Weekly Vulnerabilities Reports > August 13 to 19, 2012

Overview

196 new vulnerabilities reported during this period, including 49 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 156 products from 104 vendors including Microsoft, Adobe, Apple, Drupal, and Wireshark. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Information Exposure", and "Cross-Site Request Forgery (CSRF)".

  • 177 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities have public exploit available.
  • 68 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 172 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 30 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

49 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-17 CVE-2012-2750 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533.

10.0
2012-08-15 CVE-2012-4341 SAP Buffer Errors vulnerability in SAP Netweaver Abap 7.0/7.02/7.03

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.

10.0
2012-08-15 CVE-2012-4160 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159.

10.0
2012-08-15 CVE-2012-4159 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4158 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4157 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4156 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4155 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4154 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4153 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4152 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4151 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4150 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4149 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4148 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-4147 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-2051 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.

10.0
2012-08-15 CVE-2012-2050 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2012-08-15 CVE-2012-2049 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2012-08-15 CVE-2012-2047 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2046.

10.0
2012-08-15 CVE-2012-2046 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2047.

10.0
2012-08-15 CVE-2012-2045 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2046, and CVE-2012-2047.

10.0
2012-08-15 CVE-2012-2044 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047.

10.0
2012-08-15 CVE-2012-2043 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047.

10.0
2012-08-15 CVE-2012-1525 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2012-08-15 CVE-2012-1853 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP

Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability."

10.0
2012-08-15 CVE-2012-1852 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP

Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability."

10.0
2012-08-15 CVE-2012-1851 Microsoft USE of Externally-Controlled Format String vulnerability in Microsoft products

Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."

10.0
2012-08-14 CVE-2012-4334 Samsung Remote vulnerability in Samsung Net-I Viewer 1.37.120316

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2012-08-14 CVE-2012-4333 Samsung Buffer Errors vulnerability in Samsung Net-I Viewer 1.37.120316

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter.

10.0
2012-08-14 CVE-2012-4331 Spip Security vulnerability in SPIP Multiple

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

10.0
2012-08-14 CVE-2012-4328 Vbulletin Security vulnerability in Vbulletin Mapi, Vbulletin Forum and Vbulletin Suite

Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors.

10.0
2012-08-13 CVE-2012-4274 Hitachi Unspecified vulnerability in Hitachi Cobol GUI Option and Cobol GUI Option Server

Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors.

10.0
2012-08-19 CVE-2012-4359 Sielcosistemi Improper Input Validation vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode.

9.3
2012-08-19 CVE-2012-4358 Sielcosistemi Improper Input Validation vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.

9.3
2012-08-19 CVE-2012-4357 Sielcosistemi Improper Input Validation vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.

9.3
2012-08-19 CVE-2012-4355 Sielcosistemi Numeric Errors vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow.

9.3
2012-08-19 CVE-2012-4354 Sielcosistemi Numeric Errors vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow.

9.3
2012-08-19 CVE-2012-4353 Sielcosistemi Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815.

9.3
2012-08-15 CVE-2012-1535 Adobe
Apple
Microsoft
Linux
Remote Code Execution vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

9.3
2012-08-15 CVE-2012-2526 Microsoft Code Injection vulnerability in Microsoft Windows XP

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability."

9.3
2012-08-15 CVE-2012-2524 Microsoft Buffer Errors vulnerability in Microsoft Office 2007/2010

Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."

9.3
2012-08-15 CVE-2012-2523 Microsoft Numeric Errors vulnerability in Microsoft Internet Explorer, Jscript and Vbscript

Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."

9.3
2012-08-15 CVE-2012-2522 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."

9.3
2012-08-15 CVE-2012-2521 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."

9.3
2012-08-15 CVE-2012-1888 Microsoft Buffer Errors vulnerability in Microsoft Visio and Visio Viewer

Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."

9.3
2012-08-15 CVE-2012-1856 Microsoft Code Injection vulnerability in Microsoft products

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."

9.3
2012-08-15 CVE-2012-1526 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."

9.3
2012-08-13 CVE-2012-4250 Samsung Buffer Errors vulnerability in Samsung Net-I Viewer 1.37

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.

9.3

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-16 CVE-2012-3009 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Comos 10.0/9.1/9.2

Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.

8.5
2012-08-16 CVE-2012-4297 Wireshark
SUN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.

8.3
2012-08-14 CVE-2012-4335 Samsung Buffer Errors vulnerability in Samsung Net-I Viewer 1.37.120316

Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService.

7.8
2012-08-14 CVE-2012-4330 Samsong Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsong D6000

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.

7.8
2012-08-14 CVE-2012-4329 Samsong Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsong D6000

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.

7.8
2012-08-15 CVE-2012-2601 Ipswitch SQL Injection vulnerability in Ipswitch Whatsup Gold 15.02

SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.

7.5
2012-08-15 CVE-2012-4343 Menalto Remote Security vulnerability in Gallery

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors.

7.5
2012-08-15 CVE-2012-3435 Zabbix SQL Injection vulnerability in Zabbix

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

7.5
2012-08-15 CVE-2012-4162 Adobe
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161.

7.5
2012-08-15 CVE-2012-4161 Adobe
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4162.

7.5
2012-08-14 CVE-2012-2208 Piwigo Path Traversal vulnerability in Piwigo

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2012-08-14 CVE-2011-5099 Chillcreations
Joomla
SQL Injection vulnerability in Chillcreations MOD Ccnewsletter 1.0.7/1.0.8/1.0.9

SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-08-14 CVE-2012-4327 Wpslideshow
Wordpress
Multiple Unspecified vulnerability in Wpslideshow Image News Slider 3.0/3.1/3.2

Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors.

7.5
2012-08-13 CVE-2012-4282 Toocharger SQL Injection vulnerability in Toocharger Trombinoscope 3.5

SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-08-13 CVE-2012-2332 S9Y SQL Injection vulnerability in S9Y Serendipity

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter.

7.5
2012-08-13 CVE-2010-5096 Mybb
Mybboard
SQL Injection vulnerability in multiple products

** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php.

7.5
2012-08-13 CVE-2012-4281 Itechscripts SQL Injection vulnerability in Itechscripts Travelon Express 6.2.2

Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.

7.5
2012-08-13 CVE-2012-4279 Rwcinc SQL Injection vulnerability in Rwcinc Free Realty 3.10.6

Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php.

7.5
2012-08-13 CVE-2012-4265 Itechscripts SQL Injection vulnerability in Itechscripts Proman Xpress 5.0.1

SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2012-08-13 CVE-2012-4261 Hccgmbh SQL Injection vulnerability in Hccgmbh Mycare2X

SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter.

7.5
2012-08-13 CVE-2012-4260 Hccgmbh SQL Injection vulnerability in Hccgmbh Mycare2X

Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php.

7.5
2012-08-13 CVE-2012-4258 Myrephp SQL Injection vulnerability in Myrephp Myre Real Estate Software 2012

Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.

7.5
2012-08-13 CVE-2012-2325 Mybb SQL Injection vulnerability in Mybb

SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-08-13 CVE-2012-2324 Mybb SQL Injection vulnerability in Mybb

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).

7.5
2012-08-15 CVE-2012-2527 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

7.2

93 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-17 CVE-2012-3294 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere MQ and Websphere MQ Managed File Transfer

Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.

6.8
2012-08-17 CVE-2009-5026 Mysql
Oracle
SQL Injection vulnerability in multiple products

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

6.8
2012-08-14 CVE-2012-2155 Kyle Browning
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Kyle Browning Cdn2 Video 6.X1.X

Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2012-08-14 CVE-2012-2080 Node Limit Number Project
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Node Limit Number Project Node Limitnumber

Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits.

6.8
2012-08-14 CVE-2012-4326 Altrasoft Cross-Site Request Forgery (CSRF) vulnerability in Altrasoft Site Uptime Enterprise 5.4

Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Enterprise, possibly 5.4, allows remote attackers to hijack the authentication of administrators.

6.8
2012-08-14 CVE-2012-4325 Utopiasoftware Cross-Site Request Forgery (CSRF) vulnerability in Utopiasoftware News PRO

Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.

6.8
2012-08-14 CVE-2012-4324 Phpjabbers Cross-Site Request Forgery (CSRF) vulnerability in PHPjabbers Vacation Rental Script

Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php.

6.8
2012-08-14 CVE-2012-2097 Larry Garfield
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Larry Garfield Autosave

Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node."

6.8
2012-08-13 CVE-2012-4280 Rwcinc Cross-Site Request Forgery (CSRF) vulnerability in Rwcinc Free Realty 3.10.6

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.

6.8
2012-08-13 CVE-2012-3401 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.

6.8
2012-08-13 CVE-2012-2806 D R Commander Buffer Errors vulnerability in D.R.Commander Libjpeg-Turbo 1.2.0

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.

6.8
2012-08-14 CVE-2012-2135 Python Unspecified vulnerability in Python

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

6.4
2012-08-13 CVE-2012-2330 Nodejs Improper Input Validation vulnerability in Nodejs

The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.

6.4
2012-08-14 CVE-2012-2073 Kristof DE Jaeger
Drupal
Permissions, Privileges, and Access Controls vulnerability in Kristof DE Jaeger Bundle Copy 7.X1.0/7.X1.X

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.

6.0
2012-08-13 CVE-2012-4269 Efrontlearning Cross-Site Scripting and Arbitrary File Upload vulnerability in Efrontlearning Efront 3.6.11

Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.

6.0
2012-08-16 CVE-2012-4294 Wireshark
SUN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.

5.8
2012-08-17 CVE-2012-2164 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Rational Clearquest

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.

5.5
2012-08-16 CVE-2012-2283 EMC
Iomega
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors.
5.5
2012-08-13 CVE-2012-3367 Redhat Cryptographic Issues vulnerability in Redhat Certificate System and Dogtag Certificate System

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

5.5
2012-08-16 CVE-2012-4298 SUN
Wireshark
Numeric Errors vulnerability in multiple products

Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.

5.4
2012-08-14 CVE-2012-2077 ROB Loach
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in ROB Loach Sharethis 7.X2.0/7.X2.1/7.X2.2

Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API."

5.1
2012-08-13 CVE-2012-4252 Mysqldumper Cross-Site Request Forgery (CSRF) vulnerability in Mysqldumper 1.24.4

Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.

5.1
2012-08-17 CVE-2012-0744 IBM Information Exposure vulnerability in IBM Rational Clearquest

IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.

5.0
2012-08-16 CVE-2012-4287 SUN
Wireshark
Resource Management Errors vulnerability in multiple products

epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.

5.0
2012-08-16 CVE-2012-3250 HP Denial of Service vulnerability in HP Service Manager and Service Center

Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors.

5.0
2012-08-16 CVE-2012-3248 HP Information Exposure vulnerability in HP Fortify Software Security Center

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2012-08-16 CVE-2012-3025 Tridium Cryptographic Issues vulnerability in Tridium Niagra AX Framework 3.5/3.6

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2012-08-16 CVE-2012-3024 Tridium Improper Authentication vulnerability in Tridium Niagra AX Framework 3.5/3.6

Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.

5.0
2012-08-15 CVE-2012-2770 Mike Peachey
Bestpractical
Permissions, Privileges, and Access Controls vulnerability in Mike Peachey Authen::Externalauth 0.05/0.08

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."

5.0
2012-08-15 CVE-2012-1850 Microsoft Improper Input Validation vulnerability in Microsoft products

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."

5.0
2012-08-14 CVE-2012-2081 Moshe Weitzman
Drupal
Permissions, Privileges, and Access Controls vulnerability in Moshe Weitzman Organic Groups

The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.

5.0
2012-08-14 CVE-2012-2074 Ubercart Views Project
Drupal
Information Disclosure vulnerability in Drupal Ubercart Views Module

Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors.

5.0
2012-08-14 CVE-2012-4332 Barandisolutions
Wordpress
Information Exposure vulnerability in Barandisolutions Shareyourcart 1.7.1

The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK.

5.0
2012-08-14 CVE-2012-2096 Lullabot
Drupal
Improper Input Validation vulnerability in Lullabot Fivestar Module for Drupal 6.X1.20/6.X1.X

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.

5.0
2012-08-13 CVE-2012-4276 Hitachi Unspecified vulnerability in Hitachi IT Operations Director

Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack vectors.

5.0
2012-08-13 CVE-2012-2370 Gnome Numeric Errors vulnerability in Gnome Gdk-Pixbuf

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.

5.0
2012-08-13 CVE-2012-2368 Bytemark Improper Input Validation vulnerability in Bytemark Symbiosis 1321

Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password.

5.0
2012-08-13 CVE-2012-4257 George Karpouzas Information Exposure vulnerability in George Karpouzas YET Another Question & Answer System 1.0

Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message.

5.0
2012-08-13 CVE-2012-4256 Joobi
Joomla
Information Exposure vulnerability in Joobi COM Jnews 7.5.1

The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.

5.0
2012-08-13 CVE-2012-2327 Mybb Information Exposure vulnerability in Mybb

MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.

5.0
2012-08-16 CVE-2012-3247 HP Unspecified vulnerability in HP Integrity, Integrity Firmware and Itegrity

Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors.

4.9
2012-08-17 CVE-2012-3381 Standards Based Linux Instrumentation Unspecified vulnerability in Standards Based Linux Instrumentation Sblim-Sfcb

sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

4.4
2012-08-19 CVE-2012-4356 Sielcosistemi Path Traversal vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a ..

4.3
2012-08-17 CVE-2012-4007 Mixi
Google
Information Exposure vulnerability in Mixi

The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.

4.3
2012-08-17 CVE-2012-4006 Gree
Kddi Gree
Google
Information Exposure vulnerability in multiple products

The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

4.3
2012-08-17 CVE-2012-3296 IBM Cross-Site Scripting vulnerability in IBM Power Hardware Management Console 7R7.1.0/7R7.2.0/7R7.3.0

Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-17 CVE-2012-3308 IBM Cross-Site Scripting vulnerability in IBM Sametime

Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat.

4.3
2012-08-17 CVE-2012-1908 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2012-08-16 CVE-2012-4286 SUN
Wireshark
Numeric Errors vulnerability in multiple products

The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file.

4.3
2012-08-16 CVE-2012-3251 HP Cross-Site Scripting vulnerability in HP Service Center web Tier and Service Manager web Tier

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-15 CVE-2012-4344 Ipswitch Cross-Site Scripting vulnerability in Ipswitch Whatsup Gold 15.02

Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.

4.3
2012-08-15 CVE-2012-4342 Menalto Cross-Site Scripting vulnerability in Menalto Gallery

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-15 CVE-2012-4340 Sybase Cross-Site Scripting vulnerability in Sybase Easerver

Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-15 CVE-2012-3434 TOM Braider
Wordpress
Cross-Site Scripting vulnerability in TOM Braider Count PER DAY

Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.

4.3
2012-08-15 CVE-2012-2769 Jesse Vincent
Bestpractical
Cross-Site Scripting vulnerability in Jesse Vincent Extension::Mobileui 1.01

Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-15 CVE-2012-2768 Best Practical Solutions Cross-Site Scripting vulnerability in Best Practical Solutions Request Tracker

Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-15 CVE-2012-2570 Qualiteam Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.5

Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.

4.3
2012-08-14 CVE-2012-2154 Kyle Browning
Drupal
Cross-Site Scripting vulnerability in Kyle Browning Cdn2 Video 6.X1.X

Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-14 CVE-2012-2304 Emil Stjerneman
Drupal
Permissions, Privileges, and Access Controls vulnerability in Emil Stjerneman Linkit

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.

4.3
2012-08-14 CVE-2012-2298 Drupal
Nancy Wichmann
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."

4.3
2012-08-14 CVE-2012-2209 Piwigo Cross-Site Scripting vulnerability in Piwigo

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

4.3
2012-08-14 CVE-2012-2151 Spip Cross-Site Scripting vulnerability in Spip

Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-14 CVE-2012-1835 Timely
Wordpress
Cross-Site Scripting vulnerability in Timely All-In-One Event Calendar 1.4/1.5

Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.

4.3
2012-08-13 CVE-2012-4283 Netweblogic
Wordpress
Cross-Site Scripting vulnerability in Netweblogic Login With Ajax

Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

4.3
2012-08-13 CVE-2012-2331 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter.

4.3
2012-08-13 CVE-2012-2274 Pivotx Cross-Site Scripting vulnerability in Pivotx

Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.

4.3
2012-08-13 CVE-2012-4278 Rwcinc Cross-Site Scripting vulnerability in Rwcinc Free Realty 3.10.6

Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes parameter (b) to agentadmin.php or (c) in an addlisting action to agentadmin.php; or unspecified vectors to (d) admin/adminfeatures.php.

4.3
2012-08-13 CVE-2012-4277 Smarty Cross-Site Scripting vulnerability in Smarty

Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-13 CVE-2012-4275 Hitachi Cross-Site Scripting vulnerability in Hitachi IT Operations Director

Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-13 CVE-2012-4273 Ppfeufer
Wordpress
Cross-Site Scripting vulnerability in Ppfeufer 2-Click-Social-Media-Buttons

Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.

4.3
2012-08-13 CVE-2012-4272 Ppfeufer
Wordpress
Cross-Site Scripting vulnerability in Ppfeufer 2-Click-Social-Media-Buttons

Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest".

4.3
2012-08-13 CVE-2012-4271 Mark Jaquith
Wordpress
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.

4.3
2012-08-13 CVE-2012-4268 AIT PRO
Wordpress
Cross-Site Scripting vulnerability in Ait-Pro Bulletproof-Security

Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header.

4.3
2012-08-13 CVE-2012-4267 PU GH Cross-Site Scripting vulnerability in Pu-Gh Sockso

Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3
2012-08-13 CVE-2012-4266 Itechscripts Cross-Site Scripting vulnerability in Itechscripts Proman Xpress 5.0.1

Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter.

4.3
2012-08-13 CVE-2012-4264 Bit51
Wordpress
Cross-Site Scripting vulnerability in Bit51 Better-Wp-Security

Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263.

4.3
2012-08-13 CVE-2012-4263 Bit51
Wordpress
Cross-Site Scripting vulnerability in Bit51 Better-Wp-Security

Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.

4.3
2012-08-13 CVE-2012-3869 Redaxo Cross-Site Scripting vulnerability in Redaxo

Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.

4.3
2012-08-13 CVE-2012-3425 Canonical
Libpng
Opensuse
Redhat
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

4.3
2012-08-13 CVE-2012-2662 Redhat Cross-Site Scripting vulnerability in Redhat Certificate System and Dogtag Certificate System

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages.

4.3
2012-08-13 CVE-2012-2371 MNT Tech
Wordpress
Cross-Site Scripting vulnerability in Mnt-Tech Wp-Facethumb 0.1

Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.

4.3
2012-08-13 CVE-2012-4262 Hccgmbh Cross-Site Scripting vulnerability in Hccgmbh Mycare2X

Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.

4.3
2012-08-13 CVE-2012-4259 C4B Cross-Site Scripting vulnerability in C4B Xphone Unified Communications 2011 4.1.890S

Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name.

4.3
2012-08-13 CVE-2012-4255 Mysqldumper Information Exposure vulnerability in Mysqldumper 1.24.4

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.

4.3
2012-08-13 CVE-2012-4254 Mysqldumper Information Exposure vulnerability in Mysqldumper 1.24.4

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.

4.3
2012-08-13 CVE-2012-4253 Mysqldumper Path Traversal vulnerability in Mysqldumper 1.24.4

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a ..

4.3
2012-08-13 CVE-2012-4251 Mysqldumper Cross-Site Scripting vulnerability in Mysqldumper 1.24.4

Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.

4.3
2012-08-13 CVE-2012-2326 Mybb Cross-Site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.

4.3
2012-08-17 CVE-2012-2168 IBM Information Exposure vulnerability in IBM Rational Clearquest

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.

4.0
2012-08-17 CVE-2012-2749 Mysql
Oracle
Resource Management Errors vulnerability in multiple products

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

4.0
2012-08-17 CVE-2012-1585 Openstack Resource Management Errors vulnerability in Openstack Nova 2011.1/2011.2

OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.

4.0
2012-08-16 CVE-2012-3249 HP Information Exposure vulnerability in HP Fortify Software Security Center

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2012-08-13 CVE-2012-3417 JAN Kara Permissions, Privileges, and Access Controls vulnerability in JAN Kara Linux Diskquota

The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.

4.0

29 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-17 CVE-2012-2205 IBM Cross-Site Scripting vulnerability in IBM Rational Clearquest

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.

3.5
2012-08-17 CVE-2012-2169 IBM Cross-Site Scripting vulnerability in IBM Rational Clearquest

Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.

3.5
2012-08-17 CVE-2012-2165 IBM Information Exposure vulnerability in IBM Rational Clearquest

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.

3.5
2012-08-17 CVE-2012-2206 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

3.5
2012-08-17 CVE-2012-2102 Mysql
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

3.5
2012-08-14 CVE-2012-2141 NET Snmp Denial of Service vulnerability in Net-Snmp 5.7.1

Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.

3.5
2012-08-13 CVE-2012-4270 Efrontlearning Cross-Site Scripting vulnerability in Efrontlearning Efront 3.6.11

Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.

3.5
2012-08-16 CVE-2012-4296 Wireshark
Opensuse
SUN
Resource Management Errors vulnerability in multiple products

Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.

3.3
2012-08-16 CVE-2012-4295 Wireshark
SUN
Improper Input Validation vulnerability in multiple products

Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.

3.3
2012-08-16 CVE-2012-4293 Opensuse
SUN
Wireshark
Numeric Errors vulnerability in multiple products

plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.

3.3
2012-08-16 CVE-2012-4292 Wireshark
Opensuse
SUN
Improper Input Validation vulnerability in multiple products

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3
2012-08-16 CVE-2012-4291 Wireshark
Opensuse
Redhat
SUN
Resource Management Errors vulnerability in multiple products

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

3.3
2012-08-16 CVE-2012-4290 Wireshark
Opensuse
Redhat
SUN
Resource Management Errors vulnerability in multiple products

The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.

3.3
2012-08-16 CVE-2012-4289 Wireshark
Opensuse
Redhat
SUN
Resource Management Errors vulnerability in multiple products

epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.

3.3
2012-08-16 CVE-2012-4288 Opensuse
SUN
Wireshark
Numeric Errors vulnerability in multiple products

Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.

3.3
2012-08-16 CVE-2012-4285 Opensuse
Redhat
SUN
Wireshark
Numeric Errors vulnerability in multiple products

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.

3.3
2012-08-17 CVE-2012-1597 EZ Cross-Site Scripting vulnerability in EZ Ezjscore 1.0

Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6
2012-08-15 CVE-2012-4037 Transmissionbt Cross-Site Scripting vulnerability in Transmissionbt Transmission

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.

2.6
2012-08-14 CVE-2012-2082 Chaos Tool Suite Project Cross-Site Scripting vulnerability in Chaos Tool Suite Project Ctools 7.X1.0/7.X1.X

Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.

2.1
2012-08-14 CVE-2012-2076 ROB Loach
Drupal
Cross-Site Scripting vulnerability in ROB Loach Sharethis 7.X2.0/7.X2.1/7.X2.2

Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors.

2.1
2012-08-14 CVE-2012-2075 Steindom
Drupal
Cross-Site Scripting vulnerability in Steindom Contact Save

Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.

2.1
2012-08-14 CVE-2012-2072 Patrick Przybilla
Drupal
Cross-Site Scripting vulnerability in Patrick Przybilla Addtoany

Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.

2.1
2012-08-14 CVE-2012-2071 Geoff Davies
Drupal
Cross-Site Scripting vulnerability in Geoff Davies Contact Forms

Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.

2.1
2012-08-14 CVE-2012-2070 Andrew Levine
Drupal
Cross-Site Scripting vulnerability in Andrew Levine Multiblock

Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title.

2.1
2012-08-14 CVE-2012-2300 Ubercart
Drupal
Cross-Site Scripting vulnerability in Ubercart

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.

2.1
2012-08-14 CVE-2012-2299 Ubercart
Drupal
Credentials Management vulnerability in Ubercart

The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.

2.1
2012-08-13 CVE-2011-0524 Iain Buffer Errors vulnerability in Iain Gypsy 0.8

Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function.

2.1
2012-08-13 CVE-2009-5066 Redhat Credentials Management vulnerability in Redhat products

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

2.1
2012-08-13 CVE-2011-0523 Iain Permissions, Privileges, and Access Controls vulnerability in Iain Gypsy 0.8

gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.

1.9