Weekly Vulnerabilities Reports > August 27 to September 2, 2012

Overview

101 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 74 vendors including Drupal, Mozilla, Symantec, OBM, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 89 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 91 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-30 CVE-2012-3136 Oracle Remote Code Execution vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.

10.0
2012-08-30 CVE-2012-1682 Oracle Remote Code Execution vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136.

10.0
2012-08-30 CVE-2011-5133 Mybb Multiple Security vulnerability in MyBB

Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."

10.0
2012-08-30 CVE-2012-3254 HP Unspecified vulnerability in HP Inode Management Center PC 5.0/5.1

Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.

10.0
2012-08-30 CVE-2012-3253 HP Unspecified vulnerability in HP Intelligent Management Center 5.0

Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet.

10.0
2012-08-29 CVE-2012-3971 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.

10.0
2012-08-31 CVE-2010-5194 Viscomsoft Buffer Errors vulnerability in Viscomsoft Image Viewer CP Gold SDK and Image Viewer CP PRO SDK

Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter.

9.3
2012-08-31 CVE-2010-5193 Viscomsoft Buffer Errors vulnerability in Viscomsoft Image Viewer CP Gold SDK and Image Viewer CP PRO SDK

Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.

9.3
2012-08-31 CVE-2012-4170 Adobe Buffer Errors vulnerability in Adobe Photoshop CS6 13.0

Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file.

9.3
2012-08-29 CVE-2012-3965 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.

9.3
2012-08-29 CVE-2012-1971 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors.

9.3

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-29 CVE-2012-3579 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Messaging Gateway

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.

7.9
2012-08-29 CVE-2012-3580 Symantec Security Bypass vulnerability in Symantec Messaging Gateway

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.

7.7
2012-08-29 CVE-2012-3973 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.

7.6
2012-08-31 CVE-2012-4743 EOS PE
Zeroboard
SQL Injection vulnerability in Eos.Pe Siche Search Module 0.5

Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters.

7.5
2012-08-31 CVE-2012-4742 Packetfence Remote Security vulnerability in Packetfence

The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2012-08-31 CVE-2012-2114 Etalabs Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Etalabs Musl

Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr.

7.5
2012-08-31 CVE-2011-4949 Egroupware SQL Injection vulnerability in Egroupware and Egroupware Enterprise Line

SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-08-31 CVE-2011-5140 DIY CMS SQL Injection vulnerability in Diy-Cms Blog 1.0

Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php.

7.5
2012-08-31 CVE-2011-5139 Preprojects SQL Injection vulnerability in Preprojects Business Cards Designer

SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-08-31 CVE-2011-5137 Tforum SQL Injection vulnerability in Tforum B0.915

Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php.

7.5
2012-08-28 CVE-2012-4686 Vbulletin SQL Injection vulnerability in Vbulletin 4.1.10

SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.

7.5
2012-08-27 CVE-2012-1934 Sourcefabric SQL Injection vulnerability in Sourcefabric Newscoop

SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.

7.5

69 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-31 CVE-2012-4746 ZTE Cross-Site Request Forgery (CSRF) vulnerability in ZTE Zxdsl 831Iiv7.5.0Az29Ov

Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

6.8
2012-08-31 CVE-2012-2116 Commerceguys
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Commerceguys Commerce Reorder 7.X1.0/7.X1.X

Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.

6.8
2012-08-31 CVE-2011-4947 E107 Cross-Site Request Forgery (CSRF) vulnerability in E107

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

6.8
2012-08-31 CVE-2011-4946 E107 SQL Injection vulnerability in E107

SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

6.8
2012-08-31 CVE-2011-5148 Wasen
Joomla
Remote Code Execution vulnerability in Wasen MOD Simplefileupload 1.0/1.1/1.3

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g.

6.8
2012-08-31 CVE-2012-4245 Gimp Missing Authorization vulnerability in Gimp

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

6.8
2012-08-31 CVE-2012-4009 Cybozu Code Injection vulnerability in Cybozu Live 1.0.4

The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

6.8
2012-08-31 CVE-2012-4008 Cybozu Code Injection vulnerability in Cybozu Live 1.0.4

The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.

6.8
2012-08-30 CVE-2011-5131 Mybb Cross-Site Request Forgery (CSRF) vulnerability in Mybb

Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.

6.8
2012-08-30 CVE-2011-5130 Haudenschilt Code Injection vulnerability in Haudenschilt Family Connections CMS

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

6.8
2012-08-29 CVE-2012-3309 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Guardium

Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6.8
2012-08-29 CVE-2012-2285 EMC Improper Authentication vulnerability in EMC products

EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase.

6.8
2012-08-29 CVE-2012-0308 Symantec Cross-Site Request Forgery (CSRF) vulnerability in Symantec Messaging Gateway

Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.

6.8
2012-08-28 CVE-2012-2085 Gajim Code Injection vulnerability in Gajim

The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.

6.8
2012-08-27 CVE-2012-1933 Sourcefabric Code Injection vulnerability in Sourcefabric Newscoop

Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.

6.8
2012-08-30 CVE-2011-5136 Epractizelabs Improper Input Validation vulnerability in Epractizelabs Subscription Manager 1.0

showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter.

6.4
2012-08-28 CVE-2012-1635 RIK DE Boer
Drupal
Permissions, Privileges, and Access Controls vulnerability in RIK DE Boer Revisioning

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

6.4
2012-08-31 CVE-2011-5141 OBM Path Traversal vulnerability in OBM Open Business Management 2.4.0

Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a ..

6.0
2012-08-31 CVE-2012-4737 Digium Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

6.0
2012-08-30 CVE-2012-3325 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.

6.0
2012-08-30 CVE-2011-5135 Docebo SQL Injection vulnerability in Docebo Docebolms

Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.

6.0
2012-08-30 CVE-2011-5134 Widgetfactorylimited
Joomla
File-Upload vulnerability in Com Jce

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.

6.0
2012-08-28 CVE-2012-1650 Giantrobot
Drupal
Permissions, Privileges, and Access Controls vulnerability in Giantrobot Zipcart 6.X1.2/6.X1.3/6.X1.X

The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.

6.0
2012-08-28 CVE-2012-1641 Danielb
Drupal
Permissions, Privileges, and Access Controls vulnerability in Danielb Finder

The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.

6.0
2012-08-31 CVE-2011-4951 Egroupware Input Validation vulnerability in eGroupware

Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter.

5.8
2012-08-31 CVE-2011-5145 OBM SQL Injection vulnerability in OBM Open Business Management 2.4.0

Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php.

5.5
2012-08-31 CVE-2012-4741 Packetfence Improper Authentication vulnerability in Packetfence

The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.

5.0
2012-08-31 CVE-2011-4948 Egroupware Path Traversal vulnerability in Egroupware and Egroupware Enterprise Line

Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter.

5.0
2012-08-31 CVE-2011-5147 Freewebshop Code Injection vulnerability in Freewebshop

Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.

5.0
2012-08-31 CVE-2011-5144 OBM Permissions, Privileges, and Access Controls vulnerability in OBM Open Business Management 2.4.0

Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function.

5.0
2012-08-31 CVE-2012-3534 Opensuse
Gnugk
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections.

5.0
2012-08-31 CVE-2012-3533 Ovirt
Ovirt Engine SDK
Cryptographic Issues vulnerability in multiple products

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.

5.0
2012-08-31 CVE-2012-2704 John Franklin
Drupal
Permissions, Privileges, and Access Controls vulnerability in John Franklin Advertisement

The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php.

5.0
2012-08-31 CVE-2012-4171 Adobe
Google
Linux
Apple
Microsoft
Remote Denial of Service vulnerability in Adobe Flash Player and AIR

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs.

5.0
2012-08-30 CVE-2011-5129 Xchat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xchat

Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.

5.0
2012-08-30 CVE-2012-4010 Opera Address Bar URI Spoofing vulnerability in Opera Web Browser

Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.

5.0
2012-08-29 CVE-2012-3312 IBM Cryptographic Issues vulnerability in IBM Infosphere Guardium

The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2012-08-28 CVE-2012-1643 Jason Savino
Drupal
Permissions, Privileges, and Access Controls vulnerability in Jason Savino FP 7.X1.0/7.X1.1

The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors.

5.0
2012-08-28 CVE-2012-1642 Yaml Fuer Drupal
Drupal
Permissions, Privileges, and Access Controls vulnerability in Yaml-Fuer-Drupal Linkchecker

includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2012-08-27 CVE-2012-3467 Apache Improper Authentication vulnerability in Apache Qpid

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.

5.0
2012-08-29 CVE-2011-4578 Tedfelix Permissions, Privileges, and Access Controls vulnerability in Tedfelix Acpid2

event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.

4.6
2012-08-27 CVE-2012-3410 GNU Buffer Errors vulnerability in GNU Bash 4.2

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.

4.6
2012-08-29 CVE-2011-2777 Tedfelix Permissions, Privileges, and Access Controls vulnerability in Tedfelix Acpid2

samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.

4.4
2012-08-31 CVE-2012-4744 EOS PE
Zeroboard
Cross-Site Scripting vulnerability in Eos.Pe Siche Search Module 0.5

Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2012-08-31 CVE-2012-4740 Packetfence Cross-Site Scripting vulnerability in Packetfence

Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-31 CVE-2012-2117 Yaniv Aran Shamir
Drupal
Cross-Site Scripting vulnerability in Yaniv Aran-Shamir Gigya

Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-31 CVE-2012-2083 Fusiondrupalthemes
Drupal
Cross-Site Scripting vulnerability in Fusiondrupalthemes Fusion 6.X1.0/6.X1.1/6.X1.12

Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2012-08-31 CVE-2011-4950 Egroupware Cross-Site Scripting vulnerability in Egroupware and Egroupware Enterprise Line

Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2012-08-31 CVE-2011-5150 Spamtitan Cross-Site Scripting vulnerability in Spamtitan

Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149.

4.3
2012-08-31 CVE-2011-5149 Spamtitan Cross-Site Scripting vulnerability in Spamtitan

Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.

4.3
2012-08-31 CVE-2011-5143 OBM Cross-Site Scripting vulnerability in OBM Open Business Management

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php.

4.3
2012-08-31 CVE-2011-5142 OBM Cross-Site Scripting vulnerability in OBM Open Business Management 2.4.0

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php.

4.3
2012-08-31 CVE-2011-5138 Tforum Cross-Site Scripting vulnerability in Tforum B0.915

Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action.

4.3
2012-08-31 CVE-2012-4739 Barracudanetworks Cross-Site Scripting vulnerability in Barracudanetworks Barracuda SSL VPN 1.2.6.004/1.5.0.29

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.

4.3
2012-08-30 CVE-2012-3548 Wireshark Resource Management Errors vulnerability in Wireshark

The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.

4.3
2012-08-30 CVE-2011-5132 Mybb Cross-Site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."

4.3
2012-08-30 CVE-2011-1398 PHP Improper Input Validation vulnerability in PHP

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

4.3
2012-08-29 CVE-2012-3295 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 7.1

IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.

4.3
2012-08-29 CVE-2012-3975 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.

4.3
2012-08-29 CVE-2012-1956 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.

4.3
2012-08-29 CVE-2012-0307 Symantec Cross-Site Scripting vulnerability in Symantec Messaging Gateway

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.

4.3
2012-08-29 CVE-2011-4918 Elxis Cross-Site Scripting vulnerability in Elxis CMS 2009.2/2009.3

Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php.

4.3
2012-08-28 CVE-2012-4685 Arbornetworks Cross-Site Scripting vulnerability in Arbornetworks Peakflow SP 5.1.1/5.5/5.6.0

Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.

4.3
2012-08-28 CVE-2012-1647 Mediafront
Drupal
Cross-Site Scripting vulnerability in Mediafront

Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION.

4.3
2012-08-27 CVE-2012-4680 Ioserver Path Traversal vulnerability in Ioserver 1.0.18.0

Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a ..

4.3
2012-08-27 CVE-2012-4679 Sourcefabric Cross-Site Scripting vulnerability in Sourcefabric Newscoop

Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.

4.3
2012-08-27 CVE-2012-2129 Andreas Gohr Cross-Site Scripting vulnerability in Andreas Gohr Dokuwiki 20120125

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

4.3
2012-08-27 CVE-2012-2112 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.

4.3
2012-08-27 CVE-2012-1935 Sourcefabric Cross-Site Scripting vulnerability in Sourcefabric Newscoop

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-31 CVE-2012-3378 Gnome Cryptographic Issues vulnerability in Gnome At-Spi2-Atk 2.5.2

The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.

3.3
2012-08-29 CVE-2012-4736 Sophos Permissions, Privileges, and Access Controls vulnerability in Sophos Safeguard Enterprise 6.0

The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations.

3.3
2012-08-29 CVE-2012-3581 Symantec Information Exposure vulnerability in Symantec Messaging Gateway

Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.

3.3
2012-08-31 CVE-2011-5146 Ingumadev Link Following vulnerability in Ingumadev Bokken 1.5

Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.

2.6
2012-08-28 CVE-2012-1645 Wimleers
Drupal
Information Exposure vulnerability in Wimleers CDN 6.X2.2/7.X2.2

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

2.6
2012-08-31 CVE-2012-3478 Pizzashack Permissions, Privileges, and Access Controls vulnerability in Pizzashack Rssh

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

2.1
2012-08-28 CVE-2012-1644 Gizra
Drupal
Permissions, Privileges, and Access Controls vulnerability in Gizra OG Vocab 6.X1.0/6.X1.1/6.X1.X

The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.

2.1
2012-08-27 CVE-2012-1586 Debian Information Exposure vulnerability in Debian Cifs-Utils 2.6

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

2.1
2012-08-27 CVE-2011-4944 Python Permissions, Privileges, and Access Controls vulnerability in Python

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

1.9