Weekly Vulnerabilities Reports > August 6 to 12, 2012

Overview

114 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 53 vendors including Cisco, Bitcoin, Ushahidi, Microsoft, and Puppet. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Information Exposure".

  • 105 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 41 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 101 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Amazon has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-12 CVE-2012-4249 Amazon Code Injection vulnerability in Amazon Kindle Touch 5.1.0/5.1.1

The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248.

10.0
2012-08-07 CVE-2012-4177 UBI OS Command Injection vulnerability in UBI Uplay PC

The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.

10.0
2012-08-06 CVE-2012-4145 Opera
Linux
Microsoft
Apple
Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."

10.0
2012-08-12 CVE-2012-4248 Amazon Permissions, Privileges, and Access Controls vulnerability in Amazon Kindle Touch 5.1.0

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.

9.3
2012-08-06 CVE-2012-1015 MIT Improper Input Validation vulnerability in MIT Kerberos 5

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.

9.3
2012-08-06 CVE-2012-1014 MIT Unspecified vulnerability in MIT Kerberos 5 1.10/1.10.1/1.10.2

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.

9.0

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-06 CVE-2012-1350 Cisco Unspecified vulnerability in Cisco products

Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426.

7.8
2012-08-06 CVE-2012-2469 Cisco Remote Denial of Service vulnerability in Cisco NX-OS

Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132.

7.8
2012-08-12 CVE-2012-3475 Ushahidi Unspecified vulnerability in Ushahidi Platform

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.

7.5
2012-08-12 CVE-2012-3471 Ushahidi SQL Injection vulnerability in Ushahidi Platform

Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.

7.5
2012-08-12 CVE-2012-3470 Ushahidi SQL Injection vulnerability in Ushahidi Platform

Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.

7.5
2012-08-12 CVE-2012-3469 Ushahidi SQL Injection vulnerability in Ushahidi Platform

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

7.5
2012-08-12 CVE-2012-3468 Ushahidi SQL Injection vulnerability in Ushahidi Platform

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.

7.5
2012-08-12 CVE-2012-4070 Dir2Web SQL Injection vulnerability in Dir2Web 3.0

SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.

7.5
2012-08-12 CVE-2012-2967 Caucho Unspecified vulnerability in Caucho Resin

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors.

7.5
2012-08-12 CVE-2012-2966 Caucho Unspecified vulnerability in Caucho Resin

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.

7.5
2012-08-12 CVE-2012-2965 Caucho Improper Input Validation vulnerability in Caucho Resin

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

7.5
2012-08-12 CVE-2012-3953 Phplist SQL Injection vulnerability in PHPlist

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

7.5
2012-08-10 CVE-2012-3554 Rsgallery2
Joomla
SQL Injection vulnerability in Rsgallery2 COM Rsgallery2

SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-08-08 CVE-2012-2203 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.

7.5
2012-08-07 CVE-2012-4178 Symantec SQL Injection vulnerability in Symantec web Gateway 5.0.3.18

SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.

7.5
2012-08-07 CVE-2012-3423 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Icedtea-Web

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.

7.5
2012-08-06 CVE-2012-3448 Ganglia PHP Code Execution vulnerability in Ganglia

Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.

7.5
2012-08-06 CVE-2012-3020 Siemens Credentials Management vulnerability in Siemens products

The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session.

7.5
2012-08-06 CVE-2012-1910 Bitcoin
Microsoft
Unspecified vulnerability in Bitcoin Bitcoin-Qt and Bitcoin Core

Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.

7.5
2012-08-06 CVE-2010-5141 Bitcoin Permissions, Privileges, and Access Controls vulnerability in Bitcoin Core and Wxbitcoin

wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.

7.5
2012-08-06 CVE-2010-5139 Bitcoin Numeric Errors vulnerability in Bitcoin Core and Wxbitcoin

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.

7.5
2012-08-06 CVE-2012-2188 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

7.2

70 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-12 CVE-2012-2602 Solarwinds Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Orion Network Performance Monitor

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.

6.8
2012-08-08 CVE-2012-2649 Fenrir INC Code Injection vulnerability in Fenrir-Inc Sleipnir Mobile

The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.

6.8
2012-08-07 CVE-2012-3422 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Icedtea-Web

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.

6.8
2012-08-06 CVE-2012-4143 Opera
Linux
Microsoft
Apple
Code Injection vulnerability in Opera Browser

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.

6.8
2012-08-10 CVE-2012-3132 Oracle SQL Injection vulnerability in Oracle Database Server

SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.

6.5
2012-08-08 CVE-2011-5098 Opscode Permissions, Privileges, and Access Controls vulnerability in Opscode Chef

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option.

6.5
2012-08-08 CVE-2010-5142 Opscode Permissions, Privileges, and Access Controls vulnerability in Opscode Chef

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.

6.5
2012-08-12 CVE-2012-3473 Ushahidi Improper Authentication vulnerability in Ushahidi Platform

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

6.4
2012-08-12 CVE-2012-3472 Ushahidi Improper Authentication vulnerability in Ushahidi Platform

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.

6.4
2012-08-12 CVE-2012-2969 Caucho Permissions, Privileges, and Access Controls vulnerability in Caucho Resin

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.

6.4
2012-08-06 CVE-2012-1338 Cisco Race Condition vulnerability in Cisco products

Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.

6.3
2012-08-06 CVE-2012-2499 Cisco Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

5.8
2012-08-08 CVE-2011-5097 Opscode Permissions, Privileges, and Access Controls vulnerability in Opscode Chef

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.

5.5
2012-08-12 CVE-2012-3474 Ushahidi Information Exposure vulnerability in Ushahidi Platform

The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.

5.0
2012-08-12 CVE-2012-4069 Dir2Web Permissions, Privileges, and Access Controls vulnerability in Dir2Web 3.0

Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.

5.0
2012-08-12 CVE-2012-2968 Caucho Path Traversal vulnerability in Caucho Resin

Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a ..

5.0
2012-08-12 CVE-2012-2964 Breakingpointsystems Improper Input Validation vulnerability in Breakingpointsystems products

The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents.

5.0
2012-08-12 CVE-2012-2963 Breakingpointsystems Improper Authentication vulnerability in Breakingpointsystems products

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.

5.0
2012-08-10 CVE-2012-4235 Rsgallery2
Joomla
Information Exposure vulnerability in Rsgallery2 COM Rsgallery2

The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.

5.0
2012-08-08 CVE-2012-3424 Rubyonrails Improper Authentication vulnerability in Rubyonrails Rails and Ruby ON Rails

The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.

5.0
2012-08-08 CVE-2012-2191 IBM Improper Input Validation vulnerability in IBM products

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.

5.0
2012-08-07 CVE-2012-3429 Martin Nagy Improper Input Validation vulnerability in Martin Nagy Bind-Dyndb-Ldap

The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.

5.0
2012-08-07 CVE-2012-0213 Apache Resource Management Errors vulnerability in Apache POI

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

5.0
2012-08-07 CVE-2012-4005 Naver Information Exposure vulnerability in Naver NHN Japan Naver Line 2.5

The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.

5.0
2012-08-06 CVE-2012-1357 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Nexus 5000 and Nx-Os

The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.

5.0
2012-08-06 CVE-2012-1348 Cisco Information Exposure vulnerability in Cisco Wide Area Application Services 4.4/5.0/5.1

Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279.

5.0
2012-08-06 CVE-2012-1346 Cisco Resource Management Errors vulnerability in Cisco Emergency Responder 8.6/9.2

Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369.

5.0
2012-08-06 CVE-2012-2490 Cisco Improper Input Validation vulnerability in Cisco IP Communicator 8.6

Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471.

5.0
2012-08-06 CVE-2012-1342 Cisco Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0

Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975.

5.0
2012-08-06 CVE-2012-1340 Cisco Buffer Errors vulnerability in Cisco MDS 9000 Nx-Os 4.2/5.2

The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151.

5.0
2012-08-06 CVE-2012-1339 Cisco Buffer Errors vulnerability in Cisco Unified Computing System Infrastructure and Unified Computing System Software 2.0(1Q)

The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543.

5.0
2012-08-06 CVE-2012-3789 Bitcoin Unspecified vulnerability in Bitcoin Core

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.

5.0
2012-08-06 CVE-2012-2459 Bitcoin Unspecified vulnerability in Bitcoin Core

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

5.0
2012-08-06 CVE-2012-1909 Bitcoin Configuration vulnerability in Bitcoin Core and Wxbitcoin

The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.

5.0
2012-08-06 CVE-2010-5140 Bitcoin Buffer Errors vulnerability in Bitcoin Core and Wxbitcoin

wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.

5.0
2012-08-06 CVE-2010-5138 Bitcoin Unspecified vulnerability in Bitcoin Core and Wxbitcoin

wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.

5.0
2012-08-06 CVE-2010-5137 Bitcoin Unspecified vulnerability in Bitcoin Core and Wxbitcoin

wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.

5.0
2012-08-06 CVE-2012-1367 Cisco Improper Input Validation vulnerability in Cisco IOS

The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538.

5.0
2012-08-12 CVE-2012-2590 E Supportportal Cross-Site Scripting vulnerability in E-Supportportal Escon Supportportal 3.0

Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV="Set-Cookie" META element, or (4) an innerHTML attribute within an XML document.

4.3
2012-08-12 CVE-2012-2587 Afterlogic Cross-Site Scripting vulnerability in Afterlogic Mailsuite PRO 6.3

Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element.

4.3
2012-08-12 CVE-2012-2585 Manageengine Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus 8.1

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.

4.3
2012-08-12 CVE-2012-2573 Tdah Cross-Site Scripting vulnerability in Tdah T-Day Webmail 3.2.02.3

Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.

4.3
2012-08-12 CVE-2012-2571 Winwebmail Cross-Site Scripting vulnerability in Winwebmail Server 3.8.1.6

Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.

4.3
2012-08-12 CVE-2012-2584 Altn Cross-Site Scripting vulnerability in Altn Mdaemon 12.5.4

Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.

4.3
2012-08-12 CVE-2012-2577 Solarwinds Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.

4.3
2012-08-12 CVE-2012-4247 Phplist Cross-Site Scripting vulnerability in PHPlist

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.

4.3
2012-08-12 CVE-2012-4246 Phplist Cross-Site Scripting vulnerability in PHPlist

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.

4.3
2012-08-10 CVE-2012-4071 Rsgallery2
Joomla
Cross-Site Scripting vulnerability in Rsgallery2 COM Rsgallery2

Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment.

4.3
2012-08-10 CVE-2012-3465 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

4.3
2012-08-10 CVE-2012-3464 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

4.3
2012-08-10 CVE-2012-3463 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.

4.3
2012-08-08 CVE-2012-4004 Fenrir INC Cross-Site Scripting vulnerability in Fenrir-Inc Sleipnir Mobile

Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to inject arbitrary web script or HTML via a crafted application that interacts with an unspecified Sleipnir Mobile function.

4.3
2012-08-08 CVE-2012-2960 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.

4.3
2012-08-07 CVE-2012-3438 Graphicsmagick Buffer Errors vulnerability in Graphicsmagick 1.3.16

The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

4.3
2012-08-07 CVE-2012-3437 Imagemagick Denial of Service vulnerability in Imagemagick 6.7.86

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

4.3
2012-08-07 CVE-2012-3413 KDE Configuration vulnerability in KDE PIM 4.6/4.8

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.

4.3
2012-08-07 CVE-2012-2648 Goodiware Cross-site Scripting vulnerability in Goodiware Goodreader

Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser.

4.3
2012-08-07 CVE-2012-2317 Debian
Canonical
Cryptographic Issues vulnerability in multiple products

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.

4.3
2012-08-07 CVE-2012-2022 HP Cross-Site Scripting vulnerability in HP Network Node Manager I

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-06 CVE-2012-1361 Cisco Information Exposure vulnerability in Cisco IOS 15.1/15.2

Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.

4.3
2012-08-06 CVE-2012-4146 Opera Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.

4.3
2012-08-06 CVE-2012-4144 Opera
Linux
Microsoft
Apple
Cross-Site Scripting vulnerability in Opera Browser

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.

4.3
2012-08-06 CVE-2012-4142 Opera
Linux
Microsoft
Apple
Cross-Site Scripting vulnerability in Opera Browser

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

4.3
2012-08-06 CVE-2012-3867 Puppet
Puppetlabs
Debian
Canonical
Opensuse
Suse
Permissions, Privileges, and Access Controls vulnerability in multiple products

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

4.3
2012-08-06 CVE-2011-4447 Bitcoin Cryptographic Issues vulnerability in Bitcoin Core and Wxbitcoin

The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.

4.3
2012-08-06 CVE-2012-2500 Cisco Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.

4.0
2012-08-06 CVE-2012-2498 Cisco Improper Authentication vulnerability in Cisco Anyconnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

4.0
2012-08-06 CVE-2012-3864 Puppet
Puppetlabs
Information Exposure vulnerability in multiple products

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

4.0
2012-08-06 CVE-2012-1365 Cisco Unspecified vulnerability in Cisco Unified Computing System Infrastructure and Unified Computing System Software 1.4(1J)/2.0(1Q)

Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463.

4.0
2012-08-06 CVE-2012-1364 Cisco Unspecified vulnerability in Cisco Unified Computing System Infrastructure and Unified Computing System Software 1.4(1J)/2.0(1Q)

Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452.

4.0

16 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-07 CVE-2012-3454 Extplorer Permissions, Privileges, and Access Controls vulnerability in Extplorer 2.1.0

eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.

3.6
2012-08-07 CVE-2012-3453 Debian Permissions, Privileges, and Access Controls vulnerability in Debian Logol 1.5.0

logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.

3.6
2012-08-07 CVE-2012-3449 Openvswitch Permissions, Privileges, and Access Controls vulnerability in Openvswitch 1.4.2

Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.

3.6
2012-08-12 CVE-2012-3476 Ushahidi Cross-Site Scripting vulnerability in Ushahidi Platform

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.

3.5
2012-08-07 CVE-2012-3445 Redhat Resource Management Errors vulnerability in Redhat Libvirt 0.9.13

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.

3.5
2012-08-06 CVE-2012-1344 Cisco Buffer Errors vulnerability in Cisco IOS 15.1/15.2

Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328.

3.5
2012-08-06 CVE-2012-3865 Puppet
Puppetlabs
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a ..

3.5
2012-08-06 CVE-2012-1370 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.

3.5
2012-08-07 CVE-2012-3452 Gnome Permissions, Privileges, and Access Controls vulnerability in Gnome Screensaver

gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.

3.3
2012-08-12 CVE-2012-3952 Phplist Cross-Site Scripting vulnerability in PHPlist

Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.

2.6
2012-08-06 CVE-2012-3450 PHP Unspecified vulnerability in PHP

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

2.6
2012-08-06 CVE-2012-3408 Puppetlabs
Puppet
Improper Authentication vulnerability in multiple products

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

2.6
2012-08-12 CVE-2012-3457 Pnp4Nagios Permissions, Privileges, and Access Controls vulnerability in Pnp4Nagios

PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.

2.1
2012-08-08 CVE-2012-0421 Novell Information Exposure vulnerability in Novell Suse Audit LOG Keeper 0.2.1

The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.

2.1
2012-08-08 CVE-2011-4922 Pidgin Information Exposure vulnerability in Pidgin

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.

2.1
2012-08-06 CVE-2012-3866 Puppet
Puppetlabs
Permissions, Privileges, and Access Controls vulnerability in multiple products

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

2.1