Weekly Vulnerabilities Reports > July 2 to 8, 2012
Overview
62 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 43 vendors including Redhat, Wellintech, Joomla, Symantec, and Libexpat Project. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Path Traversal".
- 53 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 57 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Wellintech has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-05 | CVE-2012-2559 | Wellintech | Resource Management Errors vulnerability in Wellintech Kinghistorian 3.0 WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. | 10.0 |
2012-07-05 | CVE-2012-1832 | Wellintech | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wellintech Kingview WellinTech KingView 6.53 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted packet to (1) TCP or (2) UDP port 2001. | 10.0 |
2012-07-05 | CVE-2012-1831 | Wellintech | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wellintech Kingview Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. | 10.0 |
2012-07-05 | CVE-2012-1830 | Wellintech | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wellintech Kingview Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. | 10.0 |
2012-07-03 | CVE-2011-5096 | Avaya | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya Aura Application Server 5300 1.0/2.0 Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | 10.0 |
2012-07-03 | CVE-2012-3811 | Avaya | Unspecified vulnerability in Avaya IP Office Customer Call Reporter 7.0/8.0 Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. | 10.0 |
2012-07-05 | CVE-2012-3585 | Irfanview | Buffer Errors vulnerability in Irfanview Plugins 4.33 Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file. | 9.3 |
2012-07-05 | CVE-2012-2516 | GE | OS Command Injection vulnerability in GE products An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | 9.3 |
2012-07-05 | CVE-2012-2515 | EMC GE | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. | 9.3 |
2012-07-03 | CVE-2012-3841 | Kmplayer | Unspecified vulnerability in Kmplayer 3.2.0.19 Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. | 9.3 |
2012-07-03 | CVE-2012-3366 | ANL | OS Command Injection vulnerability in ANL Bcfg2 1.2.0 The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). | 9.0 |
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-07 | CVE-2012-3374 | Pidgin | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | 7.5 |
2012-07-03 | CVE-2012-3839 | Myclientbase | SQL Injection vulnerability in Myclientbase 0.12 Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. | 7.5 |
2012-07-03 | CVE-2012-2747 | Joomla | Unspecified vulnerability in Joomla Joomla! Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." | 7.5 |
39 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-05 | CVE-2012-0303 | Symantec | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Message Filter Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. | 6.8 |
2012-07-05 | CVE-2012-2281 | RSA | Improper Authentication vulnerability in RSA Access Manager Agent and Access Manager Server EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. | 6.8 |
2012-07-03 | CVE-2011-2716 | T Mobile Busybox | Improper Input Validation vulnerability in multiple products The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | 6.8 |
2012-07-03 | CVE-2012-3834 | Alienvault | SQL Injection vulnerability in Alienvault Open Source Security Information Management 3.1 SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. | 6.5 |
2012-07-05 | CVE-2012-0301 | Symantec | Improper Authentication vulnerability in Symantec Message Filter Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | 5.4 |
2012-07-05 | CVE-2012-2640 | Yomecolle | Permissions, Privileges, and Access Controls vulnerability in Yomecolle NEC Biglobe Yome Collection The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. | 5.0 |
2012-07-05 | CVE-2012-0410 | Novell | Path Traversal vulnerability in Novell Groupwise Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | 5.0 |
2012-07-05 | CVE-2012-3847 | Invensys | Resource Management Errors vulnerability in Invensys Intouch and Wonderware Application Server slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007. | 5.0 |
2012-07-05 | CVE-2012-3007 | Invensys | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Invensys products Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string. | 5.0 |
2012-07-05 | CVE-2012-2560 | Wellintech | Path Traversal vulnerability in Wellintech Kingview Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. | 5.0 |
2012-07-03 | CVE-2012-3845 | LAN Messenger | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in LAN Messenger LAN Messenger1.2.28 Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request. | 5.0 |
2012-07-03 | CVE-2012-3838 | Babygekko | Information Exposure vulnerability in Babygekko Baby Gekko Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. | 5.0 |
2012-07-03 | CVE-2012-3829 | Joomla | Information Exposure vulnerability in Joomla Joomla! 2.5.3 Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | 5.0 |
2012-07-03 | CVE-2012-2181 | IBM | Path Traversal vulnerability in IBM Websphere Portal 7.0.0.1/7.0.0.2/8.0 Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. | 5.0 |
2012-07-03 | CVE-2012-2748 | Joomla | Unspecified vulnerability in Joomla Joomla! Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." | 5.0 |
2012-07-03 | CVE-2012-2318 | Pidgin | Improper Input Validation vulnerability in Pidgin msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. | 5.0 |
2012-07-03 | CVE-2012-1148 | Libexpat Project Apple | Resource Management Errors vulnerability in multiple products Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | 5.0 |
2012-07-07 | CVE-2012-2644 | Hazama SIX Apart | Cross-Site Scripting vulnerability in Hazama Mt4I Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642. | 4.3 |
2012-07-07 | CVE-2012-2643 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web Yy-Board Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. | 4.3 |
2012-07-07 | CVE-2012-2642 | Hazama SIX Apart | Cross-Site Scripting vulnerability in Hazama Mt4I Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644. | 4.3 |
2012-07-05 | CVE-2012-2018 | HP | Cross-Site Scripting vulnerability in HP Network Node Manager I Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-05 | CVE-2012-2641 | Zenphoto | Cross-Site Scripting vulnerability in Zenphoto Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library. | 4.3 |
2012-07-05 | CVE-2012-0302 | Symantec | Cross-Site Scripting vulnerability in Symantec Message Filter 6.3 Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-03 | CVE-2012-3846 | Atmoner | Cross-Site Scripting vulnerability in Atmoner PHP-Pastebin 2.1 Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | 4.3 |
2012-07-03 | CVE-2012-3844 | Vbulletin | Cross-Site Scripting vulnerability in Vbulletin 4.1.12 Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. | 4.3 |
2012-07-03 | CVE-2012-3843 | E107 | Cross-Site Scripting vulnerability in E107 1.0.1 Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-03 | CVE-2012-3842 | Jbmc Software | Cross-Site Scripting vulnerability in Jbmc-Software Directadmin 1.403 Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. | 4.3 |
2012-07-03 | CVE-2012-3840 | Myclientbase | Cross-Site Scripting vulnerability in Myclientbase 0.12 Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters. | 4.3 |
2012-07-03 | CVE-2012-3837 | Babygekko | Cross-Site Scripting vulnerability in Babygekko Baby Gekko Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. | 4.3 |
2012-07-03 | CVE-2012-3836 | Babygekko | Cross-Site Scripting vulnerability in Babygekko Baby Gekko Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php. | 4.3 |
2012-07-03 | CVE-2012-3835 | Alienvault | Cross-Site Scripting vulnerability in Alienvault Open Source Security Information Management 3.1 Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page. | 4.3 |
2012-07-03 | CVE-2012-3833 | Opensolution | Cross-Site Scripting vulnerability in Opensolution Quick.Cms 4.0 Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
2012-07-03 | CVE-2012-3832 | Milesj | Cross-Site Scripting vulnerability in Milesj Decoda Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags. | 4.3 |
2012-07-03 | CVE-2012-3831 | Milesj | Cross-Site Scripting vulnerability in Milesj Decoda Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. | 4.3 |
2012-07-03 | CVE-2012-3830 | Milesj | Cross-Site Scripting vulnerability in Milesj Decoda Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. | 4.3 |
2012-07-03 | CVE-2012-3828 | Joomla | Cross-Site Scripting vulnerability in Joomla Joomla! 2.5.3 Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. | 4.3 |
2012-07-03 | CVE-2012-1147 | Apple Libexpat Project | Improper Input Validation vulnerability in multiple products readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | 4.3 |
2012-07-03 | CVE-2012-0876 | Libexpat Project Python Debian Canonical Oracle Redhat | Resource Exhaustion vulnerability in multiple products The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | 4.3 |
2012-07-03 | CVE-2011-2485 | Gnome | Unspecified vulnerability in Gnome Gdk-Pixbuf 2.22.1/2.23.3 The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-03 | CVE-2012-2214 | Pidgin | Resource Management Errors vulnerability in Pidgin proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. | 3.5 |
2012-07-05 | CVE-2012-0300 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Message Filter Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors. | 3.3 |
2012-07-03 | CVE-2012-3368 | Redhat | Numeric Errors vulnerability in Redhat Dtach 0.8 Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. | 2.6 |
2012-07-03 | CVE-2012-0833 | Fedoraproject | Permissions, Privileges, and Access Controls vulnerability in Fedoraproject 389 Directory Server The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. | 2.3 |
2012-07-03 | CVE-2012-2746 | Redhat Fedoraproject | Cryptographic Issues vulnerability in multiple products 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. | 2.1 |
2012-07-03 | CVE-2011-4029 | X ORG | Race Condition vulnerability in X.Org X Server The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. | 1.9 |
2012-07-03 | CVE-2012-1106 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Automatic BUG Reporting Tool The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information. | 1.9 |
2012-07-03 | CVE-2011-4028 | X ORG | Link Following vulnerability in X.Org X Server The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. | 1.2 |
2012-07-03 | CVE-2012-2678 | Redhat Fedoraproject | Cryptographic Issues vulnerability in multiple products 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. | 1.2 |