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

4.3
2012-06-15 CVE-2012-2633 Wordpress Cross-Site Scripting vulnerability in Wordpress Wassup Plugin

Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3
2012-06-15 CVE-2012-2631 Atmarkweb Cross-Site Scripting vulnerability in Atmarkweb @Web Shoppingcart and @Web Shoppingcart T

Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-14 CVE-2012-3566 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.

4.3
2012-06-14 CVE-2012-3562 Opera Unspecified vulnerability in Opera Browser

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.

4.3
2012-06-14 CVE-2012-3560 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.

4.3
2012-06-13 CVE-2012-2011 HP Cross-Site Scripting vulnerability in HP web Jetadmin 8.0/8.1

Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-13 CVE-2011-2545 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

4.3
2012-06-13 CVE-2012-2041 Adobe Code Injection vulnerability in Adobe Coldfusion 8.0/8.0.1/9.0

CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3
2012-06-12 CVE-2012-1882 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."

4.3
2012-06-12 CVE-2012-1873 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 7/8/9

Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability."

4.3
2012-06-12 CVE-2012-1872 Microsoft Cross-Site Scripting vulnerability in Microsoft Internet Explorer

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."

4.3
2012-06-12 CVE-2012-1858 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer, Lync and Office Communicator

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

4.3
2012-06-12 CVE-2012-1857 Microsoft Cross-Site Scripting vulnerability in Microsoft Dynamics AX 2012

Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."

4.3
2012-06-11 CVE-2012-1825 Forescout Cross-Site Scripting vulnerability in Forescout Counteract 6.3.3.2/6.3.4.10

Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.

4.3
2012-06-13 CVE-2011-2183 Linux Race Condition vulnerability in Linux Kernel

Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.

4.0

18 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-17 CVE-2012-2693 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

3.7
2012-06-16 CVE-2012-1720 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.

3.7
2012-06-17 CVE-2012-2692 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

3.6
2012-06-13 CVE-2012-1829 Efstechnology Cross-Site Scripting vulnerability in Efstechnology Autoform PDM Archive 6.9

Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5
2012-06-13 CVE-2012-2604 Bradfordnetworks Cross-Site Scripting vulnerability in Bradfordnetworks products

Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5
2012-06-13 CVE-2012-1820 Quagga Remote Denial Of Service vulnerability in Quagga bgpd 'bgp_capability_orf()' BGP OPEN Message

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.

2.9
2012-06-15 CVE-2012-2634 Newsgator Cross-Site Scripting vulnerability in Newsgator Feeddemon

Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed.

2.6
2012-06-15 CVE-2012-2632 Seil Unspecified vulnerability in Seil products

SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intended URL restrictions via a TCP session.

2.6
2012-06-14 CVE-2012-3558 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.

2.6
2012-06-17 CVE-2012-2672 Oracle Unspecified vulnerability in Oracle Mojarra 2.1.7

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

2.1
2012-06-16 CVE-2012-1717 Oracle
Linux
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

2.1
2012-06-13 CVE-2011-2495 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

2.1
2012-06-13 CVE-2011-2494 Linux Information Exposure vulnerability in Linux Kernel

kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.

2.1
2012-06-13 CVE-2011-2493 Linux Unspecified vulnerability in Linux Kernel

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.

2.1
2012-06-13 CVE-2011-2210 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call.

2.1
2012-06-13 CVE-2011-2209 Linux Numeric Errors vulnerability in Linux Kernel

Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.

2.1
2012-06-13 CVE-2011-2208 Linux Numeric Errors vulnerability in Linux Kernel

Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.

2.1
2012-06-13 CVE-2012-2313 Linux
Novell
Redhat
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

1.2