Weekly Vulnerabilities Reports > August 27 to September 2, 2012

Overview

152 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 124 products from 89 vendors including Mozilla, Opensuse, Redhat, Suse, and Canonical. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use After Free", and "SQL Injection".

  • 136 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 44 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 141 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 24 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

34 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-30 CVE-2012-3136 Oracle Remote Code Execution vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.

10.0
2012-08-30 CVE-2012-1682 Oracle Remote Code Execution vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136.

10.0
2012-08-30 CVE-2011-5133 Mybb Multiple Security vulnerability in MyBB

Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."

10.0
2012-08-30 CVE-2012-3254 HP Unspecified vulnerability in HP Inode Management Center PC 5.0/5.1

Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.

10.0
2012-08-30 CVE-2012-3253 HP Unspecified vulnerability in HP Intelligent Management Center 5.0

Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet.

10.0
2012-08-29 CVE-2012-3971 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.

10.0
2012-08-29 CVE-2012-3970 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.

10.0
2012-08-29 CVE-2012-3968 Mozilla
Opensuse
Suse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.

10.0
2012-08-29 CVE-2012-3966 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.

10.0
2012-08-29 CVE-2012-3964 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-3963 Mozilla
Opensuse
Suse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2012-08-29 CVE-2012-3961 Mozilla
Opensuse
Suse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-3960 Mozilla
Opensuse
Suse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-3959 Mozilla
Opensuse
Suse
Redhat
Canonical
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-3958 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-3957 Mozilla
Opensuse
Suse
Redhat
Canonical
Out-Of-Bounds Write vulnerability in multiple products

Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2012-08-29 CVE-2012-3956 Mozilla
Opensuse
Suse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-1976 Mozilla
Opensuse
Suse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-1975 Mozilla
Opensuse
Suse
Redhat
Canonical
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-1974 Mozilla
Opensuse
Suse
Redhat
Canonical
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-1973 Mozilla
Opensuse
Suse
Redhat
Canonical
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-1972 Mozilla
Opensuse
Suse
Redhat
Canonical
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0
2012-08-29 CVE-2012-1970 Mozilla
Opensuse
Suse
Redhat
Canonical
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2012-08-28 CVE-2012-4681 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java Runtime Environment

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

10.0
2012-08-31 CVE-2010-5194 Viscomsoft Buffer Errors vulnerability in Viscomsoft Image Viewer CP Gold SDK and Image Viewer CP PRO SDK

Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter.

9.3
2012-08-31 CVE-2010-5193 Viscomsoft Buffer Errors vulnerability in Viscomsoft Image Viewer CP Gold SDK and Image Viewer CP PRO SDK

Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.

9.3
2012-08-31 CVE-2012-4170 Adobe Buffer Errors vulnerability in Adobe Photoshop CS6 13.0

Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file.

9.3
2012-08-29 CVE-2012-3980 Mozilla Code Injection vulnerability in Mozilla products

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.

9.3
2012-08-29 CVE-2012-3969 Mozilla Numeric Errors vulnerability in Mozilla products

Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.

9.3
2012-08-29 CVE-2012-3967 Mozilla
Linux
Opensuse
Suse
Redhat
Canonical
Out-Of-Bounds Write vulnerability in multiple products

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.

9.3
2012-08-29 CVE-2012-3965 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.

9.3
2012-08-29 CVE-2012-3962 Mozilla Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.

9.3
2012-08-29 CVE-2012-1971 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors.

9.3
2012-08-31 CVE-2012-2186 Asterisk Unspecified vulnerability in Asterisk products

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.

9.0

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-29 CVE-2012-3579 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Messaging Gateway

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.

7.9
2012-08-29 CVE-2012-3580 Symantec Security Bypass vulnerability in Symantec Messaging Gateway

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.

7.7
2012-08-29 CVE-2012-3973 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.

7.6
2012-08-31 CVE-2012-4743 EOS PE
Zeroboard
SQL Injection vulnerability in Eos.Pe Siche Search Module 0.5

Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters.

7.5
2012-08-31 CVE-2012-4742 Packetfence Remote Security vulnerability in Packetfence

The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2012-08-31 CVE-2012-2114 Etalabs Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Etalabs Musl

Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr.

7.5
2012-08-31 CVE-2011-4949 Egroupware SQL Injection vulnerability in Egroupware and Egroupware Enterprise Line

SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-08-31 CVE-2011-5140 DIY CMS SQL Injection vulnerability in Diy-Cms Blog 1.0

Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php.

7.5
2012-08-31 CVE-2011-5139 Preprojects SQL Injection vulnerability in Preprojects Business Cards Designer

SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-08-31 CVE-2011-5137 Tforum SQL Injection vulnerability in Tforum B0.915

Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php.

7.5
2012-08-31 CVE-2012-2869 Opensuse
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."

7.5
2012-08-31 CVE-2012-2866 Opensuse
Google
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
7.5
2012-08-28 CVE-2012-4686 Vbulletin SQL Injection vulnerability in Vbulletin 4.1.10

SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.

7.5
2012-08-27 CVE-2012-1934 Sourcefabric SQL Injection vulnerability in Sourcefabric Newscoop

SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.

7.5

91 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-29 CVE-2012-3974 Microsoft
Mozilla
Resource Management Errors vulnerability in Mozilla products

Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.

6.9
2012-08-31 CVE-2012-4746 ZTE Cross-Site Request Forgery (CSRF) vulnerability in ZTE Zxdsl 831Iiv7.5.0Az29Ov

Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

6.8
2012-08-31 CVE-2012-2116 Commerceguys
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Commerceguys Commerce Reorder 7.X1.0/7.X1.X

Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.

6.8
2012-08-31 CVE-2011-4947 E107 Cross-Site Request Forgery (CSRF) vulnerability in E107

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

6.8
2012-08-31 CVE-2011-4946 E107 SQL Injection vulnerability in E107

SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

6.8
2012-08-31 CVE-2011-5148 Wasen
Joomla
Remote Code Execution vulnerability in Wasen MOD Simplefileupload 1.0/1.1/1.3

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g.

6.8
2012-08-31 CVE-2012-2871 Apple
Google
Xmlsoft
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
6.8
2012-08-31 CVE-2012-2868 Opensuse
Google
Race Condition vulnerability in multiple products

Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.

6.8
2012-08-31 CVE-2012-4245 Gimp Improper Authentication vulnerability in Gimp

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

6.8
2012-08-31 CVE-2012-4009 Cybozu Code Injection vulnerability in Cybozu Live 1.0.4

The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

6.8
2012-08-31 CVE-2012-4008 Cybozu Code Injection vulnerability in Cybozu Live 1.0.4

The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.

6.8
2012-08-30 CVE-2011-5131 Mybb Cross-Site Request Forgery (CSRF) vulnerability in Mybb

Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.

6.8
2012-08-30 CVE-2011-5130 Haudenschilt Code Injection vulnerability in Haudenschilt Family Connections CMS

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

6.8
2012-08-29 CVE-2012-3309 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Guardium

Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6.8
2012-08-29 CVE-2012-2285 EMC Improper Authentication vulnerability in EMC products

EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase.

6.8
2012-08-29 CVE-2012-3979 Mozilla
Google
Remote Code Execution vulnerability in Mozilla Firefox

Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.

6.8
2012-08-29 CVE-2012-3978 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla products

The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.

6.8
2012-08-29 CVE-2012-0308 Symantec Cross-Site Request Forgery (CSRF) vulnerability in Symantec Messaging Gateway

Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.

6.8
2012-08-28 CVE-2012-2085 Gajim Code Injection vulnerability in Gajim

The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.

6.8
2012-08-27 CVE-2012-4036 Pbboard Unspecified vulnerability in Pbboard 2.1.4

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory.

6.8
2012-08-27 CVE-2012-2128 Andreas Gohr Cross-Site Request Forgery (CSRF) vulnerability in Andreas Gohr Dokuwiki 20120125

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.

6.8
2012-08-27 CVE-2012-1933 Sourcefabric Code Injection vulnerability in Sourcefabric Newscoop

Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.

6.8
2012-08-30 CVE-2011-5136 Epractizelabs Improper Input Validation vulnerability in Epractizelabs Subscription Manager 1.0

showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter.

6.4
2012-08-28 CVE-2012-1635 RIK DE Boer
Drupal
Permissions, Privileges, and Access Controls vulnerability in RIK DE Boer Revisioning

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

6.4
2012-08-31 CVE-2011-5141 OBM Path Traversal vulnerability in OBM Open Business Management 2.4.0

Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a ..

6.0
2012-08-31 CVE-2012-4737 Digium Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

6.0
2012-08-30 CVE-2012-3325 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.

6.0
2012-08-30 CVE-2011-5135 Docebo SQL Injection vulnerability in Docebo Docebolms

Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.

6.0
2012-08-30 CVE-2011-5134 Widgetfactorylimited
Joomla
File-Upload vulnerability in Com Jce

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.

6.0
2012-08-28 CVE-2012-1650 Giantrobot
Drupal
Permissions, Privileges, and Access Controls vulnerability in Giantrobot Zipcart 6.X1.2/6.X1.3/6.X1.X

The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.

6.0
2012-08-28 CVE-2012-1641 Danielb
Drupal
Permissions, Privileges, and Access Controls vulnerability in Danielb Finder

The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.

6.0
2012-08-31 CVE-2011-4951 Egroupware Input Validation vulnerability in eGroupware

Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter.

5.8
2012-08-31 CVE-2011-5145 OBM SQL Injection vulnerability in OBM Open Business Management 2.4.0

Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php.

5.5
2012-08-31 CVE-2012-4741 Packetfence Improper Authentication vulnerability in Packetfence

The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.

5.0
2012-08-31 CVE-2011-4948 Egroupware Path Traversal vulnerability in Egroupware and Egroupware Enterprise Line

Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter.

5.0
2012-08-31 CVE-2011-5147 Freewebshop Code Injection vulnerability in Freewebshop

Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.

5.0
2012-08-31 CVE-2011-5144 OBM Permissions, Privileges, and Access Controls vulnerability in OBM Open Business Management 2.4.0

Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function.

5.0
2012-08-31 CVE-2012-3534 Opensuse
Gnugk
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections.

5.0
2012-08-31 CVE-2012-3533 Ovirt
Ovirt Engine SDK
Cryptographic Issues vulnerability in multiple products

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.

5.0
2012-08-31 CVE-2012-2704 John Franklin
Drupal
Permissions, Privileges, and Access Controls vulnerability in John Franklin Advertisement

The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php.

5.0
2012-08-31 CVE-2012-4171 Adobe
Google
Linux
Apple
Microsoft
Remote Denial of Service vulnerability in Adobe Flash Player and AIR

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs.

5.0
2012-08-31 CVE-2012-2867 Opensuse
Google
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
5.0
2012-08-30 CVE-2011-5129 Xchat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xchat

Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.

5.0
2012-08-30 CVE-2012-4010 Opera Address Bar URI Spoofing vulnerability in Opera Web Browser

Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.

5.0
2012-08-29 CVE-2012-3312 IBM Cryptographic Issues vulnerability in IBM Infosphere Guardium

The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2012-08-29 CVE-2012-3972 Mozilla
Opensuse
Suse
Redhat
Canonical
Debian
Information Exposure vulnerability in multiple products

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.

5.0
2012-08-28 CVE-2012-1643 Jason Savino
Drupal
Permissions, Privileges, and Access Controls vulnerability in Jason Savino FP 7.X1.0/7.X1.1

The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors.

5.0
2012-08-28 CVE-2012-1642 Yaml Fuer Drupal
Drupal
Permissions, Privileges, and Access Controls vulnerability in Yaml-Fuer-Drupal Linkchecker

includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2012-08-27 CVE-2012-3467 Apache Improper Authentication vulnerability in Apache Qpid

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.

5.0
2012-08-27 CVE-2012-3421 SGI Unspecified vulnerability in SGI Performance Co-Pilot

The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."

5.0
2012-08-27 CVE-2012-3420 SGI Resource Management Errors vulnerability in SGI Performance Co-Pilot

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.

5.0
2012-08-27 CVE-2012-3419 SGI Information Exposure vulnerability in SGI Performance Co-Pilot

Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.

5.0
2012-08-27 CVE-2012-3418 SGI Numeric Errors vulnerability in SGI Performance Co-Pilot

libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.

5.0
2012-08-27 CVE-2012-0855 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable.

5.0
2012-08-29 CVE-2011-4578 Tedfelix Permissions, Privileges, and Access Controls vulnerability in Tedfelix Acpid2

event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.

4.6
2012-08-27 CVE-2012-3410 GNU Buffer Errors vulnerability in GNU Bash 4.2

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.

4.6
2012-08-29 CVE-2011-2777 Tedfelix Permissions, Privileges, and Access Controls vulnerability in Tedfelix Acpid2

samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.

4.4
2012-08-31 CVE-2012-4745 THE Collective Cross-Site Scripting vulnerability in the Collective Acuity CMS 2.6.2

Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.

4.3
2012-08-31 CVE-2012-4744 EOS PE
Zeroboard
Cross-Site Scripting vulnerability in Eos.Pe Siche Search Module 0.5

Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2012-08-31 CVE-2012-4740 Packetfence Cross-Site Scripting vulnerability in Packetfence

Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-31 CVE-2012-2117 Yaniv Aran Shamir
Drupal
Cross-Site Scripting vulnerability in Yaniv Aran-Shamir Gigya

Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-31 CVE-2012-2083 Fusiondrupalthemes
Drupal
Cross-Site Scripting vulnerability in Fusiondrupalthemes Fusion 6.X1.0/6.X1.1/6.X1.12

Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2012-08-31 CVE-2011-4950 Egroupware Cross-Site Scripting vulnerability in Egroupware and Egroupware Enterprise Line

Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2012-08-31 CVE-2011-5150 Spamtitan Cross-Site Scripting vulnerability in Spamtitan

Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149.

4.3
2012-08-31 CVE-2011-5149 Spamtitan Cross-Site Scripting vulnerability in Spamtitan

Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.

4.3
2012-08-31 CVE-2011-5143 OBM Cross-Site Scripting vulnerability in OBM Open Business Management

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php.

4.3
2012-08-31 CVE-2011-5142 OBM Cross-Site Scripting vulnerability in OBM Open Business Management 2.4.0

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php.

4.3
2012-08-31 CVE-2011-5138 Tforum Cross-Site Scripting vulnerability in Tforum B0.915

Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action.

4.3
2012-08-31 CVE-2012-4739 Barracudanetworks Cross-Site Scripting vulnerability in Barracudanetworks Barracuda SSL VPN 1.2.6.004/1.5.0.29

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.

4.3
2012-08-31 CVE-2012-2872 Opensuse
Google
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-08-31 CVE-2012-2870 Apple
Google
Xmlsoft
Resource Management Errors vulnerability in multiple products

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

4.3
2012-08-31 CVE-2012-2865 Opensuse
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

4.3
2012-08-30 CVE-2012-3548 Wireshark Resource Management Errors vulnerability in Wireshark

The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.

4.3
2012-08-30 CVE-2011-5132 Mybb Cross-Site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."

4.3
2012-08-30 CVE-2011-1398 PHP Improper Input Validation vulnerability in PHP

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

4.3
2012-08-29 CVE-2012-3295 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 7.1

IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.

4.3
2012-08-29 CVE-2012-3976 Mozilla
Opensuse
Suse
Redhat
Canonical
Information Exposure vulnerability in multiple products

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3
2012-08-29 CVE-2012-3975 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.

4.3
2012-08-29 CVE-2012-1956 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.

4.3
2012-08-29 CVE-2012-0307 Symantec Cross-Site Scripting vulnerability in Symantec Messaging Gateway

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.

4.3
2012-08-29 CVE-2011-5128 Bueltge
Wordpress
Cross-Site Scripting vulnerability in Bueltge Adminimize

Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.

4.3
2012-08-29 CVE-2011-4926 Bueltge
Wordpress
Cross-Site Scripting vulnerability in Bueltge Adminimize

Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2012-08-29 CVE-2011-4918 Elxis Cross-Site Scripting vulnerability in Elxis CMS 2009.2/2009.3

Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php.

4.3
2012-08-28 CVE-2012-4685 Arbornetworks Cross-Site Scripting vulnerability in Arbornetworks Peakflow SP 5.1.1/5.5/5.6.0

Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.

4.3
2012-08-28 CVE-2012-1647 Mediafront
Drupal
Cross-Site Scripting vulnerability in Mediafront

Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION.

4.3
2012-08-27 CVE-2012-4680 Ioserver Path Traversal vulnerability in Ioserver 1.0.18.0

Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a ..

4.3
2012-08-27 CVE-2012-0849 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.

4.3
2012-08-27 CVE-2012-4679 Sourcefabric Cross-Site Scripting vulnerability in Sourcefabric Newscoop

Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.

4.3
2012-08-27 CVE-2012-2129 Andreas Gohr Cross-Site Scripting vulnerability in Andreas Gohr Dokuwiki 20120125

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

4.3
2012-08-27 CVE-2012-2112 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.

4.3
2012-08-27 CVE-2012-1935 Sourcefabric Cross-Site Scripting vulnerability in Sourcefabric Newscoop

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.

4.3

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-08-31 CVE-2012-3378 Gnome Cryptographic Issues vulnerability in Gnome At-Spi2-Atk 2.5.2

The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.

3.3
2012-08-29 CVE-2012-4736 Sophos Permissions, Privileges, and Access Controls vulnerability in Sophos Safeguard Enterprise 6.0

The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations.

3.3
2012-08-29 CVE-2012-3581 Symantec Information Exposure vulnerability in Symantec Messaging Gateway

Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.

3.3
2012-08-31 CVE-2011-5146 Ingumadev Link Following vulnerability in Ingumadev Bokken 1.5

Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.

2.6
2012-08-31 CVE-2012-4600 Otrs Cross-Site Scripting vulnerability in Otrs and Otrs Itsm

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

2.6
2012-08-28 CVE-2012-1645 Wimleers
Drupal
Information Exposure vulnerability in Wimleers CDN 6.X2.2/7.X2.2

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

2.6
2012-08-31 CVE-2012-3478 Pizzashack Permissions, Privileges, and Access Controls vulnerability in Pizzashack Rssh

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

2.1
2012-08-31 CVE-2012-3380 Naxsi Project Path Traversal vulnerability in Naxsi Project Naxsi 0.46

Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.

2.1
2012-08-31 CVE-2012-2658 Unixodbc Buffer Errors vulnerability in Unixodbc 2.3.1

** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option.

2.1
2012-08-31 CVE-2012-2657 Unixodbc Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Unixodbc

** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option.

2.1
2012-08-28 CVE-2012-1644 Gizra
Drupal
Permissions, Privileges, and Access Controls vulnerability in Gizra OG Vocab 6.X1.0/6.X1.1/6.X1.X

The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.

2.1
2012-08-27 CVE-2012-1586 Debian Information Exposure vulnerability in Debian Cifs-Utils 2.6

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

2.1
2012-08-27 CVE-2011-4944 Python Permissions, Privileges, and Access Controls vulnerability in Python

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

1.9