Weekly Vulnerabilities Reports > October 8 to 14, 2012

Overview

170 new vulnerabilities reported during this period, including 53 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 129 products from 80 vendors including Google, Microsoft, Mozilla, Apple, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", and "Path Traversal".

  • 153 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 54 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 151 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 33 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 28 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

53 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-12 CVE-2012-4190 Mozilla
Cyanogenmod
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10.0
2012-10-11 CVE-2012-5112 Google
Apple
Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2012-10-10 CVE-2012-3983 Mozilla
Canonical
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2012-10-09 CVE-2012-5272 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5271 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5270 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5269 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5268 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5267 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5266 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5265 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5264 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5263 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5262 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5261 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5260 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5259 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5258 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5257 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5256 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5255 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5254 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5253 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5252 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5251 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5250 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5249 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-09 CVE-2012-5248 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-10-12 CVE-2012-0227 Componentone
Opcsystems
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method.

9.3
2012-10-12 CVE-2012-4191 Mozilla
Canonical
Out-Of-Bounds Write vulnerability in multiple products

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

9.3
2012-10-11 CVE-2012-5376 Google Improper Privilege Management vulnerability in Google Chrome

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.

9.3
2012-10-10 CVE-2012-4188 Mozilla
Canonical
Redhat
Debian
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2012-10-10 CVE-2012-4187 Mozilla
Canonical
Redhat
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.

9.3
2012-10-10 CVE-2012-4186 Mozilla
Canonical
Debian
Redhat
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2012-10-10 CVE-2012-4185 Mozilla
Canonical
Redhat
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3
2012-10-10 CVE-2012-4183 Mozilla
Canonical
Redhat
Opensuse
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3
2012-10-10 CVE-2012-4182 Mozilla
Canonical
Redhat
Debian
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3
2012-10-10 CVE-2012-4181 Mozilla
Canonical
Redhat
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3
2012-10-10 CVE-2012-4180 Mozilla
Canonical
Redhat
Debian
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2012-10-10 CVE-2012-4179 Mozilla
Canonical
Redhat
Debian
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3
2012-10-10 CVE-2012-3995 Mozilla
Canonical
Redhat
Suse
Out-Of-Bounds Read vulnerability in multiple products

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

9.3
2012-10-10 CVE-2012-3993 Mozilla Improper Privilege Management vulnerability in Mozilla products

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.

9.3
2012-10-10 CVE-2012-3991 Mozilla
Canonical
Redhat
Suse
Permissions, Privileges, and Access Controls vulnerability in multiple products

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.

9.3
2012-10-10 CVE-2012-3990 Mozilla
Canonical
Redhat
Debian
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.

9.3
2012-10-10 CVE-2012-3989 Mozilla
Canonical
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.

9.3
2012-10-10 CVE-2012-3988 Mozilla
Canonical
Redhat
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.

9.3
2012-10-10 CVE-2012-3982 Mozilla
Canonical
Redhat
Debian
Suse
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
9.3
2012-10-09 CVE-2012-2550 Microsoft Buffer Errors vulnerability in Microsoft Works 9.0

Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability."

9.3
2012-10-09 CVE-2012-2528 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."

9.3
2012-10-09 CVE-2012-0182 Microsoft Code Injection vulnerability in Microsoft Word 2007

Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."

9.3
2012-10-09 CVE-2012-5108 Google Race Condition vulnerability in Google Chrome

Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.

9.3
2012-10-08 CVE-2012-5324 Tracker Software Buffer Errors vulnerability in Tracker-Software Pdf-Xchange 3.60.0128

Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key parameter to the InitFromRegistry function.

9.3
2012-10-08 CVE-2012-1189 Bernhard Wymann
Speed Dreams
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

9.3

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-10 CVE-2012-5166 ISC Numeric Errors vulnerability in ISC Bind

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.

7.8
2012-10-09 CVE-2012-3549 Freebsd Remote Denial of Service vulnerability in Freebsd 8.2

The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.

7.8
2012-10-11 CVE-2012-5385 Webcalendar Project Permissions, Privileges, and Access Controls vulnerability in Webcalendar Project Webcalendar

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.

7.5
2012-10-09 CVE-2012-5347 Tinywebgallery Remote Command Execution vulnerability in Tinywebgallery 1.8.3

TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.

7.5
2012-10-09 CVE-2012-5342 Michau Enterprises LLC SQL Injection vulnerability in Michau Enterprises LLC Commonsense CMS

Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.

7.5
2012-10-09 CVE-2012-4456 Openstack Improper Authentication vulnerability in Openstack Keystone 2012.1/2012.1.1/2012.2

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

7.5
2012-10-09 CVE-2012-5111 Google Unspecified vulnerability in Google Chrome

Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.

7.5
2012-10-09 CVE-2012-2900 Google Unspecified vulnerability in Google Chrome

Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5
2012-10-08 CVE-2012-5334 Preprojects SQL Injection vulnerability in Preprojects PRE Printing Press

SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2012-10-08 CVE-2012-5333 Preprojects SQL Injection vulnerability in Preprojects PRE Printing Press

SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-10-08 CVE-2011-4929 Redmine Unspecified vulnerability in Redmine

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

7.5
2012-10-08 CVE-2011-4342 Backwpup
Wordpress
Code Injection vulnerability in Backwpup

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

7.5
2012-10-08 CVE-2012-5317 Bigware SQL Injection vulnerability in Bigware Shop 2.0/2.1.4

SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action.

7.5
2012-10-08 CVE-2012-5313 Snitz Communications SQL Injection vulnerability in Snitz Communications Snitz Forums 2000

SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.

7.5
2012-10-08 CVE-2012-5312 Tribiq SQL Injection vulnerability in Tribiq CMS

SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2012-10-08 CVE-2012-5310 Getshopped
Wordpress
SQL Injection vulnerability in Getshopped WP E-Commerce

SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-10-08 CVE-2011-4638 Spamtitan SQL Injection vulnerability in Spamtitan Webtitan 3.50

Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php.

7.5
2012-10-08 CVE-2010-5063 Vwar SQL Injection vulnerability in Vwar Virtual WAR 1.6.1

SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.

7.5
2012-10-09 CVE-2012-2529 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."

7.2

87 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-12 CVE-2012-4193 Mozilla
Suse
Canonical
Redhat
Origin Validation Error vulnerability in multiple products

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.

6.8
2012-10-11 CVE-2012-5386 Nicolas Tormo Path Traversal vulnerability in Nicolas Tormo PHPpaleo 4.8B180

Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2012-10-10 CVE-2012-5354 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.

6.8
2012-10-10 CVE-2012-3984 Mozilla
Canonical
Suse
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.
6.8
2012-10-09 CVE-2012-4002 Glpi Project Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2012-10-09 CVE-2012-5348 Wilson Steven SQL Injection vulnerability in Wilson Steven Mangosweb Enhanced 3.0.3

SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.

6.8
2012-10-09 CVE-2011-5210 Limny Path Traversal vulnerability in Limny 3.0.0

Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the theme parameter.

6.8
2012-10-08 CVE-2012-5331 Nasir Khan Path Traversal vulnerability in Nasir Khan Asaancart 0.9

Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a ..

6.8
2012-10-08 CVE-2012-1671 Nicolas Tormo Path Traversal vulnerability in Nicolas Tormo PHPpaleo 4.8B155

Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a ..

6.8
2012-10-08 CVE-2012-5326 Idevspot Cross-Site Request Forgery (CSRF) vulnerability in Idevspot Isupport

Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.

6.8
2012-10-08 CVE-2012-5323 Xavi Cross-Site Request Forgery (CSRF) vulnerability in Xavi X7968

Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters.

6.8
2012-10-08 CVE-2012-5320 Sagem Cross-Site Request Forgery (CSRF) vulnerability in Sagem [email protected] 2604 and [email protected] 2604 Firmware

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem [email protected] 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

6.8
2012-10-08 CVE-2012-5319 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dcs-2000, Dcs-5300 and Dcs-900

Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.

6.8
2012-10-08 CVE-2012-1416 Socialcms Cross-Site Request Forgery (CSRF) vulnerability in Socialcms 1.0.2

Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.

6.8
2012-10-08 CVE-2012-1308 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2640B and Dsl-2640B Firmware

Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

6.8
2012-10-08 CVE-2012-5318 Kishore Asokan
Wordpress
Arbitrary File Upload vulnerability in Kishore Asokan Kish Guest Posting Plugin 1.2

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.

6.8
2012-10-08 CVE-2012-1125 Kishore Asokan
Wordpress
Unspecified vulnerability in Kishore Asokan Kish Guest Posting Plugin 1.0/1.1

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.

6.8
2012-10-08 CVE-2012-5309 IBM Improper Authentication vulnerability in IBM Lotus Notes Traveler

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

6.8
2012-10-08 CVE-2012-5308 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Notes Traveler

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.

6.8
2012-10-08 CVE-2010-5067 Vwar Credentials Management vulnerability in Vwar Virtual WAR 1.6.1

Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.

6.8
2012-10-10 CVE-2012-4467 Linux Resource Management Errors vulnerability in Linux Kernel

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.

6.6
2012-10-10 CVE-2012-4465 Lars Hjemli Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lars Hjemli Cgit

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.

6.5
2012-10-08 CVE-2012-5328 Cartpauj
Wordpress
SQL Injection vulnerability in Cartpauj Mingle-Forum

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.

6.5
2012-10-08 CVE-2012-5327 Cartpauj
Wordpress
SQL Injection vulnerability in Cartpauj Mingle-Forum

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.

6.5
2012-10-08 CVE-2011-4639 Spamtitan Code Injection vulnerability in Spamtitan Webtitan 3.50

The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.

6.5
2012-10-09 CVE-2012-5351 Apache Improper Authentication vulnerability in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

6.4
2012-10-11 CVE-2012-5383 Oracle Unspecified vulnerability in Oracle Mysql 5.5.28

** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

6.2
2012-10-10 CVE-2012-4455 Opencryptoki Project Link Following vulnerability in Opencryptoki Project Opencryptoki 2.4.1

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.

6.2
2012-10-11 CVE-2012-5382 Zend Insecure File Permissions vulnerability in Zend Server 5.6.0

** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

6.0
2012-10-11 CVE-2012-5381 PHP Insecure File Permissions vulnerability in PHP 5.3.17

** DISPUTED ** Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

6.0
2012-10-11 CVE-2012-5380 Ruby Lang Insecure File Permissions vulnerability in Ruby-Lang Ruby 1.9.3

** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

6.0
2012-10-11 CVE-2012-5379 Activestate Insecure File Permissions vulnerability in Activestate Activepython 3.2.2.3

** DISPUTED ** Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

6.0
2012-10-11 CVE-2012-5378 Activestate Insecure File Permissions vulnerability in Activestate Activetcl 8.5.12

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

6.0
2012-10-11 CVE-2012-5377 Activestate Insecure File Permissions vulnerability in Activestate Activeperl 5.16.1.1601

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

6.0
2012-10-09 CVE-2012-5350 Wordpress SQL Injection vulnerability in Wordpress Pay-With-Tweet

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.

6.0
2012-10-10 CVE-2012-5356 Canonical Improper Input Validation vulnerability in Canonical Ubuntu Software Properties

The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.

5.8
2012-10-09 CVE-2012-5353 Eduserv Improper Authentication vulnerability in Eduserv Openathens Service Provider 2.0

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."

5.8
2012-10-09 CVE-2012-5352 Josso Improper Authentication vulnerability in Josso Java Open Single Sign-On Project Home

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."

5.8
2012-10-09 CVE-2012-4418 Apache Improper Authentication vulnerability in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

5.8
2012-10-08 CVE-2012-5321 Tiki Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 8.3

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."

5.8
2012-10-08 CVE-2012-4824 IBM Improper Input Validation vulnerability in IBM Lotus Notes Traveler

Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter.

5.8
2012-10-10 CVE-2012-4463 Midnight Commander Improper Input Validation vulnerability in Midnight-Commander Midnight Commander 4.8.5

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.

5.1
2012-10-09 CVE-2012-4399 Cakefoundation Permissions, Privileges, and Access Controls vulnerability in Cakefoundation Cakephp

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

5.0
2012-10-09 CVE-2012-3505 Banu Cryptographic Issues vulnerability in Banu Tinyproxy

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably.

5.0
2012-10-09 CVE-2012-2551 Microsoft Denial of Service vulnerability in Microsoft Windows Kerberos

The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

5.0
2012-10-09 CVE-2012-3436 Openttd Improper Input Validation vulnerability in Openttd

OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half."

5.0
2012-10-09 CVE-2012-5345 Kepler LAM Buffer Errors vulnerability in Kepler LAM Iptools 0.1.4

Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.

5.0
2012-10-09 CVE-2012-5344 Kepler LAM Path Traversal vulnerability in Kepler LAM Iptools 0.1.4

Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a ..

5.0
2012-10-09 CVE-2012-5110 Google Out-Of-Bounds Read vulnerability in Google Chrome

The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2012-10-09 CVE-2012-5109 Google Out-Of-Bounds Read vulnerability in Google Chrome

The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.

5.0
2012-10-08 CVE-2012-5332 At32 HTTP Header Fields Denial Of Service vulnerability in At32 Reverse Proxy 1.060.310

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field.

5.0
2012-10-08 CVE-2011-5208 Backwpup
Wordpress
Path Traversal vulnerability in Backwpup

Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a ..

5.0
2012-10-08 CVE-2010-5279 Vwar Numeric Errors vulnerability in Vwar Virtual WAR 1.6.1

article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.

5.0
2012-10-08 CVE-2010-5065 Vwar Permissions, Privileges, and Access Controls vulnerability in Vwar Virtual WAR 1.6.1

popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.

5.0
2012-10-12 CVE-2012-4192 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.

4.3
2012-10-11 CVE-2012-5384 Webcalendar Project Cross-Site Scripting vulnerability in Webcalendar Project Webcalendar

Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.

4.3
2012-10-10 CVE-2012-4445 W1 FI Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W1.Fi Hostapd

Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.

4.3
2012-10-10 CVE-2012-3040 Siemens Cross-Site Scripting vulnerability in Siemens Simatic S7-1200 PLC

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

4.3
2012-10-10 CVE-2009-5067 Html2Ps Project Path Traversal vulnerability in Html2Ps Project Html2Ps 1.0

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a ..

4.3
2012-10-10 CVE-2012-4184 Mozilla
Canonical
Redhat
Suse
Cross-Site Scripting vulnerability in multiple products

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.

4.3
2012-10-10 CVE-2012-3994 Mozilla
Suse
Canonical
Redhat
Cross-Site Scripting vulnerability in multiple products

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.

4.3
2012-10-10 CVE-2012-3992 Mozilla
Canonical
Redhat
Suse
Cross-Site Scripting vulnerability in multiple products

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.

4.3
2012-10-10 CVE-2012-3986 Mozilla
Canonical
Redhat
Debian
Suse
Improper Input Validation vulnerability in multiple products

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

4.3
2012-10-10 CVE-2012-3985 Mozilla
Canonical
Suse
Cross-Site Scripting vulnerability in multiple products

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

4.3
2012-10-09 CVE-2012-4003 Glpi Project Cross-Site Scripting vulnerability in Glpi-Project Glpi

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2012-10-09 CVE-2012-2552 Microsoft Cross-Site Scripting vulnerability in Microsoft SQL Server and SQL Server Reporting Services

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

4.3
2012-10-09 CVE-2012-2520 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

4.3
2012-10-09 CVE-2012-5346 Bencemeszaros
Wordpress
Cross-Site Scripting vulnerability in Bencemeszaros Wp-Livephp 1.2.1

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3
2012-10-09 CVE-2012-5343 Limny Cross-Site Scripting vulnerability in Limny 3.0.1

Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.

4.3
2012-10-09 CVE-2012-5341 Otterware Cross-Site Scripting vulnerability in Otterware Statit 4.0

Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.

4.3
2012-10-09 CVE-2011-5209 Cloneforest Cross-Site Scripting vulnerability in Cloneforest Graphicsclone Script 1.11

Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.

4.3
2012-10-08 CVE-2012-5330 Nasir Khan Cross-Site Scripting vulnerability in Nasir Khan Asaancart 0.9

Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.

4.3
2012-10-08 CVE-2012-0846 K5N Cross-Site Scripting vulnerability in K5N Webcalendar 1.2.4

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.

4.3
2012-10-08 CVE-2012-5322 Xavi Cross-Site Scripting vulnerability in Xavi X7968

Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config.

4.3
2012-10-08 CVE-2011-4928 Redmine Cross-Site Scripting vulnerability in Redmine

Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-10-08 CVE-2012-5315 PHP Ireport Project Cross-Site Scripting vulnerability in PHP Ireport Project PHP Ireport 1.0

Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.

4.3
2012-10-08 CVE-2012-5314 Heikki Hokkanen Cross-Site Scripting vulnerability in Heikki Hokkanen Viewgit

Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter.

4.3
2012-10-08 CVE-2012-4825 IBM Cross-Site Scripting vulnerability in IBM Lotus Notes Traveler

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.

4.3
2012-10-08 CVE-2010-5066 Vwar Cryptographic Issues vulnerability in Vwar Virtual WAR 1.6.1

The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack.

4.3
2012-10-08 CVE-2010-5064 Vwar Cross-Site Scripting vulnerability in Vwar Virtual WAR 1.6.1

Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php.

4.3
2012-10-10 CVE-2012-4430 Bacula
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

4.0
2012-10-10 CVE-2012-3987 Mozilla
Google
Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

4.0
2012-10-09 CVE-2012-4457 Openstack Improper Authentication vulnerability in Openstack Keystone 2012.1/2012.1.1/2012.2

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.

4.0
2012-10-08 CVE-2012-5335 Saurabh Gupta Path Traversal vulnerability in Saurabh Gupta Tiny Server 1.1.5

Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a ..

4.0
2012-10-08 CVE-2012-5329 Typsoft Buffer Errors vulnerability in Typsoft FTP Server 1.1

Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.

4.0
2012-10-08 CVE-2011-4927 Redmine Unspecified vulnerability in Redmine

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.

4.0
2012-10-08 CVE-2011-4640 Spamtitan Path Traversal vulnerability in Spamtitan Webtitan 3.50

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a ..

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-10 CVE-2012-3504 Fedoraproject Permissions, Privileges, and Access Controls vulnerability in Fedoraproject Crypto-Utils 2.4.134

The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.

3.6
2012-10-08 CVE-2012-5316 Barracudanetworks Cross-Site Scripting vulnerability in Barracudanetworks products

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module.

3.5
2012-10-10 CVE-2012-5355 Bryce Harrington Link Following vulnerability in Bryce Harrington Xdiagnose 0.20Ubuntu2/1.6/1.6.1

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

3.3
2012-10-10 CVE-2012-2286 EMC Information Disclosure vulnerability in RSA Adaptive Authentication (On Premise)

Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors.

2.9
2012-10-10 CVE-2012-4454 Opencryptoki Project Permissions, Privileges, and Access Controls vulnerability in Opencryptoki Project Opencryptoki

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.

2.9
2012-10-09 CVE-2012-5349 Wordpress Cross-Site Scripting vulnerability in Wordpress Pay-With-Tweet

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.

2.6
2012-10-08 CVE-2012-5307 IBM Cross-Site Scripting vulnerability in IBM Lotus Notes Traveler

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.

2.6
2012-10-10 CVE-2012-4899 Wellintech Cryptographic Issues vulnerability in Wellintech Kingview

WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file.

2.1
2012-10-09 CVE-2012-4453 Fedoraproject
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

2.1
2012-10-09 CVE-2012-4452 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle Mysql

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.

2.1
2012-10-08 CVE-2012-5325 Cartpauj
Wordpress
Cross-Site Scripting vulnerability in Cartpauj Shortcode-Redirect 1.0.00/1.0.01

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.

2.1