Weekly Vulnerabilities Reports > July 16 to 22, 2012
Overview
210 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 47 vendors including Oracle, Moodle, Mozilla, SUN, and Wordpress. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", and "Improper Input Validation".
- 182 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 146 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 64 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-20 | CVE-2012-2688 | PHP | Buffer Overflow vulnerability in PHP '_php_stream_scandir()' Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." | 10.0 |
2012-07-19 | CVE-2012-2974 | SMC | Improper Authentication vulnerability in SMC Smc8024L2 Switch The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | 10.0 |
2012-07-18 | CVE-2012-3358 | Uclouvain | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 1.5 Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. | 10.0 |
2012-07-18 | CVE-2012-4033 | Zingiri Wordpress | Unspecified vulnerability in Zingiri web Shop Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. | 10.0 |
2012-07-18 | CVE-2012-1967 | Mozilla | Privilege Escalation vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | 10.0 |
2012-07-18 | CVE-2012-1962 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. | 10.0 |
2012-07-18 | CVE-2012-1954 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. | 10.0 |
2012-07-18 | CVE-2012-1951 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. | 10.0 |
2012-07-17 | CVE-2012-3135 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2012-07-19 | CVE-2012-0284 | Cisco | Buffer Errors vulnerability in Cisco Linksys Playerpt Activex Control 1.0.0.15 Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). | 9.3 |
2012-07-18 | CVE-2012-1958 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. | 9.3 |
2012-07-18 | CVE-2012-1953 | Mozilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. | 9.3 |
2012-07-18 | CVE-2012-1952 | Mozilla | Resource Management Errors vulnerability in Mozilla products The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. | 9.3 |
2012-07-18 | CVE-2012-1949 | Mozilla | Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2012-07-18 | CVE-2012-1948 | Mozilla | Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
15 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-20 | CVE-2012-3008 | Osisoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Osisoft PI OPC DA Interface 2.3.16.16/2.3.17.18 Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items. | 8.5 |
2012-07-17 | CVE-2012-3120 | SUN | Unspecified vulnerability in SUN Sunos 5.8 Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. | 7.8 |
2012-07-17 | CVE-2012-1740 | Oracle | Unspecified vulnerability in Oracle Application Express Listener Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors. | 7.8 |
2012-07-16 | CVE-2012-4028 | Tridium | Credentials Management vulnerability in Tridium Niagra AX Framework Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | 7.8 |
2012-07-22 | CVE-2012-4045 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. | 7.5 |
2012-07-22 | CVE-2012-2088 | Libtiff | Numeric Errors vulnerability in Libtiff Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. | 7.5 |
2012-07-22 | CVE-2011-3464 | Libpng | Numeric Errors vulnerability in Libpng Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. | 7.5 |
2012-07-22 | CVE-2011-2199 | H Peter Anvin | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in H Peter Anvin Tftp-Hpa Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. | 7.5 |
2012-07-18 | CVE-2012-2303 | Florian Weber Drupal | Permissions, Privileges, and Access Controls vulnerability in Florian Weber Spaces The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. | 7.5 |
2012-07-18 | CVE-2012-2140 | Rubygems | Improper Input Validation vulnerability in Rubygems Mail GEM 2.3.2/2.3.3 The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. | 7.5 |
2012-07-17 | CVE-2012-3241 | Eucalyptus | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus 2.0.3/3.0.1 The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. | 7.5 |
2012-07-17 | CVE-2012-3240 | Eucalyptus | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus 2.0.3/3.0.1 The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. | 7.5 |
2012-07-17 | CVE-2012-0801 | Moodle | Improper Input Validation vulnerability in Moodle lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | 7.5 |
2012-07-16 | CVE-2012-2607 | Johnsoncontrols | OS Command Injection vulnerability in Johnsoncontrols Network Controller and Network Controller Firmware The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | 7.5 |
2012-07-17 | CVE-2012-3125 | SUN | Unspecified vulnerability in SUN Sunos 5.10/5.8/5.9 Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP. | 7.1 |
144 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-22 | CVE-2012-3384 | Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2012-07-22 | CVE-2012-2113 | Libtiff | Numeric Errors vulnerability in Libtiff Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | 6.8 |
2012-07-20 | CVE-2011-4587 | Moodle | Credentials Management vulnerability in Moodle lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | 6.8 |
2012-07-19 | CVE-2012-4025 | Squashfs Project | Integer Overflow OR Wraparound vulnerability in Squashfs Project Squashfs Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. | 6.8 |
2012-07-19 | CVE-2012-4024 | Squashfs Project | Out-Of-Bounds Write vulnerability in Squashfs Project Squashfs Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). | 6.8 |
2012-07-18 | CVE-2012-0868 | Postgresql | SQL Injection vulnerability in Postgresql CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. | 6.8 |
2012-07-18 | CVE-2009-5030 | Uclouvain | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 1.3/1.4/1.5 The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." | 6.8 |
2012-07-18 | CVE-2012-1955 | Mozilla | Location Bar Spoofing vulnerability in Mozilla Firefox Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | 6.8 |
2012-07-17 | CVE-2012-1737 | Oracle | SQL Injection vulnerability in Oracle Enterprise Manager for Oracle Database Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs. | 6.8 |
2012-07-17 | CVE-2012-1735 | Oracle | Unspecified vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 6.8 |
2012-07-17 | CVE-2012-1731 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. | 6.8 |
2012-07-17 | CVE-2012-0282 | Xnview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. | 6.8 |
2012-07-17 | CVE-2012-0277 | Xnview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | 6.8 |
2012-07-17 | CVE-2012-0276 | Xnview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL. | 6.8 |
2012-07-16 | CVE-2011-4287 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle 2.0.0/2.0.1/2.0.2 admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. | 6.8 |
2012-07-16 | CVE-2011-4281 | Moodle | Cross-Site Request Forgery (CSRF) vulnerability in Moodle 2.0.0/2.0.1 Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course. | 6.8 |
2012-07-16 | CVE-2011-4133 | Moodle | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. | 6.8 |
2012-07-21 | CVE-2012-2363 | Moodle | SQL Injection vulnerability in Moodle SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | 6.5 |
2012-07-21 | CVE-2012-2359 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | 6.5 |
2012-07-20 | CVE-2011-4583 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | 6.5 |
2012-07-18 | CVE-2012-0866 | Postgresql | Permissions, Privileges, and Access Controls vulnerability in Postgresql CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. | 6.5 |
2012-07-17 | CVE-2012-0795 | Moodle | Improper Input Validation vulnerability in Moodle Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 6.5 |
2012-07-16 | CVE-2012-2282 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Celerra Network Server, VNX and Vnxe EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. | 6.5 |
2012-07-16 | CVE-2011-4295 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | 6.5 |
2012-07-18 | CVE-2012-1950 | Mozilla | Address Bar URI Spoofing vulnerability in Mozilla Firefox and Firefox ESR The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. | 6.4 |
2012-07-17 | CVE-2011-4358 | Oracle | Unspecified vulnerability in Oracle SUN Glassfish Enterprise Server 3.0.1/3.1.1 Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF. | 6.4 |
2012-07-16 | CVE-2011-4297 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. | 6.4 |
2012-07-16 | CVE-2011-4293 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. | 6.4 |
2012-07-17 | CVE-2012-3126 | Oracle | Local Solaris Cluster vulnerability in Oracle SUN products Suite 3.3 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent. | 6.2 |
2012-07-17 | CVE-2012-1741 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.5 Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to User Administration Pages. | 5.8 |
2012-07-17 | CVE-2012-1728 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Portal Framework. | 5.8 |
2012-07-17 | CVE-2012-4032 | Websitepanel | Improper Input Validation vulnerability in Websitepanel Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx. | 5.8 |
2012-07-16 | CVE-2011-4294 | Moodle | Improper Input Validation vulnerability in Moodle The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors. | 5.8 |
2012-07-17 | CVE-2012-1687 | SUN | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM). | 5.6 |
2012-07-22 | CVE-2012-3361 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack Diablo, Essex and Folsom virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. | 5.5 |
2012-07-22 | CVE-2012-3360 | Openstack | Path Traversal vulnerability in Openstack Essex and Folsom Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. | 5.5 |
2012-07-21 | CVE-2012-2366 | Moodle | Unspecified vulnerability in Moodle mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. | 5.5 |
2012-07-21 | CVE-2012-2358 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | 5.5 |
2012-07-20 | CVE-2011-4589 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | 5.5 |
2012-07-17 | CVE-2012-3113 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.0.20 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality and integrity, related to EPERF. | 5.5 |
2012-07-17 | CVE-2012-0798 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | 5.5 |
2012-07-17 | CVE-2012-0797 | Moodle | Configuration vulnerability in Moodle The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | 5.5 |
2012-07-16 | CVE-2011-4296 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | 5.5 |
2012-07-16 | CVE-2011-4285 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle 2.0.0/2.0.1 The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role. | 5.5 |
2012-07-17 | CVE-2012-3127 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP. | 5.4 |
2012-07-17 | CVE-2012-1753 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to PC. | 5.4 |
2012-07-17 | CVE-2012-3129 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer. | 5.1 |
2012-07-22 | CVE-2012-3385 | Wordpress | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | 5.0 |
2012-07-22 | CVE-2012-3357 | Viewvc | Information Exposure vulnerability in Viewvc The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." | 5.0 |
2012-07-22 | CVE-2012-3356 | Viewvc | Improper Authentication vulnerability in Viewvc The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | 5.0 |
2012-07-21 | CVE-2012-2357 | Moodle | Information Exposure vulnerability in Moodle The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | 5.0 |
2012-07-20 | CVE-2012-3365 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | 5.0 |
2012-07-20 | CVE-2011-4592 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality. | 5.0 |
2012-07-20 | CVE-2011-4588 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. | 5.0 |
2012-07-20 | CVE-2011-4586 | Moodle | Unspecified vulnerability in Moodle CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
2012-07-20 | CVE-2011-4585 | Moodle | Configuration vulnerability in Moodle login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. | 5.0 |
2012-07-18 | CVE-2012-2139 | Rubygems | Path Traversal vulnerability in Rubygems Mail GEM 2.3.2/2.3.3/2.4.1 Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. | 5.0 |
2012-07-18 | CVE-2012-1960 | Mozilla | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. | 5.0 |
2012-07-18 | CVE-2012-1959 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla products Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. | 5.0 |
2012-07-17 | CVE-2012-3124 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL. | 5.0 |
2012-07-17 | CVE-2012-3123 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. | 5.0 |
2012-07-17 | CVE-2012-3121 | SUN | Remote Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer. | 5.0 |
2012-07-17 | CVE-2012-1749 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1/11.1.1.5.0 Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. | 5.0 |
2012-07-17 | CVE-2012-1747 | Oracle | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746. | 5.0 |
2012-07-17 | CVE-2012-1746 | Oracle Microsoft | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. | 5.0 |
2012-07-17 | CVE-2012-1745 | Oracle | Remote Network Layer vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2012-07-17 | CVE-2012-1742 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1760. | 5.0 |
2012-07-17 | CVE-2012-1738 | Oracle | Unspecified vulnerability in Oracle products Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availability via unknown vectors related to Web Server. | 5.0 |
2012-07-17 | CVE-2012-1736 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1 Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. | 5.0 |
2012-07-17 | CVE-2012-4031 | Wangkongbao | Path Traversal vulnerability in Wangkongbao Cns-1000 and Cns-1100 Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. | 5.0 |
2012-07-17 | CVE-2012-0794 | Moodle | Credentials Management vulnerability in Moodle The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | 5.0 |
2012-07-17 | CVE-2012-0793 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | 5.0 |
2012-07-16 | CVE-2012-4027 | Tridium | Permissions, Privileges, and Access Controls vulnerability in Tridium Niagra AX Framework Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file. | 5.0 |
2012-07-16 | CVE-2012-4026 | Johnsoncontrols | Improper Input Validation vulnerability in Johnsoncontrols products The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | 5.0 |
2012-07-16 | CVE-2011-4284 | Moodle | Information Exposure vulnerability in Moodle 2.0.0/2.0.1 Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page. | 5.0 |
2012-07-16 | CVE-2011-4283 | Moodle | Information Exposure vulnerability in Moodle Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. | 5.0 |
2012-07-16 | CVE-2011-4279 | Moodle | Information Exposure vulnerability in Moodle 2.0.0/2.0.1 Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista. | 5.0 |
2012-07-20 | CVE-2011-4582 | Moodle | Improper Input Validation vulnerability in Moodle 2.1.0/2.1.1/2.1.2 Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | 4.9 |
2012-07-17 | CVE-2012-1752 | SUN | Unspecified vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS. | 4.9 |
2012-07-17 | CVE-2012-1765 | SUN | Local Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone. | 4.7 |
2012-07-22 | CVE-2011-3148 | Linux PAM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux-Pam Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. | 4.6 |
2012-07-17 | CVE-2012-1750 | SUN | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx. | 4.4 |
2012-07-22 | CVE-2012-2751 | Trustwave Opensuse Debian Oracle | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. | 4.3 |
2012-07-22 | CVE-2009-5031 | Trustwave Opensuse | Cross-Site Scripting vulnerability in multiple products ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | 4.3 |
2012-07-20 | CVE-2012-2955 | IBM | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2012-07-20 | CVE-2011-4591 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. | 4.3 |
2012-07-18 | CVE-2012-0867 | Opensuse Project Postgresql Debian Redhat | Improper Input Validation vulnerability in multiple products PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | 4.3 |
2012-07-18 | CVE-2012-1966 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. | 4.3 |
2012-07-18 | CVE-2012-1965 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. | 4.3 |
2012-07-18 | CVE-2012-1963 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla products The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. | 4.3 |
2012-07-18 | CVE-2012-1961 | Mozilla | Improper Input Validation vulnerability in Mozilla products Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. | 4.3 |
2012-07-18 | CVE-2012-1957 | Mozilla | Cross-Site Scripting vulnerability in Mozilla products An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. | 4.3 |
2012-07-17 | CVE-2012-3131 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS. | 4.3 |
2012-07-17 | CVE-2012-3130 | SUN | Unspecified vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd. | 4.3 |
2012-07-17 | CVE-2012-3115 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1/11.1.1.5.0/11.1.1.6.0 Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install. | 4.3 |
2012-07-17 | CVE-2012-3114 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2012-07-17 | CVE-2012-3112 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console. | 4.3 |
2012-07-17 | CVE-2012-1761 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework. | 4.3 |
2012-07-17 | CVE-2012-1760 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742. | 4.3 |
2012-07-17 | CVE-2012-1730 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Password Management. | 4.3 |
2012-07-17 | CVE-2012-1729 | Oracle | Unspecified vulnerability in Oracle Hyperion Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization. | 4.3 |
2012-07-17 | CVE-2012-1715 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages. | 4.3 |
2012-07-17 | CVE-2011-3562 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 11.1.1.5.0/11.1.1.6.0/11.1.2.0 Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2012-07-17 | CVE-2012-1571 | Christos Zoulas TIM Robbins | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | 4.3 |
2012-07-17 | CVE-2012-0799 | Moodle | Information Exposure vulnerability in Moodle Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | 4.3 |
2012-07-16 | CVE-2012-2645 | Yahoo | Information Exposure vulnerability in Yahoo Yahoo! Browser 1.2.0 The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 4.3 |
2012-07-16 | CVE-2012-2021 | HP | Cross-Site Scripting vulnerability in HP Assetmanager Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-16 | CVE-2011-4290 | Moodle | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding. | 4.3 |
2012-07-16 | CVE-2011-4286 | Moodle | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. | 4.3 |
2012-07-16 | CVE-2011-4282 | Moodle | Cross-Site Scripting vulnerability in Moodle 2.0.0/2.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter. | 4.3 |
2012-07-16 | CVE-2011-4280 | Moodle Nimish Pachapurkar | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-16 | CVE-2011-4278 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-22 | CVE-2012-2738 | Nalin Dahyabhai | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nalin Dahyabhai VTE The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | 4.0 |
2012-07-21 | CVE-2012-2367 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | 4.0 |
2012-07-21 | CVE-2012-2356 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | 4.0 |
2012-07-21 | CVE-2012-2355 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | 4.0 |
2012-07-21 | CVE-2012-2354 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | 4.0 |
2012-07-21 | CVE-2012-2353 | Moodle | Information Exposure vulnerability in Moodle Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | 4.0 |
2012-07-20 | CVE-2011-4593 | Moodle | Information Exposure vulnerability in Moodle Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. | 4.0 |
2012-07-20 | CVE-2011-4590 | Moodle | Improper Authentication vulnerability in Moodle The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | 4.0 |
2012-07-20 | CVE-2011-4584 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. | 4.0 |
2012-07-20 | CVE-2011-4581 | Moodle | Information Exposure vulnerability in Moodle mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | 4.0 |
2012-07-18 | CVE-2012-2655 | Postgresql | Resource Management Errors vulnerability in Postgresql PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. | 4.0 |
2012-07-18 | CVE-2012-1964 | Mozilla | Clickjacking vulnerability in Mozilla Firefox/Thunderbird/Seamonkey The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element. | 4.0 |
2012-07-17 | CVE-2012-3134 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2/11.2.0.3 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2012-07-17 | CVE-2012-3119 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.0.20 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway. | 4.0 |
2012-07-17 | CVE-2012-3118 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC. | 4.0 |
2012-07-17 | CVE-2012-3117 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to HTTP. | 4.0 |
2012-07-17 | CVE-2012-1759 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite 20.0.2/20.1 Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1758. | 4.0 |
2012-07-17 | CVE-2012-1758 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite 20.0.2/20.1 Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759. | 4.0 |
2012-07-17 | CVE-2012-1757 | Oracle | Unspecified vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
2012-07-17 | CVE-2012-1756 | Oracle | Unspecified vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2012-07-17 | CVE-2012-1754 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1732. | 4.0 |
2012-07-17 | CVE-2012-1748 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway, a different vulnerability than CVE-2012-0562. | 4.0 |
2012-07-17 | CVE-2012-1734 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2012-07-17 | CVE-2012-1732 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1754. | 4.0 |
2012-07-17 | CVE-2012-1689 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2012-07-17 | CVE-2012-0540 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension. | 4.0 |
2012-07-17 | CVE-2012-0796 | Moodle | Code Injection vulnerability in Moodle class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header. | 4.0 |
2012-07-17 | CVE-2012-0792 | Moodle | Information Exposure vulnerability in Moodle mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts. | 4.0 |
2012-07-16 | CVE-2011-4292 | Moodle | SQL Injection vulnerability in Moodle 2.0.0/2.0.1/2.0.2 Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations. | 4.0 |
2012-07-16 | CVE-2011-4291 | Moodle | Unspecified vulnerability in Moodle 2.0.0/2.0.1/2.0.2 Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations. | 4.0 |
2012-07-16 | CVE-2011-4289 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle 2.0.0/2.0.1/2.0.2 Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. | 4.0 |
2012-07-16 | CVE-2011-4288 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role. | 4.0 |
36 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-17 | CVE-2012-3128 | Oracle | Local SPARC T-Series Servers vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager. | 3.7 |
2012-07-17 | CVE-2012-3355 | Gnome | Code Injection vulnerability in Gnome Rhythmbox (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | 3.6 |
2012-07-21 | CVE-2012-2365 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. | 3.5 |
2012-07-21 | CVE-2012-2364 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. | 3.5 |
2012-07-21 | CVE-2012-2361 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. | 3.5 |
2012-07-21 | CVE-2012-2360 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | 3.5 |
2012-07-17 | CVE-2012-3111 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762. | 3.5 |
2012-07-17 | CVE-2012-1764 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to MCF. | 3.5 |
2012-07-17 | CVE-2012-1762 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-3111. | 3.5 |
2012-07-17 | CVE-2012-1739 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence. | 3.5 |
2012-07-17 | CVE-2012-1733 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM. | 3.5 |
2012-07-17 | CVE-2012-1727 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Repository. | 3.5 |
2012-07-17 | CVE-2012-3371 | Openstack | Improper Input Validation vulnerability in Openstack Compute, Essex and Folsom The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. | 3.5 |
2012-07-17 | CVE-2012-1743 | Oracle | Unspecified vulnerability in Oracle Industry Applications 4.6.0/4.6.2/4.6.3 Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0.x, 4.6.2, and 4.6.3 allows remote authenticated users to affect confidentiality, related to HTML Surround. | 2.8 |
2012-07-22 | CVE-2012-3383 | Wordpress | Permissions, Privileges, and Access Controls vulnerability in Wordpress 3.4.0 The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. | 2.6 |
2012-07-21 | CVE-2012-2362 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. | 2.6 |
2012-07-17 | CVE-2012-3122 | SUN | Unspecified vulnerability in SUN Sunos 5.8/5.9 Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort. | 2.6 |
2012-07-22 | CVE-2011-3149 | Linux PAM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux-Pam The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). | 2.1 |
2012-07-17 | CVE-2012-3110 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, and CVE-2012-3108. | 2.1 |
2012-07-17 | CVE-2012-3109 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1768. | 2.1 |
2012-07-17 | CVE-2012-3108 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-3107 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-3106 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1773 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1772 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1771 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1770 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1769 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1768 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-3109. | 2.1 |
2012-07-17 | CVE-2012-1767 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5/8.3.7 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1766 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1744 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters. | 2.1 |
2012-07-17 | CVE-2012-0563 | SUN | Unspecified vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. | 2.1 |
2012-07-17 | CVE-2012-0800 | Moodle | Information Exposure vulnerability in Moodle The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | 2.1 |
2012-07-22 | CVE-2012-2737 | RAY Stode | Race Condition vulnerability in RAY Stode Accountsservice The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition. | 1.9 |
2012-07-17 | CVE-2012-3116 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors. | 1.9 |