Weekly Vulnerabilities Reports > July 16 to 22, 2012

Overview

210 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 47 vendors including Oracle, Moodle, Mozilla, SUN, and Wordpress. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", and "Improper Input Validation".

  • 182 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 146 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 64 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-20 CVE-2012-2688 PHP Buffer Overflow vulnerability in PHP '_php_stream_scandir()'

Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."

10.0
2012-07-19 CVE-2012-2974 SMC Improper Authentication vulnerability in SMC Smc8024L2 Switch

The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/.

10.0
2012-07-18 CVE-2012-3358 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 1.5

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

10.0
2012-07-18 CVE-2012-4033 Zingiri
Wordpress
Unspecified vulnerability in Zingiri web Shop

Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.

10.0
2012-07-18 CVE-2012-1967 Mozilla Privilege Escalation vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.

10.0
2012-07-18 CVE-2012-1962 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.

10.0
2012-07-18 CVE-2012-1954 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.

10.0
2012-07-18 CVE-2012-1951 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.

10.0
2012-07-17 CVE-2012-3135 Oracle Unspecified vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2012-07-19 CVE-2012-0284 Cisco Buffer Errors vulnerability in Cisco Linksys Playerpt Activex Control 1.0.0.15

Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).

9.3
2012-07-18 CVE-2012-1958 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.

9.3
2012-07-18 CVE-2012-1953 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.

9.3
2012-07-18 CVE-2012-1952 Mozilla Resource Management Errors vulnerability in Mozilla products

The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.

9.3
2012-07-18 CVE-2012-1949 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2012-07-18 CVE-2012-1948 Mozilla Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-20 CVE-2012-3008 Osisoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Osisoft PI OPC DA Interface 2.3.16.16/2.3.17.18

Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items.

8.5
2012-07-17 CVE-2012-3120 SUN Unspecified vulnerability in SUN Sunos 5.8

Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP.

7.8
2012-07-17 CVE-2012-1740 Oracle Unspecified vulnerability in Oracle Application Express Listener

Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors.

7.8
2012-07-16 CVE-2012-4028 Tridium Credentials Management vulnerability in Tridium Niagra AX Framework

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.

7.8
2012-07-22 CVE-2012-4045 Nullsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp

Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.

7.5
2012-07-22 CVE-2012-2088 Libtiff Numeric Errors vulnerability in Libtiff

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

7.5
2012-07-22 CVE-2011-3464 Libpng Numeric Errors vulnerability in Libpng

Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.

7.5
2012-07-22 CVE-2011-2199 H Peter Anvin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in H Peter Anvin Tftp-Hpa

Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option.

7.5
2012-07-18 CVE-2012-2303 Florian Weber
Drupal
Permissions, Privileges, and Access Controls vulnerability in Florian Weber Spaces

The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.

7.5
2012-07-18 CVE-2012-2140 Rubygems Improper Input Validation vulnerability in Rubygems Mail GEM 2.3.2/2.3.3

The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

7.5
2012-07-17 CVE-2012-3241 Eucalyptus Permissions, Privileges, and Access Controls vulnerability in Eucalyptus 2.0.3/3.0.1

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.

7.5
2012-07-17 CVE-2012-3240 Eucalyptus Permissions, Privileges, and Access Controls vulnerability in Eucalyptus 2.0.3/3.0.1

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request.

7.5
2012-07-17 CVE-2012-0801 Moodle Improper Input Validation vulnerability in Moodle

lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.

7.5
2012-07-16 CVE-2012-2607 Johnsoncontrols OS Command Injection vulnerability in Johnsoncontrols Network Controller and Network Controller Firmware

The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).

7.5
2012-07-17 CVE-2012-3125 SUN Unspecified vulnerability in SUN Sunos 5.10/5.8/5.9

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP.

7.1

144 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-22 CVE-2012-3384 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2012-07-22 CVE-2012-2113 Libtiff Numeric Errors vulnerability in Libtiff

Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

6.8
2012-07-20 CVE-2011-4587 Moodle Credentials Management vulnerability in Moodle

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

6.8
2012-07-19 CVE-2012-4025 Squashfs Project Integer Overflow OR Wraparound vulnerability in Squashfs Project Squashfs

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.

6.8
2012-07-19 CVE-2012-4024 Squashfs Project Out-Of-Bounds Write vulnerability in Squashfs Project Squashfs

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option).

6.8
2012-07-18 CVE-2012-0868 Postgresql SQL Injection vulnerability in Postgresql

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

6.8
2012-07-18 CVE-2009-5030 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 1.3/1.4/1.5

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."

6.8
2012-07-18 CVE-2012-1955 Mozilla Location Bar Spoofing vulnerability in Mozilla Firefox

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.

6.8
2012-07-17 CVE-2012-1737 Oracle SQL Injection vulnerability in Oracle Enterprise Manager for Oracle Database

Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs.

6.8
2012-07-17 CVE-2012-1735 Oracle Unspecified vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

6.8
2012-07-17 CVE-2012-1731 Oracle Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI.

6.8
2012-07-17 CVE-2012-0282 Xnview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview

Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.

6.8
2012-07-17 CVE-2012-0277 Xnview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview

Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.

6.8
2012-07-17 CVE-2012-0276 Xnview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview

Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.

6.8
2012-07-16 CVE-2011-4287 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle 2.0.0/2.0.1/2.0.2

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

6.8
2012-07-16 CVE-2011-4281 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle 2.0.0/2.0.1

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.

6.8
2012-07-16 CVE-2011-4133 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.

6.8
2012-07-21 CVE-2012-2363 Moodle SQL Injection vulnerability in Moodle

SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.

6.5
2012-07-21 CVE-2012-2359 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.

6.5
2012-07-20 CVE-2011-4583 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.

6.5
2012-07-18 CVE-2012-0866 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

6.5
2012-07-17 CVE-2012-0795 Moodle Improper Input Validation vulnerability in Moodle

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.

6.5
2012-07-16 CVE-2012-2282 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Celerra Network Server, VNX and Vnxe

EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request.

6.5
2012-07-16 CVE-2011-4295 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.

6.5
2012-07-18 CVE-2012-1950 Mozilla Address Bar URI Spoofing vulnerability in Mozilla Firefox and Firefox ESR

The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.

6.4
2012-07-17 CVE-2011-4358 Oracle Unspecified vulnerability in Oracle SUN Glassfish Enterprise Server 3.0.1/3.1.1

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF.

6.4
2012-07-16 CVE-2011-4297 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

6.4
2012-07-16 CVE-2011-4293 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.

6.4
2012-07-17 CVE-2012-3126 Oracle Local Solaris Cluster vulnerability in Oracle SUN products Suite 3.3

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.

6.2
2012-07-17 CVE-2012-1741 Oracle Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.5

Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to User Administration Pages.

5.8
2012-07-17 CVE-2012-1728 Oracle Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Portal Framework.

5.8
2012-07-17 CVE-2012-4032 Websitepanel Improper Input Validation vulnerability in Websitepanel

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.

5.8
2012-07-16 CVE-2011-4294 Moodle Improper Input Validation vulnerability in Moodle

The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.

5.8
2012-07-17 CVE-2012-1687 SUN Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).

5.6
2012-07-22 CVE-2012-3361 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Diablo, Essex and Folsom

virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.

5.5
2012-07-22 CVE-2012-3360 Openstack Path Traversal vulnerability in Openstack Essex and Folsom

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a ..

5.5
2012-07-21 CVE-2012-2366 Moodle Unspecified vulnerability in Moodle

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

5.5
2012-07-21 CVE-2012-2358 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.

5.5
2012-07-20 CVE-2011-4589 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.

5.5
2012-07-17 CVE-2012-3113 Oracle Unspecified vulnerability in Oracle Peoplesoft products 9.0.20

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality and integrity, related to EPERF.

5.5
2012-07-17 CVE-2012-0798 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.

5.5
2012-07-17 CVE-2012-0797 Moodle Configuration vulnerability in Moodle

The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

5.5
2012-07-16 CVE-2011-4296 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.

5.5
2012-07-16 CVE-2011-4285 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle 2.0.0/2.0.1

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

5.5
2012-07-17 CVE-2012-3127 SUN Remote Solaris vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP.

5.4
2012-07-17 CVE-2012-1753 Oracle Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to PC.

5.4
2012-07-17 CVE-2012-3129 SUN Remote Solaris vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer.

5.1
2012-07-22 CVE-2012-3385 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

5.0
2012-07-22 CVE-2012-3357 Viewvc Information Exposure vulnerability in Viewvc

The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."

5.0
2012-07-22 CVE-2012-3356 Viewvc Improper Authentication vulnerability in Viewvc

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

5.0
2012-07-21 CVE-2012-2357 Moodle Information Exposure vulnerability in Moodle

The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.

5.0
2012-07-20 CVE-2012-3365 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

5.0
2012-07-20 CVE-2011-4592 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.

5.0
2012-07-20 CVE-2011-4588 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.

5.0
2012-07-20 CVE-2011-4586 Moodle Unspecified vulnerability in Moodle

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.0
2012-07-20 CVE-2011-4585 Moodle Configuration vulnerability in Moodle

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

5.0
2012-07-18 CVE-2012-2139 Rubygems Path Traversal vulnerability in Rubygems Mail GEM 2.3.2/2.3.3/2.4.1

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a ..

5.0
2012-07-18 CVE-2012-1960 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

5.0
2012-07-18 CVE-2012-1959 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla products

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.

5.0
2012-07-17 CVE-2012-3124 SUN Remote Solaris vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL.

5.0
2012-07-17 CVE-2012-3123 SUN Remote Solaris vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.

5.0
2012-07-17 CVE-2012-3121 SUN Remote Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer.

5.0
2012-07-17 CVE-2012-1749 Oracle Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1/11.1.1.5.0

Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps.

5.0
2012-07-17 CVE-2012-1747 Oracle Unspecified vulnerability in Oracle Database Server

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746.

5.0
2012-07-17 CVE-2012-1746 Oracle
Microsoft
Unspecified vulnerability in Oracle Database Server

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747.

5.0
2012-07-17 CVE-2012-1745 Oracle Remote Network Layer vulnerability in Oracle Database Server

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.

5.0
2012-07-17 CVE-2012-1742 Oracle Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1760.

5.0
2012-07-17 CVE-2012-1738 Oracle Unspecified vulnerability in Oracle products

Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availability via unknown vectors related to Web Server.

5.0
2012-07-17 CVE-2012-1736 Oracle Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1

Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps.

5.0
2012-07-17 CVE-2012-4031 Wangkongbao Path Traversal vulnerability in Wangkongbao Cns-1000 and Cns-1100

Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a ..

5.0
2012-07-17 CVE-2012-0794 Moodle Credentials Management vulnerability in Moodle

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.

5.0
2012-07-17 CVE-2012-0793 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.

5.0
2012-07-16 CVE-2012-4027 Tridium Permissions, Privileges, and Access Controls vulnerability in Tridium Niagra AX Framework

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.

5.0
2012-07-16 CVE-2012-4026 Johnsoncontrols Improper Input Validation vulnerability in Johnsoncontrols products

The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607.

5.0
2012-07-16 CVE-2011-4284 Moodle Information Exposure vulnerability in Moodle 2.0.0/2.0.1

Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.

5.0
2012-07-16 CVE-2011-4283 Moodle Information Exposure vulnerability in Moodle

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.

5.0
2012-07-16 CVE-2011-4279 Moodle Information Exposure vulnerability in Moodle 2.0.0/2.0.1

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

5.0
2012-07-20 CVE-2011-4582 Moodle Improper Input Validation vulnerability in Moodle 2.1.0/2.1.1/2.1.2

Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

4.9
2012-07-17 CVE-2012-1752 SUN Unspecified vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS.

4.9
2012-07-17 CVE-2012-1765 SUN Local Solaris vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone.

4.7
2012-07-22 CVE-2011-3148 Linux PAM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux-Pam

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

4.6
2012-07-17 CVE-2012-1750 SUN Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx.

4.4
2012-07-22 CVE-2012-2751 Trustwave
Opensuse
Debian
Oracle
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks.
4.3
2012-07-22 CVE-2009-5031 Trustwave
Opensuse
Cross-Site Scripting vulnerability in multiple products

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

4.3
2012-07-20 CVE-2012-2955 IBM Cross-Site Scripting vulnerability in IBM products

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2012-07-20 CVE-2011-4591 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states.

4.3
2012-07-18 CVE-2012-0867 Opensuse Project
Postgresql
Debian
Redhat
Improper Input Validation vulnerability in multiple products

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

4.3
2012-07-18 CVE-2012-1966 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

4.3
2012-07-18 CVE-2012-1965 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

4.3
2012-07-18 CVE-2012-1963 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla products

The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.

4.3
2012-07-18 CVE-2012-1961 Mozilla Improper Input Validation vulnerability in Mozilla products

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.

4.3
2012-07-18 CVE-2012-1957 Mozilla Cross-Site Scripting vulnerability in Mozilla products

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.

4.3
2012-07-17 CVE-2012-3131 SUN Remote Solaris vulnerability in SUN Sunos 5.10/5.11/5.9

Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS.

4.3
2012-07-17 CVE-2012-3130 SUN Unspecified vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd.

4.3
2012-07-17 CVE-2012-3115 Oracle Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1/11.1.1.5.0/11.1.1.6.0

Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install.

4.3
2012-07-17 CVE-2012-3114 Oracle Unspecified vulnerability in Oracle Supply Chain products Suite

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vectors.

4.3
2012-07-17 CVE-2012-3112 SUN Remote Solaris vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console.

4.3
2012-07-17 CVE-2012-1761 Oracle Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework.

4.3
2012-07-17 CVE-2012-1760 Oracle Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742.

4.3
2012-07-17 CVE-2012-1730 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Password Management.

4.3
2012-07-17 CVE-2012-1729 Oracle Unspecified vulnerability in Oracle Hyperion

Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization.

4.3
2012-07-17 CVE-2012-1715 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.

4.3
2012-07-17 CVE-2011-3562 Oracle Unspecified vulnerability in Oracle Fusion Middleware 11.1.1.5.0/11.1.1.6.0/11.1.2.0

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect integrity via unknown vectors.

4.3
2012-07-17 CVE-2012-1571 Christos Zoulas
TIM Robbins
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

4.3
2012-07-17 CVE-2012-0799 Moodle Information Exposure vulnerability in Moodle

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.

4.3
2012-07-16 CVE-2012-2645 Yahoo
Google
Information Exposure vulnerability in Yahoo Yahoo! Browser 1.2.0

The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

4.3
2012-07-16 CVE-2012-2021 HP Cross-Site Scripting vulnerability in HP Assetmanager

Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-07-16 CVE-2011-4290 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.

4.3
2012-07-16 CVE-2011-4286 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.

4.3
2012-07-16 CVE-2011-4282 Moodle Cross-Site Scripting vulnerability in Moodle 2.0.0/2.0.1

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

4.3
2012-07-16 CVE-2011-4280 Moodle
Nimish Pachapurkar
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-07-16 CVE-2011-4278 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-07-22 CVE-2012-2738 Nalin Dahyabhai Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nalin Dahyabhai VTE

The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.

4.0
2012-07-21 CVE-2012-2367 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

4.0
2012-07-21 CVE-2012-2356 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.

4.0
2012-07-21 CVE-2012-2355 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.

4.0
2012-07-21 CVE-2012-2354 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.

4.0
2012-07-21 CVE-2012-2353 Moodle Information Exposure vulnerability in Moodle

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

4.0
2012-07-20 CVE-2011-4593 Moodle Information Exposure vulnerability in Moodle

Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.

4.0
2012-07-20 CVE-2011-4590 Moodle Improper Authentication vulnerability in Moodle

The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.

4.0
2012-07-20 CVE-2011-4584 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

4.0
2012-07-20 CVE-2011-4581 Moodle Information Exposure vulnerability in Moodle

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.

4.0
2012-07-18 CVE-2012-2655 Postgresql Resource Management Errors vulnerability in Postgresql

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.

4.0
2012-07-18 CVE-2012-1964 Mozilla Clickjacking vulnerability in Mozilla Firefox/Thunderbird/Seamonkey

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.

4.0
2012-07-17 CVE-2012-3134 Oracle Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2/11.2.0.3

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors.

4.0
2012-07-17 CVE-2012-3119 Oracle Unspecified vulnerability in Oracle Peoplesoft products 9.0.20

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway.

4.0
2012-07-17 CVE-2012-3118 Oracle Unspecified vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC.

4.0
2012-07-17 CVE-2012-3117 Oracle Unspecified vulnerability in Oracle Supply Chain products Suite

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to HTTP.

4.0
2012-07-17 CVE-2012-1759 Oracle Unspecified vulnerability in Oracle Supply Chain products Suite 20.0.2/20.1

Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1758.

4.0
2012-07-17 CVE-2012-1758 Oracle Unspecified vulnerability in Oracle Supply Chain products Suite 20.0.2/20.1

Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759.

4.0
2012-07-17 CVE-2012-1757 Oracle Unspecified vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4.0
2012-07-17 CVE-2012-1756 Oracle Unspecified vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

4.0
2012-07-17 CVE-2012-1754 Oracle Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1732.

4.0
2012-07-17 CVE-2012-1748 Oracle Unspecified vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway, a different vulnerability than CVE-2012-0562.

4.0
2012-07-17 CVE-2012-1734 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4.0
2012-07-17 CVE-2012-1732 Oracle Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1754.

4.0
2012-07-17 CVE-2012-1689 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4.0
2012-07-17 CVE-2012-0540 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

4.0
2012-07-17 CVE-2012-0796 Moodle Code Injection vulnerability in Moodle

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

4.0
2012-07-17 CVE-2012-0792 Moodle Information Exposure vulnerability in Moodle

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.

4.0
2012-07-16 CVE-2011-4292 Moodle SQL Injection vulnerability in Moodle 2.0.0/2.0.1/2.0.2

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.

4.0
2012-07-16 CVE-2011-4291 Moodle Unspecified vulnerability in Moodle 2.0.0/2.0.1/2.0.2

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.

4.0
2012-07-16 CVE-2011-4289 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle 2.0.0/2.0.1/2.0.2

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.

4.0
2012-07-16 CVE-2011-4288 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

4.0

36 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-07-17 CVE-2012-3128 Oracle Local SPARC T-Series Servers vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager.

3.7
2012-07-17 CVE-2012-3355 Gnome Code Injection vulnerability in Gnome Rhythmbox

(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

3.6
2012-07-21 CVE-2012-2365 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.

3.5
2012-07-21 CVE-2012-2364 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.

3.5
2012-07-21 CVE-2012-2361 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.

3.5
2012-07-21 CVE-2012-2360 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.

3.5
2012-07-17 CVE-2012-3111 Oracle Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762.

3.5
2012-07-17 CVE-2012-1764 Oracle Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to MCF.

3.5
2012-07-17 CVE-2012-1762 Oracle Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-3111.

3.5
2012-07-17 CVE-2012-1739 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence.

3.5
2012-07-17 CVE-2012-1733 Oracle Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM.

3.5
2012-07-17 CVE-2012-1727 Oracle Unspecified vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Repository.

3.5
2012-07-17 CVE-2012-3371 Openstack Improper Input Validation vulnerability in Openstack Compute, Essex and Folsom

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

3.5
2012-07-17 CVE-2012-1743 Oracle Unspecified vulnerability in Oracle Industry Applications 4.6.0/4.6.2/4.6.3

Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0.x, 4.6.2, and 4.6.3 allows remote authenticated users to affect confidentiality, related to HTML Surround.

2.8
2012-07-22 CVE-2012-3383 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress 3.4.0

The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.

2.6
2012-07-21 CVE-2012-2362 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.

2.6
2012-07-17 CVE-2012-3122 SUN Unspecified vulnerability in SUN Sunos 5.8/5.9

Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort.

2.6
2012-07-22 CVE-2011-3149 Linux PAM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux-Pam

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).

2.1
2012-07-17 CVE-2012-3110 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, and CVE-2012-3108.

2.1
2012-07-17 CVE-2012-3109 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1768.

2.1
2012-07-17 CVE-2012-3108 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-3107 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-3106 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1773 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1772 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1771 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1770 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1769 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1768 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-3109.

2.1
2012-07-17 CVE-2012-1767 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5/8.3.7

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1766 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.

2.1
2012-07-17 CVE-2012-1744 Oracle Unspecified vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters.

2.1
2012-07-17 CVE-2012-0563 SUN Unspecified vulnerability in SUN Sunos 5.10/5.11/5.9

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist.

2.1
2012-07-17 CVE-2012-0800 Moodle Information Exposure vulnerability in Moodle

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.

2.1
2012-07-22 CVE-2012-2737 RAY Stode Race Condition vulnerability in RAY Stode Accountsservice

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

1.9
2012-07-17 CVE-2012-3116 Oracle Unspecified vulnerability in Oracle Supply Chain products Suite

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors.

1.9