Weekly Vulnerabilities Reports > July 9 to 15, 2012

Overview

86 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 105 products from 41 vendors including Microsoft, Moodle, Libexif Project, Cisco, and Google. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Code Injection", and "Numeric Errors".

  • 78 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 22 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 76 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-12 CVE-2012-2653 Lawrence Berkeley National Laboratory Security Bypass vulnerability in Lawrence Berkeley National Laboratory Arpwatch 2.1A15

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

10.0
2012-07-11 CVE-2012-2020 HP Unspecified vulnerability in HP Operations Agent

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.

10.0
2012-07-11 CVE-2012-2019 HP Unspecified vulnerability in HP Operations Agent

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.

10.0
2012-07-09 CVE-2012-3859 Netsweeper Unspecified vulnerability in Netsweeper

Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.

10.0
2012-07-12 CVE-2012-2844 Google Unspecified vulnerability in Google Chrome

The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document.

9.3
2012-07-12 CVE-2012-1661 Esri Code Injection vulnerability in Esri Arcgis and Arcmap

ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.

9.3
2012-07-10 CVE-2012-1891 Microsoft Buffer Errors vulnerability in Microsoft products

Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."

9.3
2012-07-10 CVE-2012-1524 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."

9.3
2012-07-10 CVE-2012-1522 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."

9.3
2012-07-10 CVE-2012-0175 Microsoft Code Injection vulnerability in Microsoft products

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."

9.3
2012-07-12 CVE-2012-3076 Cisco OS Command Injection vulnerability in Cisco Telepresence Recording Server

The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.

9.0
2012-07-12 CVE-2012-3075 Cisco OS Command Injection vulnerability in Cisco products

The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.

9.0

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-12 CVE-2012-3074 Cisco OS Command Injection vulnerability in Cisco products

An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.

8.3
2012-07-12 CVE-2012-2486 Cisco Code Injection vulnerability in Cisco products

The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.

8.3
2012-07-12 CVE-2012-3073 Cisco Unspecified vulnerability in Cisco products

The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338.

7.8
2012-07-09 CVE-2012-2970 Synel Resource Management Errors vulnerability in Synel Sy-780/A Time & Attendance Terminal

The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735.

7.8
2012-07-09 CVE-2012-1493 F5 Credentials Management vulnerability in F5 products

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.

7.8
2012-07-13 CVE-2012-2841 Libexif Project Numeric Errors vulnerability in Libexif Project Libexif 0.6.20

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.

7.5
2012-07-13 CVE-2012-2840 Libexif Project Numeric Errors vulnerability in Libexif Project Libexif

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

7.5
2012-07-13 CVE-2012-2814 Libexif Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libexif Project Libexif 0.6.20

Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

7.5
2012-07-12 CVE-2012-3998 Sayakbanerjee SQL Injection vulnerability in Sayakbanerjee Sticky Notes 0.2.27052012.4/0.2.27052012.5

Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php.

7.5
2012-07-12 CVE-2012-2843 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.

7.5
2012-07-12 CVE-2012-2842 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.

7.5
2012-07-12 CVE-2012-1162 NIH Buffer Errors vulnerability in NIH Libzip 0.10

Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."

7.5
2012-07-12 CVE-2012-3881 Adrian Chadd SQL Injection vulnerability in Adrian Chadd RTG and Rtg2

Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php.

7.5
2012-07-12 CVE-2012-3399 Artis Imag Improper Input Validation vulnerability in Artis.Imag Basilic 1.5.14

Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.

7.5
2012-07-12 CVE-2012-3376 Apache Cryptographic Issues vulnerability in Apache Hadoop 2.0.0

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

7.5
2012-07-12 CVE-2012-2763 Gimp Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gimp

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

7.5
2012-07-12 CVE-2012-0911 Tiki Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.

7.5
2012-07-10 CVE-2012-1893 Microsoft Improper Input Validation vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."

7.2
2012-07-10 CVE-2012-1890 Microsoft Improper Input Validation vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."

7.2

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-10 CVE-2012-1894 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Office 2011

Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."

6.9
2012-07-10 CVE-2012-1854 Microsoft Unspecified vulnerability in Microsoft products

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

6.9
2012-07-12 CVE-2012-3377 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.

6.8
2012-07-12 CVE-2012-3350 Valarsoft SQL Injection vulnerability in Valarsoft Webmatic 3.1.1

SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

6.8
2012-07-12 CVE-2012-2614 Lattice Semiconductor Buffer Errors vulnerability in Lattice Semiconductor Lattice Diamond Programmer 1.4.2

Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.

6.8
2012-07-12 CVE-2012-3362 Extplorer Cross-Site Request Forgery (CSRF) vulnerability in Extplorer 2.0.0/2.1.0

Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.

6.8
2012-07-12 CVE-2012-1163 NIH Numeric Errors vulnerability in NIH Libzip 0.10

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.

6.8
2012-07-11 CVE-2012-3890 Nullsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp

The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.

6.8
2012-07-11 CVE-2012-3889 Nullsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp

The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.

6.8
2012-07-11 CVE-2011-4302 Moodle Improper Input Validation vulnerability in Moodle

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

6.8
2012-07-11 CVE-2011-4298 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.

6.8
2012-07-10 CVE-2012-1862 Microsoft Improper Input Validation vulnerability in Microsoft Sharepoint Server 2007

Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."

6.8
2012-07-09 CVE-2012-2447 Netsweeper Cross-Site Request Forgery (CSRF) vulnerability in Netsweeper

Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action.

6.8
2012-07-12 CVE-2012-1037 Glpi Project Code Injection vulnerability in Glpi-Project Glpi

PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.

6.5
2012-07-13 CVE-2012-2279 EMC
RSA
Improper Input Validation vulnerability in multiple products

Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.4
2012-07-13 CVE-2012-2845 Curtis Galloway Numeric Errors vulnerability in Curtis Galloway Exif 0.6.20

Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.

6.4
2012-07-13 CVE-2012-2836 Libexif Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libexif Project Libexif

The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

6.4
2012-07-13 CVE-2012-2813 Libexif Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libexif Project Libexif

The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

6.4
2012-07-13 CVE-2012-2812 Libexif Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libexif Project Libexif

The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

6.4
2012-07-09 CVE-2012-3372 Elitecore Cryptographic Issues vulnerability in Elitecore Cyberoam Unified Threat Management

** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities.

5.8
2012-07-12 CVE-2012-0215 Tryton Permissions, Privileges, and Access Controls vulnerability in Tryton Trytond

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

5.5
2012-07-10 CVE-2012-1860 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Office web Apps and Sharepoint Server

Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."

5.5
2012-07-13 CVE-2012-2280 EMC
RSA
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."
5.0
2012-07-13 CVE-2012-2837 Libexif Project Numeric Errors vulnerability in Libexif Project Libexif

The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.

5.0
2012-07-12 CVE-2012-2351 Debian
Mahara
Improper Access Control vulnerability in multiple products

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.

5.0
2012-07-12 CVE-2012-3996 Tiki Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.

5.0
2012-07-11 CVE-2011-4309 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.

5.0
2012-07-11 CVE-2011-4301 Moodle Unspecified vulnerability in Moodle

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

5.0
2012-07-11 CVE-2011-4300 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

5.0
2012-07-09 CVE-2012-2138 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Org.Apache.Sling.Servlets.Post 2.1.0

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.

5.0
2012-07-13 CVE-2012-2278 EMC
RSA
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-07-13 CVE-2012-0283 Andreas Gohr Cross-Site Scripting vulnerability in Andreas Gohr Dokuwiki

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

4.3
2012-07-12 CVE-2012-4000 Ckeditor Cross-Site Scripting vulnerability in Ckeditor Fckeditor

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.

4.3
2012-07-12 CVE-2012-3999 Sayakbanerjee Cross-Site Scripting vulnerability in Sayakbanerjee Sticky Notes 0.2.27052012.4/0.2.27052012.5/0.3.09062012.4

Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2012-07-12 CVE-2012-3997 Sayakbanerjee Cross-Site Scripting vulnerability in Sayakbanerjee Sticky Notes 0.2.27052012.5

Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b) show.php.

4.3
2012-07-12 CVE-2012-3382 Mono Cross-Site Scripting vulnerability in Mono

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

4.3
2012-07-12 CVE-2012-3236 Gimp
GNU
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

4.3
2012-07-12 CVE-2012-3805 Kajona Cross-Site Scripting vulnerability in Kajona

Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module.

4.3
2012-07-11 CVE-2011-4307 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

4.3
2012-07-11 CVE-2011-4306 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.

4.3
2012-07-11 CVE-2011-4303 Moodle Cryptographic Issues vulnerability in Moodle

lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.

4.3
2012-07-11 CVE-2011-4299 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment.

4.3
2012-07-10 CVE-2012-1870 Microsoft Information Exposure vulnerability in Microsoft products

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."

4.3
2012-07-10 CVE-2012-1863 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."

4.3
2012-07-10 CVE-2012-1861 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."

4.3
2012-07-10 CVE-2012-1859 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."

4.3
2012-07-09 CVE-2012-3238 Astaro
Sophos
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

4.3
2012-07-09 CVE-2012-2446 Netsweeper Cross-Site Scripting vulnerability in Netsweeper

Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action.

4.3
2012-07-11 CVE-2011-4308 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.

4.0
2012-07-11 CVE-2011-4305 Moodle Numeric Errors vulnerability in Moodle

message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.

4.0
2012-07-11 CVE-2011-4304 Moodle Information Exposure vulnerability in Moodle

The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.

4.0
2012-07-09 CVE-2012-3812 Digium Resource Management Errors vulnerability in Digium Asterisk, Asteriske and Certified Asterisk

Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.

4.0
2012-07-09 CVE-2012-3863 Digium Resource Management Errors vulnerability in Digium products

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-12 CVE-2012-1620 Suckless Permissions, Privileges, and Access Controls vulnerability in Suckless Slock 0.9

slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.

3.6
2012-07-12 CVE-2012-1174 Linux Race Condition vulnerability in Linux Systemd 43

The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."

3.3