Weekly Vulnerabilities Reports > October 1 to 7, 2012

Overview

106 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 74 vendors including Drupal, IBM, Joomla, Mavili Guestbook Project, and Vmware. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 95 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 44 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 92 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Sumatrapdfreader has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-05 CVE-2012-4896 Sumatrapdfreader Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sumatrapdfreader Sumatrapdf

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895.

9.3
2012-10-05 CVE-2012-4895 Sumatrapdfreader Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sumatrapdfreader Sumatrapdf

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896.

9.3
2012-10-05 CVE-2012-4894 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Sketchup

Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.

9.3

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-06 CVE-2012-5304 Yuriy V Semenikhin Code Injection vulnerability in Yuriy V Semenikhin YVS Image Gallery

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors.

7.5
2012-10-06 CVE-2012-1565 EZ Security vulnerability in eZ Publish

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.

7.5
2012-10-06 CVE-2011-4932 Impresspages Code Injection vulnerability in Impresspages CMS 1.0.12

Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter.

7.5
2012-10-04 CVE-2012-5300 Mystorexpress SQL Injection vulnerability in Mystorexpress Tienda Virtual 2.0

SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-10-04 CVE-2012-5299 Mavili Guestbook Project Permissions, Privileges, and Access Controls vulnerability in Mavili Guestbook Project Mavili Guestbook

Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.

7.5
2012-10-04 CVE-2012-5297 Mavili Guestbook Project SQL Injection vulnerability in Mavili Guestbook Project Mavili Guestbook

SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-10-04 CVE-2012-5294 Mystorexpress SQL Injection vulnerability in Mystorexpress Tienda Virtual

SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-10-04 CVE-2011-5203 Akiva SQL Injection vulnerability in Akiva Webboard 2.90/8.0

SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter.

7.5
2012-10-04 CVE-2012-5293 Redgraphic Code Injection vulnerability in Redgraphic Sapid CMS 1.2.3

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.

7.5
2012-10-04 CVE-2012-5292 Atar2B SQL Injection vulnerability in Atar2B CMS 4.0.1

Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.

7.5
2012-10-04 CVE-2012-5291 Possesports SQL Injection vulnerability in Possesports Posse Softball Director CMS

SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.

7.5
2012-10-04 CVE-2012-5290 Wcs4Web SQL Injection vulnerability in Wcs4Web Easywebrealestate

Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.

7.5
2012-10-04 CVE-2012-5289 Plogger SQL Injection vulnerability in Plogger 1.0

Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php.

7.5
2012-10-04 CVE-2012-5288 Accomplishtechnology SQL Injection vulnerability in Accomplishtechnology PHPmydirectory 1.3.3

SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-10-01 CVE-2012-1603 Nextbbs SQL Injection vulnerability in Nextbbs 0.6

Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.

7.5
2012-10-01 CVE-2012-1602 Nextbbs Improper Authentication vulnerability in Nextbbs 0.6

user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.

7.5
2012-10-01 CVE-2012-5231 Jessgramp Code Injection vulnerability in Jessgramp Minicms 1.0/2.0

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.

7.5
2012-10-01 CVE-2012-5230 Harmistechnology
Joomla
Security vulnerability in Harmistechnology COM Jesubmit 1.4

Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.

7.5
2012-10-01 CVE-2012-5227 Peel SQL Injection vulnerability in Peel Shopping 2.8/2.9

SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-10-01 CVE-2012-5224 Vbadvanced Code Injection vulnerability in Vbadvanced Cmps 3.2.1

PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.

7.5
2012-10-01 CVE-2012-5223 Crawlability Code Injection vulnerability in Crawlability Vbseo

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.

7.5
2012-10-01 CVE-2012-4432 Optipng Resource Management Errors vulnerability in Optipng

Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction."

7.5
2012-10-01 CVE-2012-4415 Fedoraproject
Guac DEV
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.

7.5
2012-10-01 CVE-2012-2240 Devscripts Devel Team Improper Input Validation vulnerability in Devscripts Devel Team Devscripts

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."

7.5

68 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-05 CVE-2012-5303 Monkey Project Link Following vulnerability in Monkey-Project Monkey 0.9.3

Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

6.9
2012-10-05 CVE-2012-4897 Vmware Unspecified vulnerability in VMWare Movie Decoder

Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory.

6.9
2012-10-05 CVE-2012-4443 Monkey Project Permissions, Privileges, and Access Controls vulnerability in Monkey-Project Monkey 0.9.3

Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.

6.9
2012-10-07 CVE-2012-1414 Plume CMS Cross-Site Request Forgery (CSRF) vulnerability in Plume-Cms Plume CMS

Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.

6.8
2012-10-06 CVE-2012-1153 Apprain Remote Arbitrary File Upload vulnerability in appRain CMF 'uploadify.php'

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.

6.8
2012-10-04 CVE-2012-2999 Cerberusftp Cross-Site Request Forgery (CSRF) vulnerability in Cerberusftp FTP Server

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.

6.8
2012-10-01 CVE-2012-1897 Wolfcms Cross-Site Request Forgery (CSRF) vulnerability in Wolfcms Wolf CMS

Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout.

6.8
2012-10-01 CVE-2012-0748 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Team Concert 4.0

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items.

6.8
2012-10-01 CVE-2012-4427 Gnome Code Injection vulnerability in Gnome Gnome-Shell 3.4.1

The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.

6.8
2012-10-01 CVE-2012-2242 Devscripts Devel Team Improper Input Validation vulnerability in Devscripts Devel Team Devscripts

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.

6.8
2012-10-03 CVE-2012-3489 Postgresql
Opensuse
Apple
Canonical
Debian
Redhat
XXE vulnerability in multiple products

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

6.5
2012-10-01 CVE-2012-4064 Eucalyptus Permissions, Privileges, and Access Controls vulnerability in Eucalyptus

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.

6.5
2012-10-06 CVE-2012-0987 Impresscms Path Traversal vulnerability in Impresscms

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a ..

6.0
2012-10-01 CVE-2012-1576 Atheme Permissions, Privileges, and Access Controls vulnerability in Atheme

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.

6.0
2012-10-01 CVE-2012-4450 Fedoraproject Permissions, Privileges, and Access Controls vulnerability in Fedoraproject 389 Directory Server 1.2.10

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

6.0
2012-10-03 CVE-2012-3552 Linux
Redhat
Race Condition vulnerability in multiple products

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.

5.9
2012-10-04 CVE-2012-5240 Wireshark Buffer Errors vulnerability in Wireshark 1.8.0/1.8.1/1.8.2

Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.

5.8
2012-10-02 CVE-2012-3314 IBM Improper Input Validation vulnerability in IBM products

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.

5.8
2012-10-01 CVE-2012-5234 Ocportal Improper Input Validation vulnerability in Ocportal

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

5.8
2012-10-07 CVE-2011-4911 Joomla Improper Input Validation vulnerability in Joomla Joomla!

Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

5.0
2012-10-06 CVE-2012-1623 Aidanlister
Drupal
Permissions, Privileges, and Access Controls vulnerability in Aidanlister Regcode

The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions.

5.0
2012-10-05 CVE-2012-1150 Python Cryptographic Issues vulnerability in Python

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

5.0
2012-10-05 CVE-2012-0845 Python Resource Management Errors vulnerability in Python

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

5.0
2012-10-05 CVE-2012-5051 Vmware Path Traversal vulnerability in VMWare Capacityiq 1.5.0/1.5.1/1.5.2

Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2012-10-04 CVE-2012-5301 Cerberusftp Cryptographic Issues vulnerability in Cerberusftp FTP Server

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.

5.0
2012-10-04 CVE-2012-5298 Mavili Guestbook Project Permissions, Privileges, and Access Controls vulnerability in Mavili Guestbook Project Mavili Guestbook

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.

5.0
2012-10-04 CVE-2012-3819 Dart Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dart Powertcp Activex

Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.

5.0
2012-10-04 CVE-2012-3267 HP Information Disclosure vulnerability in HP Network Node Manager I 9.20

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2012-10-02 CVE-2012-3266 HP Unspecified vulnerability in HP products

Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2012-10-01 CVE-2012-4063 Eucalyptus Permissions, Privileges, and Access Controls vulnerability in Eucalyptus

The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2012-10-01 CVE-2012-1471 Ocportal Path Traversal vulnerability in Ocportal

Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a ..

5.0
2012-10-01 CVE-2012-4830 IBM Unspecified vulnerability in IBM Websphere Commerce

Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors.

5.0
2012-10-01 CVE-2012-3319 IBM Information Exposure vulnerability in IBM Rational Business Developer 8.0.1/8.0.1.1/8.0.1.2

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product.

5.0
2012-10-01 CVE-2012-3035 Emerson Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Emerson Deltav

Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port.

5.0
2012-10-01 CVE-2012-4429 David King Information Exposure vulnerability in David King Vino

Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.

5.0
2012-10-01 CVE-2012-1591 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

5.0
2012-10-07 CVE-2010-5277 Karim Ratib
Drupal
Unspecified vulnerability in Karim Ratib Views Bulk Operations

Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors.

4.9
2012-10-03 CVE-2012-3488 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.

4.9
2012-10-05 CVE-2012-4442 Monkey Project Permissions, Privileges, and Access Controls vulnerability in Monkey-Project Monkey 0.9.3

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.

4.7
2012-10-07 CVE-2011-4910 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2012-10-07 CVE-2011-4909 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

4.3
2012-10-07 CVE-2010-5276 Memcache Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Memcache Project Memcache

The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again."

4.3
2012-10-07 CVE-2010-5275 Memcache Project
Drupal
Cross-Site Scripting vulnerability in Memcache Project Memcache

Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-10-06 CVE-2012-5305 Directadmin Cross-Site Scripting vulnerability in Directadmin 1.403

Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

4.3
2012-10-06 CVE-2012-1634 Hans Nilsson
Drupal
Cross-Site Scripting vulnerability in Hans Nilsson Video Filter

Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.

4.3
2012-10-06 CVE-2012-1564 Yuriy V Semenikhin Cross-Site Scripting vulnerability in Yuriy V Semenikhin YVS Image Gallery

Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-10-06 CVE-2012-0986 Impresscms Cross-Site Scripting vulnerability in Impresscms

Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.

4.3
2012-10-05 CVE-2012-5050 Vmware Cross-Site Scripting vulnerability in VMWare Vcenter Operations 1.0.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-10-05 CVE-2012-4018 Finalbeta Cross-Site Scripting vulnerability in Finalbeta Mywebsearch

Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

4.3
2012-10-04 CVE-2012-5296 Mavili Guestbook Project Cross-Site Scripting vulnerability in Mavili Guestbook Project Mavili Guestbook

Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp.

4.3
2012-10-04 CVE-2012-5295 Fusetalk Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.

4.3
2012-10-04 CVE-2011-5207 Thecartpress
Wordpress
Cross-Site Scripting vulnerability in Thecartpress

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.

4.3
2012-10-04 CVE-2011-5206 Rapidleech Cross-Site Scripting vulnerability in Rapidleech 2.3/Rev36

Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter.

4.3
2012-10-04 CVE-2011-5205 Rapidleech Cross-Site Scripting vulnerability in Rapidleech 2.3/Rev36

Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter.

4.3
2012-10-01 CVE-2012-1604 Nextbbs Cross-Site Scripting vulnerability in Nextbbs 0.6

Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.

4.3
2012-10-01 CVE-2012-1470 Ocportal Cross-Site Scripting vulnerability in Ocportal

Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.

4.3
2012-10-01 CVE-2012-1636 Luke Herrington
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Luke Herrington Stickynote 7.X1.0/7.X1.X

Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.

4.3
2012-10-01 CVE-2012-0989 Oneorzero Cross-Site Scripting vulnerability in Oneorzero Action and Information Management System 2.8.0

Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

4.3
2012-10-01 CVE-2012-5232 Mediafire
Joomla
Cross-Site Scripting vulnerability in Mediafire MOD Quick Form

Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-10-01 CVE-2012-5229 Wordpress Cross-Site Scripting vulnerability in Wordpress Slideshow Gallery2

Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.

4.3
2012-10-01 CVE-2012-5228 Tincan Cross-Site Scripting vulnerability in Tincan PHPlist

Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter.

4.3
2012-10-01 CVE-2012-5226 Peel Cross-Site Scripting vulnerability in Peel Shopping 2.8/2.9

Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.

4.3
2012-10-01 CVE-2012-5225 Eliteweaver Cross-Site Scripting vulnerability in Eliteweaver Xclick Cart 1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.

4.3
2012-10-01 CVE-2012-1898 Ivano Binetti Cross-Site Scripting vulnerability in Ivano Binetti Wolf CMS

Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters.

4.3
2012-10-01 CVE-2012-4437 Smarty Cross-Site Scripting vulnerability in Smarty

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.

4.3
2012-10-01 CVE-2011-4551 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.

4.3
2012-10-01 CVE-2012-2153 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

4.0
2012-10-01 CVE-2012-1590 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-06 CVE-2012-1624 Lingotek
Drupal
Cross-Site Scripting vulnerability in Lingotek

Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content.

3.5
2012-10-01 CVE-2012-4065 Eucalyptus Permissions, Privileges, and Access Controls vulnerability in Eucalyptus

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting.

3.5
2012-10-01 CVE-2012-1639 Drupal
Commerceguys
Cross-Site Scripting vulnerability in Commerceguys Commerce 7.X1.0/7.X1.1/7.X1.X

Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.

3.5
2012-10-01 CVE-2012-1588 Drupal Resource Management Errors vulnerability in Drupal

Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.

3.5
2012-10-04 CVE-2012-5238 Wireshark Multiple Security vulnerability in Wireshark 1.8.0/1.8.1/1.8.2

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.

3.3
2012-10-04 CVE-2012-5237 Wireshark Resource Management Errors vulnerability in Wireshark 1.8.0/1.8.1/1.8.2

The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

3.3
2012-10-07 CVE-2011-4363 Frii
Perl
Link Following vulnerability in Frii Proc::Processtable 0.45

ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

2.6
2012-10-01 CVE-2012-5233 Luke Herrington
Drupal
Cross-Site Scripting vulnerability in Luke Herrington Stickynote 7.X1.0/7.X1.X

Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.

2.1
2012-10-01 CVE-2011-5202 Sysprogs Buffer Errors vulnerability in Sysprogs Wincdemu 3.6

BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe.

2.1
2012-10-01 CVE-2012-4833 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

2.1
2012-10-04 CVE-2011-5204 Akiva Credentials Management vulnerability in Akiva Webboard 8.0

Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.

1.9