Weekly Vulnerabilities Reports > November 12 to 18, 2012

Overview

113 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 116 products from 55 vendors including Microsoft, Agilefleet, Apple, Mozilla, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Resource Management Errors".

  • 103 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 104 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 24 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 17 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-18 CVE-2012-4944 Agilefleet Remote Security vulnerability in Agilefleet Fleetcommander and Fleetcommander Kiosk

Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page.

10.0
2012-11-18 CVE-2012-4959 Novell Path Traversal vulnerability in Novell File Reporter 1.0.2

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a ..

10.0
2012-11-18 CVE-2012-4956 Novell Buffer Errors vulnerability in Novell File Reporter 1.0.2

Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.

10.0
2012-11-17 CVE-2012-5896 Quest Unspecified vulnerability in Quest Intrust

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."

10.0
2012-11-17 CVE-2012-5895 Irods Security vulnerability in Irods 2.5

Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.

10.0
2012-11-13 CVE-2012-5673 Adobe
Apple
Microsoft
Linux
Google
Security vulnerability in Adobe Air, AIR SDK and Flash Player

Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors.

10.0
2012-11-13 CVE-2012-5287 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-11-13 CVE-2012-5286 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-11-13 CVE-2012-5285 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

10.0
2012-11-17 CVE-2012-5897 Quest Permissions, Privileges, and Access Controls vulnerability in Quest Intrust

The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.

9.3
2012-11-14 CVE-2012-4953 Symantec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Antivirus, Endpoint Protection and Scan Engine

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.

9.3
2012-11-14 CVE-2012-3569 Vmware
Microsoft
USE of Externally-Controlled Format String vulnerability in VMWare OVF Tool, Player and Workstation

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

9.3
2012-11-14 CVE-2012-4777 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework 4.0/4.5

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."

9.3
2012-11-14 CVE-2012-4776 Microsoft Improper Input Validation vulnerability in Microsoft .Net Framework

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."

9.3
2012-11-14 CVE-2012-4775 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 9

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."

9.3
2012-11-14 CVE-2012-2543 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."

9.3
2012-11-14 CVE-2012-1895 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."

9.3
2012-11-14 CVE-2012-1887 Microsoft Resource Management Errors vulnerability in Microsoft Excel and Office

Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."

9.3
2012-11-14 CVE-2012-1886 Microsoft Buffer Errors vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."

9.3
2012-11-14 CVE-2012-1885 Microsoft Buffer Errors vulnerability in Microsoft Excel, Office and Office Compatibility Pack

Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."

9.3
2012-11-14 CVE-2012-1539 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 9

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."

9.3
2012-11-14 CVE-2012-1538 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 9

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."

9.3
2012-11-14 CVE-2012-1528 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." Per: http://technet.microsoft.com/security/bulletin/MS12-072 "A remote code execution vulnerability exists in the Briefcase feature in Windows.

9.3
2012-11-14 CVE-2012-1527 Microsoft Numeric Errors vulnerability in Microsoft products

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-072 "A remote code execution vulnerability exists in the Briefcase feature in Windows.

9.3

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-14 CVE-2012-5458 Vmware
Microsoft
Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.

8.3
2012-11-14 CVE-2012-5459 Vmware
Microsoft
Unspecified vulnerability in VMWare Player and Workstation

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"

7.9
2012-11-14 CVE-2012-2519 Microsoft DLL Loading Arbitrary Code Execution vulnerability in Microsoft .NET Framework

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

7.9
2012-11-18 CVE-2012-4958 Novell Path Traversal vulnerability in Novell File Reporter 1.0.2

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a ..

7.8
2012-11-18 CVE-2012-4957 Novell Path Traversal vulnerability in Novell File Reporter 1.0.2

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.

7.8
2012-11-14 CVE-2012-2619 Broadcom
Apple
Improper Input Validation vulnerability in multiple products

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.

7.8
2012-11-13 CVE-2012-1813 C3 Ilex Resource Management Errors vulnerability in C3-Ilex Eoscada

eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 12000.

7.8
2012-11-13 CVE-2012-1811 C3 Ilex Resource Management Errors vulnerability in C3-Ilex Eoscada

EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006.

7.8
2012-11-18 CVE-2012-4433 Gegl Numeric Errors vulnerability in Gegl 0.2.0

Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.

7.5
2012-11-18 CVE-2012-4945 Agilefleet Improper Input Validation vulnerability in Agilefleet Fleetcommander and Fleetcommander Kiosk

Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection" issue.

7.5
2012-11-18 CVE-2012-4941 Agilefleet SQL Injection vulnerability in Agilefleet Fleetcommander and Fleetcommander Kiosk

Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-11-17 CVE-2012-5912 Pico SQL Injection vulnerability in Pico Picopublisher 2.0

Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.

7.5
2012-11-17 CVE-2012-5909 Mybb SQL Injection vulnerability in Mybb 1.6.6

SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.

7.5
2012-11-17 CVE-2012-5900 Samedia SQL Injection vulnerability in Samedia Landshop 0.9.2

Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.

7.5
2012-11-17 CVE-2012-5894 Havalite SQL Injection vulnerability in Havalite CMS

SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.

7.5
2012-11-15 CVE-2012-4951 Verifone SQL Injection vulnerability in Verifone Vericentre web Console 2.0/2.0.1/2.2

Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.

7.5
2012-11-14 CVE-2012-4850 IBM Improper Input Validation vulnerability in IBM Websphere Application Server 8.5.0.0

IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.

7.5
2012-11-14 CVE-2012-2553 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

7.2
2012-11-14 CVE-2012-2530 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

7.2

65 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-16 CVE-2012-4613 EMC Improper Authentication vulnerability in EMC RSA Data Protection Manager Appliance

EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack.

6.9
2012-11-18 CVE-2012-4552 Steve J Baker Buffer Errors vulnerability in Steve J Baker Plib 1.8.5

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.

6.8
2012-11-18 CVE-2012-4943 Agilefleet Cross-Site Request Forgery (CSRF) vulnerability in Agilefleet Fleetcommander and Fleetcommander Kiosk

Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions.

6.8
2012-11-18 CVE-2012-4937 Patterninsight Multiple Security vulnerability in Patterninsight Pattern Insight 2.3

Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsession_id cookie.

6.8
2012-11-18 CVE-2012-4936 Patterninsight Multiple Security vulnerability in Patterninsight Pattern Insight 2.3

The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element.

6.8
2012-11-18 CVE-2012-4935 Patterninsight Cross-Site Request Forgery (CSRF) vulnerability in Patterninsight Pattern Insight 2.3

Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2012-11-17 CVE-2012-5904 Irfanview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview

Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.

6.8
2012-11-17 CVE-2012-5898 Samedia Cross-Site Request Forgery (CSRF) vulnerability in Samedia Landshop 0.9.2

Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.

6.8
2012-11-17 CVE-2012-5893 Havalite Unspecified vulnerability in Havalite CMS

Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.

6.8
2012-11-17 CVE-2012-5891 Dalbum Cross-Site Request Forgery (CSRF) vulnerability in Dalbum

Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.

6.8
2012-11-16 CVE-2012-5777 Phome Code Injection vulnerability in Phome Empirecms 6.6

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

6.8
2012-11-14 CVE-2012-4853 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.

6.8
2012-11-17 CVE-2012-5910 B2Evolution SQL Injection vulnerability in B2Evolution 4.1.3

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.

6.5
2012-11-14 CVE-2012-4949 Esri SQL Injection vulnerability in Esri Arcgis 10.1

SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.

6.5
2012-11-18 CVE-2012-4520 Djangoproject Improper Input Validation vulnerability in Djangoproject Django

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

6.4
2012-11-16 CVE-2012-5523 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.

5.5
2012-11-16 CVE-2012-5522 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.

5.5
2012-11-14 CVE-2012-4948 Fortinet Improper Certificate Validation vulnerability in Fortinet products

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

5.3
2012-11-18 CVE-2012-4947 Agilefleet Cryptographic Issues vulnerability in Agilefleet Fleetcommander and Fleetcommander Kiosk

Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages.

5.0
2012-11-18 CVE-2012-4946 Agilefleet Cryptographic Issues vulnerability in Agilefleet Fleetcommander and Fleetcommander Kiosk

Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a key file and the encrypted strings.

5.0
2012-11-18 CVE-2012-4575 Pgbouncer Project
Postgresql
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

5.0
2012-11-17 CVE-2012-5916 Neocrome Information Exposure vulnerability in Neocrome Seditio

Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql.

5.0
2012-11-17 CVE-2012-5915 Neocrome Information Exposure vulnerability in Neocrome Seditio

Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message.

5.0
2012-11-17 CVE-2012-5907 Tomatocart Path Traversal vulnerability in Tomatocart 1.2.0

Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a ..

5.0
2012-11-17 CVE-2012-5901 Dflabs Permissions, Privileges, and Access Controls vulnerability in Dflabs PTK 1.0.5

DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.

5.0
2012-11-17 CVE-2012-5892 Havalite Permissions, Privileges, and Access Controls vulnerability in Havalite CMS

Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.

5.0
2012-11-17 CVE-2012-5890 Stanislas Rolland
Typo3
Information Exposure vulnerability in Stanislas Rolland SR Feuser Register

The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.

5.0
2012-11-17 CVE-2012-5887 Apache Improper Authentication vulnerability in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

5.0
2012-11-17 CVE-2012-5886 Apache Improper Authentication vulnerability in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

5.0
2012-11-17 CVE-2012-5885 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

5.0
2012-11-16 CVE-2012-5172 Asial Information Exposure vulnerability in Asial Monaca Debugger 1.4.1

The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application.

5.0
2012-11-16 CVE-2012-2733 Apache Improper Input Validation vulnerability in Apache Tomcat

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

5.0
2012-11-16 CVE-2012-5884 Mozilla Information Exposure vulnerability in Mozilla Bugzilla 4.3.2

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.

5.0
2012-11-16 CVE-2012-4197 Mozilla Information Exposure vulnerability in Mozilla Bugzilla

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.

5.0
2012-11-14 CVE-2012-3330 IBM Denial Of Service vulnerability in IBM WebSphere Application Server

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.

5.0
2012-11-14 CVE-2012-2532 Microsoft Information Exposure vulnerability in Microsoft FTP Service 7.0/7.5

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."

5.0
2012-11-14 CVE-2012-1896 Microsoft Information Exposure vulnerability in Microsoft .Net Framework 2.0/3.5.1

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."

5.0
2012-11-13 CVE-2012-1812 C3 Ilex Information Exposure vulnerability in C3-Ilex Eoscada

eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000.

5.0
2012-11-13 CVE-2012-1810 C3 Ilex Permissions, Privileges, and Access Controls vulnerability in C3-Ilex Eoscada

EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004.

5.0
2012-11-18 CVE-2012-4950 Patterninsight Cross-Site Scripting vulnerability in Patterninsight Pattern Insight 2.3

Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages.

4.3
2012-11-18 CVE-2012-4942 Agilefleet Cross-Site Scripting vulnerability in Agilefleet Fleetcommander and Fleetcommander Kiosk

Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field.

4.3
2012-11-17 CVE-2012-5917 TOM Wilkason Buffer Errors vulnerability in TOM Wilkason Snackamp 3.1.3

SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file.

4.3
2012-11-17 CVE-2012-5913 Wordpress Integrator Project
Wordpress
Cross-Site Scripting vulnerability in Wordpress Integrator Project Wordpress Integrator 1.32

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

4.3
2012-11-17 CVE-2012-5911 B2Evolution Cross-Site Scripting vulnerability in B2Evolution 4.1.3

Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body.

4.3
2012-11-17 CVE-2012-5908 Mybb Cross-Site Scripting vulnerability in Mybb 1.6.6

Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.

4.3
2012-11-17 CVE-2012-5906 Morequick Cross-Site Scripting vulnerability in Morequick Greenbrowser 6.1.0117/6.1.0216

Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js.

4.3
2012-11-17 CVE-2012-5903 Simple Machines Cross-Site Scripting vulnerability in Simple Machines SMF 2.0.2

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.

4.3
2012-11-17 CVE-2012-5902 Dflabs Cross-Site Scripting vulnerability in Dflabs PTK 1.0.5

Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.

4.3
2012-11-17 CVE-2012-5899 Samedia Cross-Site Scripting vulnerability in Samedia Landshop 0.9.2

Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action.

4.3
2012-11-17 CVE-2012-5889 Alex Kellner
Typo3
Cross-Site Scripting vulnerability in Alex Kellner Powermail

Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-11-17 CVE-2012-5888 Benjamin Mack
Typo3
Cross-Site Scripting vulnerability in Benjamin Mack SEO Basics 0.8.1

Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-11-17 CVE-2012-5856 UK Cookie Project
Wordpress
Cross-Site Scripting vulnerability in Uk-Cookie Project Uk-Cookie

Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-11-16 CVE-2012-5883 Mozilla
Yahoo
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

4.3
2012-11-16 CVE-2012-5882 Yahoo Cross-Site Scripting vulnerability in Yahoo YUI

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.

4.3
2012-11-16 CVE-2012-5881 Yahoo Cross-Site Scripting vulnerability in Yahoo YUI

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.

4.3
2012-11-16 CVE-2012-4199 Mozilla Information Exposure vulnerability in Mozilla Bugzilla

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.

4.3
2012-11-16 CVE-2012-4189 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.

4.3
2012-11-16 CVE-2012-4612 EMC Cross-Site Scripting vulnerability in EMC products

Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-11-15 CVE-2012-5851 Apple
Google
Cross-Site Scripting vulnerability in multiple products

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

4.3
2012-11-15 CVE-2012-4955 Dell Cross-Site Scripting vulnerability in Dell Openmanage Server Administrator

Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-11-14 CVE-2012-4851 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server 8.5.0.0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

4.3
2012-11-17 CVE-2012-5905 Elif Keir Buffer Errors vulnerability in Elif Keir Knftpd 1.0.0

Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.

4.0
2012-11-16 CVE-2012-4198 Mozilla Information Exposure vulnerability in Mozilla Bugzilla

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error.

4.0
2012-11-14 CVE-2012-5860 Oberthur Security vulnerability in Oberthur Id-One Cosmo 5.2/64

Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 smart cards makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the generation of non-compliant public keys.

4.0
2012-11-14 CVE-2012-4847 IBM Numeric Errors vulnerability in IBM Cognos Business Intelligence 8.4/8.4.1

IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-18 CVE-2012-4417 Gluster Permissions, Privileges, and Access Controls vulnerability in Gluster Glusterfs 3.3.0

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

3.6
2012-11-18 CVE-2012-4938 Patterninsight Cross-Site Scripting vulnerability in Patterninsight Pattern Insight 2.3

Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.

3.5
2012-11-15 CVE-2012-4954 Vanillaforums Permissions, Privileges, and Access Controls vulnerability in Vanillaforums Vanilla and Vanilla Forums

The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.

3.5
2012-11-17 CVE-2012-5914 Neocrome Cross-Site Scripting vulnerability in Neocrome Seditio

Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter.

2.6
2012-11-14 CVE-2012-2531 Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
2.1