Weekly Vulnerabilities Reports > June 25 to July 1, 2012

Overview

82 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 54 vendors including Drupal, HP, Microsoft, Mantisbt, and PRO Face. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-Site Request Forgery (CSRF)", and "Improper Input Validation".

  • 69 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 68 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 29 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-29 CVE-2012-2012 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

10.0
2012-06-25 CVE-2012-3797 PRO Face Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.

10.0
2012-06-29 CVE-2012-3057 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player

Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755.

9.3
2012-06-29 CVE-2012-3056 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946.

9.3
2012-06-29 CVE-2012-3055 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player

Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953.

9.3
2012-06-29 CVE-2012-3054 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player

Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977.

9.3
2012-06-29 CVE-2012-3053 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player

Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985.

9.3
2012-06-27 CVE-2012-3815 Sielcosistemi Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824.

9.3
2012-06-29 CVE-2012-2015 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors.

9.0
2012-06-29 CVE-2012-2014 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors.

9.0

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-30 CVE-2012-2017 HP Unspecified vulnerability in HP products

Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors.

7.8
2012-06-27 CVE-2012-3816 Winradius Buffer Overflow vulnerability in Winradius 2009

WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet.

7.8
2012-06-29 CVE-2012-2013 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors.

7.5
2012-06-29 CVE-2012-1123 Mantisbt Improper Authentication vulnerability in Mantisbt

The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.

7.5
2012-06-27 CVE-2012-3814 Pippin Williamson
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Pippin Williamson Font Uploader 1.2.4

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.

7.5
2012-06-27 CVE-2012-2388 Strongswan Improper Authentication vulnerability in Strongswan

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."

7.5
2012-06-27 CVE-2012-2730 Alexis Wilke
Drupal
Permissions, Privileges, and Access Controls vulnerability in Alexis Wilke Protected Node

The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.

7.5
2012-06-27 CVE-2012-2764 Google
Microsoft
Unspecified vulnerability in Google Chrome

Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.

7.2
2012-06-27 CVE-2012-2200 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

7.2

38 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-27 CVE-2012-3231 Webatall Cross-Site Request Forgery (CSRF) vulnerability in Webatall Web@All 2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.

6.8
2012-06-27 CVE-2012-2729 Adcillc
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Adcillc Simplemeta

Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry.

6.8
2012-06-27 CVE-2012-2728 Ronan Dowling
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Ronan Dowling Node Hierarchy

Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action.

6.8
2012-06-27 CVE-2012-2721 Moshe Weitzman
Drupal
Permissions, Privileges, and Access Controls vulnerability in Moshe Weitzman Organic Groups

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

6.8
2012-06-27 CVE-2012-2713 Browserid Project
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Browserid Project Browserid 7.X1.1/7.X1.2

Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.

6.8
2012-06-26 CVE-2012-2380 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Roller

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

6.8
2012-06-29 CVE-2012-1119 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection.

6.4
2012-06-27 CVE-2012-2727 Bryce Hamrick
Drupal
Improper Input Validation vulnerability in Bryce Hamrick Janrain Capture 6.X1.0/7.X1.0

Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

5.8
2012-06-27 CVE-2012-2707 Antoine Beaupre
Drupal
Permissions, Privileges, and Access Controls vulnerability in Antoine Beaupre Hostmaster

The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.

5.8
2012-06-25 CVE-2010-2021 Nicholasthompson
Drupal
Improper Input Validation vulnerability in Nicholasthompson Global Redirect

Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter.

5.8
2012-06-27 CVE-2012-3799 Blaine Lang
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Blaine Lang Maestro 7.X1.0/7.X1.1/7.X1.X

Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences.

5.1
2012-06-27 CVE-2012-2719 Blaine Lang
Drupal
Permissions, Privileges, and Access Controls vulnerability in Blaine Lang Filedepot

The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability."

5.1
2012-06-26 CVE-2012-2122 Oracle
Mariadb
Improper Authentication vulnerability in multiple products

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

5.1
2012-06-27 CVE-2012-2743 Mikel Olasagasti Credentials Management vulnerability in Mikel Olasagasti Revelation

Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.

5.0
2012-06-27 CVE-2012-2742 Mikel Olasagasti Credentials Management vulnerability in Mikel Olasagasti Revelation

Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.

5.0
2012-06-27 CVE-2011-4957 Wordpress Improper Input Validation vulnerability in Wordpress

The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.

5.0
2012-06-27 CVE-2012-3798 Bryce Hamrick
Drupal
Information Exposure vulnerability in Bryce Hamrick Janrain Capture 6.X1.0/7.X1.0

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.

5.0
2012-06-27 CVE-2012-2720 Adam Ross
Drupal
Permissions, Privileges, and Access Controls vulnerability in Adam Ross Tokenauth

The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.

5.0
2012-06-27 CVE-2012-2702 Tony Freixas
Drupal
Permissions, Privileges, and Access Controls vulnerability in Tony Freixas Ubercart Product Keys 6.X1.0

The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.

5.0
2012-06-25 CVE-2012-3796 PRO Face Information Exposure vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.

5.0
2012-06-25 CVE-2012-3795 PRO Face Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field.

5.0
2012-06-25 CVE-2012-3794 PRO Face Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory.

5.0
2012-06-25 CVE-2012-3793 PRO Face Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime

Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow.

5.0
2012-06-25 CVE-2012-3792 PRO Face Buffer Errors vulnerability in Pro-Face Pro-Server EX and Wingp PC Runtime

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt.

5.0
2012-06-29 CVE-2012-2016 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors.

4.9
2012-06-29 CVE-2012-1121 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.

4.9
2012-06-29 CVE-2012-2698 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.

4.3
2012-06-29 CVE-2012-2664 Redhat Credentials Management vulnerability in Redhat SOS 2.218

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.

4.3
2012-06-29 CVE-2012-1118 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports.

4.3
2012-06-29 CVE-2010-5076 Digia
QT
Improper Input Validation vulnerability in multiple products

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

4.3
2012-06-29 CVE-2012-3232 Webatall Cross-Site Scripting vulnerability in Webatall Web@All 2.0

Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.

4.3
2012-06-27 CVE-2012-2717 Mathew Winstone
Drupal
Cross-Site Scripting vulnerability in Mathew Winstone Mobile Tools

Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.

4.3
2012-06-27 CVE-2011-4956 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-27 CVE-2012-2722 Scott Reynen
Drupal
Permissions, Privileges, and Access Controls vulnerability in Scott Reynen Node Embed

The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.

4.3
2012-06-27 CVE-2012-2715 Jason Moore
Drupal
Cross-Site Scripting vulnerability in Jason Moore Amadou

Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links.

4.3
2012-06-27 CVE-2012-2706 Peter Pokrivcak
Drupal
Cross-Site Scripting vulnerability in Peter Pokrivcak Post Affiliate PRO

Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration.

4.3
2012-06-29 CVE-2012-2385 Keith Winstein Resource Management Errors vulnerability in Keith Winstein Mosh

The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.

4.0
2012-06-27 CVE-2012-3802 Peter Pokrivcak
Drupal
Cross-Site Scripting and Access Security Bypass vulnerability in Drupal Post Affiliate Pro

Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.

4.0

25 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-29 CVE-2012-1122 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project.

3.6
2012-06-29 CVE-2012-1120 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.

3.6
2012-06-27 CVE-2012-2451 Shlomi Fish Unspecified vulnerability in Shlomi Fish Config-Inifiles

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

3.6
2012-06-27 CVE-2012-1989 Puppet
Puppetlabs
Permissions, Privileges, and Access Controls vulnerability in multiple products

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

3.6
2012-06-27 CVE-2012-2725 Authoring Html
Drupal
Permissions, Privileges, and Access Controls vulnerability in Authoring Html 6.X-1.0

classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.

3.5
2012-06-26 CVE-2012-2381 Apache Cross-Site Scripting vulnerability in Apache Roller

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.

3.5
2012-06-30 CVE-2012-3826 Wireshark Numeric Errors vulnerability in Wireshark

Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.

3.3
2012-06-30 CVE-2012-3825 Wireshark Numeric Errors vulnerability in Wireshark

Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.

3.3
2012-06-30 CVE-2012-2394 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.

3.3
2012-06-30 CVE-2012-2393 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.

3.3
2012-06-30 CVE-2012-2392 Wireshark Resource Management Errors vulnerability in Wireshark

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.

3.3
2012-06-29 CVE-2012-1164 Openldap Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openldap

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

2.6
2012-06-27 CVE-2012-2731 Richardo Ante
Drupal
Information Exposure vulnerability in Richardo Ante Ubercart Ajax Cart 6.X2.0

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.

2.6
2012-06-27 CVE-2012-2723 Blaine Lang
Drupal
Cross-Site Scripting vulnerability in Blaine Lang Maestro 7.X1.0/7.X1.1/7.X1.X

Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors.

2.6
2012-06-27 CVE-2012-2712 Thomas Seidl
Drupal
Cross-Site Scripting vulnerability in Thomas Seidl Search API 7.X1.0/7.X1.X

Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.

2.6
2012-06-27 CVE-2012-2710 John Albin
Drupal
Cross-Site Scripting vulnerability in John Albin ZEN 6.X1.0/6.X1.0Beta1/6.X1.X

Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.

2.6
2012-06-27 CVE-2012-2703 John Franklin
Drupal
Cross-Site Scripting vulnerability in John Franklin Advertisement

Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."

2.6
2012-06-29 CVE-2012-2690 Libguestfs Credentials Management vulnerability in Libguestfs

virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.

2.1
2012-06-29 CVE-2012-0813 David Paleino Credentials Management vulnerability in David Paleino Wicd

Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.

2.1
2012-06-29 CVE-2012-3818 Mikel Olasagasti Cryptographic Issues vulnerability in Mikel Olasagasti Revelation

The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.

2.1
2012-06-27 CVE-2012-3800 Moshe Weitzman
Drupal
Cross-Site Scripting vulnerability in Moshe Weitzman Organic Groups

Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.

2.1
2012-06-27 CVE-2012-2726 Alberto Trujillo Gonzalez
Drupal
Cross-Site Scripting vulnerability in Alberto Trujillo Gonzalez Protest

Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter.

2.1
2012-06-27 CVE-2012-2711 Nancy Wichmann
Drupal
Cross-Site Scripting vulnerability in Nancy Wichmann Taxonomy List

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.

2.1
2012-06-27 CVE-2012-2708 Antoine Beaupre
Drupal
Cross-Site Scripting vulnerability in Antoine Beaupre Hostmaster

Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log.

2.1
2012-06-27 CVE-2012-2705 Christopher Mitchell
Drupal
Improper Input Validation vulnerability in Christopher Mitchell Smart Breadcrumb

The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.

2.1