Weekly Vulnerabilities Reports > June 25 to July 1, 2012
Overview
82 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 54 vendors including Drupal, HP, Microsoft, Mantisbt, and PRO Face. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-Site Request Forgery (CSRF)", and "Improper Input Validation".
- 69 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 68 reported vulnerabilities are exploitable by an anonymous user.
- Drupal has the most reported vulnerabilities, with 29 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-29 | CVE-2012-2012 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 10.0 |
2012-06-25 | CVE-2012-3797 | PRO Face | Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode. | 10.0 |
2012-06-29 | CVE-2012-3057 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755. | 9.3 |
2012-06-29 | CVE-2012-3056 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946. | 9.3 |
2012-06-29 | CVE-2012-3055 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953. | 9.3 |
2012-06-29 | CVE-2012-3054 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977. | 9.3 |
2012-06-29 | CVE-2012-3053 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985. | 9.3 |
2012-06-27 | CVE-2012-3815 | Sielcosistemi | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. | 9.3 |
2012-06-29 | CVE-2012-2015 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. | 9.0 |
2012-06-29 | CVE-2012-2014 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. | 9.0 |
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-30 | CVE-2012-2017 | HP | Unspecified vulnerability in HP products Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2012-06-27 | CVE-2012-3816 | Winradius | Buffer Overflow vulnerability in Winradius 2009 WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet. | 7.8 |
2012-06-29 | CVE-2012-2013 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors. | 7.5 |
2012-06-29 | CVE-2012-1123 | Mantisbt | Improper Authentication vulnerability in Mantisbt The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. | 7.5 |
2012-06-27 | CVE-2012-3814 | Pippin Williamson Wordpress | Permissions, Privileges, and Access Controls vulnerability in Pippin Williamson Font Uploader 1.2.4 Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. | 7.5 |
2012-06-27 | CVE-2012-2388 | Strongswan | Improper Authentication vulnerability in Strongswan The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." | 7.5 |
2012-06-27 | CVE-2012-2730 | Alexis Wilke Drupal | Permissions, Privileges, and Access Controls vulnerability in Alexis Wilke Protected Node The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | 7.5 |
2012-06-27 | CVE-2012-2764 | Google Microsoft | Unspecified vulnerability in Google Chrome Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. | 7.2 |
2012-06-27 | CVE-2012-2200 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. | 7.2 |
38 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-27 | CVE-2012-3231 | Webatall | Cross-Site Request Forgery (CSRF) vulnerability in Webatall Web@All 2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. | 6.8 |
2012-06-27 | CVE-2012-2729 | Adcillc Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Adcillc Simplemeta Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. | 6.8 |
2012-06-27 | CVE-2012-2728 | Ronan Dowling Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Ronan Dowling Node Hierarchy Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. | 6.8 |
2012-06-27 | CVE-2012-2721 | Moshe Weitzman Drupal | Permissions, Privileges, and Access Controls vulnerability in Moshe Weitzman Organic Groups The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. | 6.8 |
2012-06-27 | CVE-2012-2713 | Browserid Project Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Browserid Project Browserid 7.X1.1/7.X1.2 Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | 6.8 |
2012-06-26 | CVE-2012-2380 | Apache | Cross-Site Request Forgery (CSRF) vulnerability in Apache Roller Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. | 6.8 |
2012-06-29 | CVE-2012-1119 | Mantisbt | Permissions, Privileges, and Access Controls vulnerability in Mantisbt MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection. | 6.4 |
2012-06-27 | CVE-2012-2727 | Bryce Hamrick Drupal | Improper Input Validation vulnerability in Bryce Hamrick Janrain Capture 6.X1.0/7.X1.0 Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | 5.8 |
2012-06-27 | CVE-2012-2707 | Antoine Beaupre Drupal | Permissions, Privileges, and Access Controls vulnerability in Antoine Beaupre Hostmaster The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. | 5.8 |
2012-06-25 | CVE-2010-2021 | Nicholasthompson Drupal | Improper Input Validation vulnerability in Nicholasthompson Global Redirect Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. | 5.8 |
2012-06-27 | CVE-2012-3799 | Blaine Lang Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Blaine Lang Maestro 7.X1.0/7.X1.1/7.X1.X Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. | 5.1 |
2012-06-27 | CVE-2012-2719 | Blaine Lang Drupal | Permissions, Privileges, and Access Controls vulnerability in Blaine Lang Filedepot The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." | 5.1 |
2012-06-26 | CVE-2012-2122 | Oracle Mariadb | Improper Authentication vulnerability in multiple products sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | 5.1 |
2012-06-27 | CVE-2012-2743 | Mikel Olasagasti | Credentials Management vulnerability in Mikel Olasagasti Revelation Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | 5.0 |
2012-06-27 | CVE-2012-2742 | Mikel Olasagasti | Credentials Management vulnerability in Mikel Olasagasti Revelation Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. | 5.0 |
2012-06-27 | CVE-2011-4957 | Wordpress | Improper Input Validation vulnerability in Wordpress The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls. | 5.0 |
2012-06-27 | CVE-2012-3798 | Bryce Hamrick Drupal | Information Exposure vulnerability in Bryce Hamrick Janrain Capture 6.X1.0/7.X1.0 The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | 5.0 |
2012-06-27 | CVE-2012-2720 | Adam Ross Drupal | Permissions, Privileges, and Access Controls vulnerability in Adam Ross Tokenauth The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | 5.0 |
2012-06-27 | CVE-2012-2702 | Tony Freixas Drupal | Permissions, Privileges, and Access Controls vulnerability in Tony Freixas Ubercart Product Keys 6.X1.0 The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. | 5.0 |
2012-06-25 | CVE-2012-3796 | PRO Face | Information Exposure vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode. | 5.0 |
2012-06-25 | CVE-2012-3795 | PRO Face | Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field. | 5.0 |
2012-06-25 | CVE-2012-3794 | PRO Face | Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory. | 5.0 |
2012-06-25 | CVE-2012-3793 | PRO Face | Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow. | 5.0 |
2012-06-25 | CVE-2012-3792 | PRO Face | Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt. | 5.0 |
2012-06-29 | CVE-2012-2016 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | 4.9 |
2012-06-29 | CVE-2012-1121 | Mantisbt | Permissions, Privileges, and Access Controls vulnerability in Mantisbt MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | 4.9 |
2012-06-29 | CVE-2012-2698 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. | 4.3 |
2012-06-29 | CVE-2012-2664 | Redhat | Credentials Management vulnerability in Redhat SOS 2.218 The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | 4.3 |
2012-06-29 | CVE-2012-1118 | Mantisbt | Permissions, Privileges, and Access Controls vulnerability in Mantisbt The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports. | 4.3 |
2012-06-29 | CVE-2010-5076 | Digia QT | Improper Input Validation vulnerability in multiple products QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 4.3 |
2012-06-29 | CVE-2012-3232 | Webatall | Cross-Site Scripting vulnerability in Webatall Web@All 2.0 Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. | 4.3 |
2012-06-27 | CVE-2012-2717 | Mathew Winstone Drupal | Cross-Site Scripting vulnerability in Mathew Winstone Mobile Tools Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. | 4.3 |
2012-06-27 | CVE-2011-4956 | Wordpress | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-06-27 | CVE-2012-2722 | Scott Reynen Drupal | Permissions, Privileges, and Access Controls vulnerability in Scott Reynen Node Embed The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. | 4.3 |
2012-06-27 | CVE-2012-2715 | Jason Moore Drupal | Cross-Site Scripting vulnerability in Jason Moore Amadou Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. | 4.3 |
2012-06-27 | CVE-2012-2706 | Peter Pokrivcak Drupal | Cross-Site Scripting vulnerability in Peter Pokrivcak Post Affiliate PRO Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | 4.3 |
2012-06-29 | CVE-2012-2385 | Keith Winstein | Resource Management Errors vulnerability in Keith Winstein Mosh The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | 4.0 |
2012-06-27 | CVE-2012-3802 | Peter Pokrivcak Drupal | Cross-Site Scripting and Access Security Bypass vulnerability in Drupal Post Affiliate Pro Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. | 4.0 |
25 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-29 | CVE-2012-1122 | Mantisbt | Permissions, Privileges, and Access Controls vulnerability in Mantisbt bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project. | 3.6 |
2012-06-29 | CVE-2012-1120 | Mantisbt | Permissions, Privileges, and Access Controls vulnerability in Mantisbt The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes. | 3.6 |
2012-06-27 | CVE-2012-2451 | Shlomi Fish | Unspecified vulnerability in Shlomi Fish Config-Inifiles The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | 3.6 |
2012-06-27 | CVE-2012-1989 | Puppet Puppetlabs | Permissions, Privileges, and Access Controls vulnerability in multiple products telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). | 3.6 |
2012-06-27 | CVE-2012-2725 | Authoring Html Drupal | Permissions, Privileges, and Access Controls vulnerability in Authoring Html 6.X-1.0 classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. | 3.5 |
2012-06-26 | CVE-2012-2381 | Apache | Cross-Site Scripting vulnerability in Apache Roller Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. | 3.5 |
2012-06-30 | CVE-2012-3826 | Wireshark | Numeric Errors vulnerability in Wireshark Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. | 3.3 |
2012-06-30 | CVE-2012-3825 | Wireshark | Numeric Errors vulnerability in Wireshark Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. | 3.3 |
2012-06-30 | CVE-2012-2394 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. | 3.3 |
2012-06-30 | CVE-2012-2393 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. | 3.3 |
2012-06-30 | CVE-2012-2392 | Wireshark | Resource Management Errors vulnerability in Wireshark Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. | 3.3 |
2012-06-29 | CVE-2012-1164 | Openldap | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openldap slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. | 2.6 |
2012-06-27 | CVE-2012-2731 | Richardo Ante Drupal | Information Exposure vulnerability in Richardo Ante Ubercart Ajax Cart 6.X2.0 The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. | 2.6 |
2012-06-27 | CVE-2012-2723 | Blaine Lang Drupal | Cross-Site Scripting vulnerability in Blaine Lang Maestro 7.X1.0/7.X1.1/7.X1.X Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2012-06-27 | CVE-2012-2712 | Thomas Seidl Drupal | Cross-Site Scripting vulnerability in Thomas Seidl Search API 7.X1.0/7.X1.X Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | 2.6 |
2012-06-27 | CVE-2012-2710 | John Albin Drupal | Cross-Site Scripting vulnerability in John Albin ZEN 6.X1.0/6.X1.0Beta1/6.X1.X Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | 2.6 |
2012-06-27 | CVE-2012-2703 | John Franklin Drupal | Cross-Site Scripting vulnerability in John Franklin Advertisement Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | 2.6 |
2012-06-29 | CVE-2012-2690 | Libguestfs | Credentials Management vulnerability in Libguestfs virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. | 2.1 |
2012-06-29 | CVE-2012-0813 | David Paleino | Credentials Management vulnerability in David Paleino Wicd Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information. | 2.1 |
2012-06-29 | CVE-2012-3818 | Mikel Olasagasti | Cryptographic Issues vulnerability in Mikel Olasagasti Revelation The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. | 2.1 |
2012-06-27 | CVE-2012-3800 | Moshe Weitzman Drupal | Cross-Site Scripting vulnerability in Moshe Weitzman Organic Groups Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | 2.1 |
2012-06-27 | CVE-2012-2726 | Alberto Trujillo Gonzalez Drupal | Cross-Site Scripting vulnerability in Alberto Trujillo Gonzalez Protest Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. | 2.1 |
2012-06-27 | CVE-2012-2711 | Nancy Wichmann Drupal | Cross-Site Scripting vulnerability in Nancy Wichmann Taxonomy List Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | 2.1 |
2012-06-27 | CVE-2012-2708 | Antoine Beaupre Drupal | Cross-Site Scripting vulnerability in Antoine Beaupre Hostmaster Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | 2.1 |
2012-06-27 | CVE-2012-2705 | Christopher Mitchell Drupal | Improper Input Validation vulnerability in Christopher Mitchell Smart Breadcrumb The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | 2.1 |