Weekly Vulnerabilities Reports > November 19 to 25, 2012
Overview
85 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 46 vendors including XEN, Mozilla, Suse, Canonical, and Opensuse. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Resource Management Errors", and "Information Exposure".
- 61 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 75 reported vulnerabilities are exploitable by an anonymous user.
- XEN has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-23 | CVE-2012-5864 | Sinapsitech | Permissions, Privileges, and Access Controls vulnerability in Sinapsitech products The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php. | 10.0 |
2012-11-23 | CVE-2012-5863 | Sinapsitech | Permissions, Privileges, and Access Controls vulnerability in Sinapsitech products ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the ip_dominio parameter. | 10.0 |
2012-11-23 | CVE-2012-5862 | Sinapsitech | Cryptographic Issues vulnerability in Sinapsitech products login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64. | 10.0 |
2012-11-21 | CVE-2012-4218 | Mozilla Canonical Opensuse Suse | USE After Free vulnerability in multiple products Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | 10.0 |
2012-11-21 | CVE-2012-4212 | Mozilla Canonical Opensuse Suse | USE After Free vulnerability in multiple products Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | 10.0 |
2012-11-21 | CVE-2012-3513 | Munin Monitoring | Permissions, Privileges, and Access Controls vulnerability in Munin-Monitoring Munin munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. | 9.3 |
2012-11-21 | CVE-2012-4217 | Mozilla Opensuse Suse Canonical | USE After Free vulnerability in multiple products Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | 9.3 |
2012-11-21 | CVE-2012-4204 | Mozilla Opensuse Suse Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 9.3 |
2012-11-24 | CVE-2012-2239 | Mahara Debian | XXE vulnerability in multiple products Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php. | 9.1 |
2012-11-23 | CVE-2012-5759 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Datapower Xc10 Appliance The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors. | 9.0 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-21 | CVE-2012-5830 | Mozilla Redhat Canonical Opensuse Suse | Use After Free vulnerability in multiple products Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | 8.8 |
2012-11-23 | CVE-2012-5758 | IBM | Improper Authentication vulnerability in IBM Websphere Datapower Xc10 Appliance The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. | 7.8 |
2012-11-24 | CVE-2012-0960 | PS Project Management Team | Improper Input Validation vulnerability in PS Project Management Team Unity-Firefox-Extension Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request. | 7.5 |
2012-11-23 | CVE-2012-2086 | Gajim | SQL Injection vulnerability in Gajim SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | 7.5 |
2012-11-23 | CVE-2012-5861 | Sinapsitech | SQL Injection vulnerability in Sinapsitech products Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php. | 7.5 |
2012-11-21 | CVE-2012-5836 | Mozilla Opensuse Suse Canonical | Code Injection vulnerability in multiple products Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. | 7.5 |
2012-11-19 | CVE-2012-5854 | Flashtux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Flashtux Weechat Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded. | 7.5 |
2012-11-23 | CVE-2012-6030 | XEN | Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0 The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | 7.2 |
2012-11-21 | CVE-2012-3512 | Munin Monitoring | Permissions, Privileges, and Access Controls vulnerability in Munin-Monitoring Munin Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. | 7.2 |
2012-11-19 | CVE-2012-4225 | Nvidia | Permissions, Privileges, and Access Controls vulnerability in Nvidia Unix Graphic Driver NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0. | 7.2 |
2012-11-20 | CVE-2012-5674 | Adobe | Unspecified vulnerability in Adobe Coldfusion 10.0 Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors. | 7.1 |
55 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-23 | CVE-2012-6035 | XEN | Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0 The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. | 6.9 |
2012-11-23 | CVE-2012-3516 | Citrix XEN | Permissions, Privileges, and Access Controls vulnerability in multiple products The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. | 6.9 |
2012-11-23 | CVE-2012-3497 | XEN | Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0 (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. | 6.9 |
2012-11-24 | CVE-2012-2246 | Mahara | Improper Input Validation vulnerability in Mahara Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php. | 6.8 |
2012-11-23 | CVE-2012-5173 | Bigace | Unspecified vulnerability in Bigace Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
2012-11-21 | CVE-2012-4426 | Mcrypt | USE of Externally-Controlled Format String vulnerability in Mcrypt Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c. | 6.8 |
2012-11-21 | CVE-2012-4409 | Mcrypt | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mcrypt Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption. | 6.8 |
2012-11-21 | CVE-2012-5837 | Mozilla | Code Injection vulnerability in Mozilla Firefox The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. | 6.8 |
2012-11-21 | CVE-2012-4205 | Mozilla Canonical Opensuse Suse | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. | 6.8 |
2012-11-21 | CVE-2012-4203 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. | 6.8 |
2012-11-19 | CVE-2011-5244 | Gnome T1Lib Tetex | Numeric Errors vulnerability in multiple products Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | 6.8 |
2012-11-19 | CVE-2011-0433 | Gnome T1Lib Tetex | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. | 6.8 |
2012-11-21 | CVE-2012-5479 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | 6.5 |
2012-11-21 | CVE-2012-5471 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. | 6.5 |
2012-11-21 | CVE-2012-5480 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | 6.4 |
2012-11-20 | CVE-2012-4523 | Uninett | Permissions, Privileges, and Access Controls vulnerability in Uninett Radsecproxy radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients. | 6.4 |
2012-11-23 | CVE-2012-3495 | Citrix XEN | Improper Input Validation vulnerability in multiple products The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | 6.1 |
2012-11-24 | CVE-2012-2244 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. | 6.0 |
2012-11-20 | CVE-2012-4510 | Cups PK Helper Project | Permissions, Privileges, and Access Controls vulnerability in Cups-Pk-Helper Project Cups-Pk-Helper cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources. | 5.8 |
2012-11-23 | CVE-2012-3498 | Citrix XEN | Improper Input Validation vulnerability in multiple products PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | 5.6 |
2012-11-24 | CVE-2012-5533 | Lighttpd | Resource Management Errors vulnerability in Lighttpd 1.4.31/1.4.32 The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header. | 5.0 |
2012-11-24 | CVE-2012-4522 | Ruby Lang | Permissions, Privileges, and Access Controls vulnerability in Ruby-Lang Ruby 1.9.3/2.0.0 The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | 5.0 |
2012-11-23 | CVE-2011-5245 | Redhat | Information Exposure vulnerability in Redhat Resteasy The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. | 5.0 |
2012-11-21 | CVE-2012-5526 | Andy Armstrong | Configuration vulnerability in Andy Armstrong Cgi.Pm CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. | 5.0 |
2012-11-20 | CVE-2012-5703 | Vmware | Improper Input Validation vulnerability in VMWare ESX and Esxi The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. | 5.0 |
2012-11-20 | CVE-2011-4612 | Xiph | Improper Input Validation vulnerability in Xiph Icecast icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. | 5.0 |
2012-11-19 | CVE-2011-2486 | Nspluginwrapper | Permissions, Privileges, and Access Controls vulnerability in Nspluginwrapper 1.4.2 nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash. | 5.0 |
2012-11-24 | CVE-2012-4538 | XEN | Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0 The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. | 4.9 |
2012-11-24 | CVE-2012-3433 | XEN | Resource Management Errors vulnerability in XEN 4.0.0/4.1.0 Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown. | 4.9 |
2012-11-23 | CVE-2012-6032 | XEN | Numeric Errors vulnerability in XEN 4.0.0/4.1.0/4.2.0 Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. | 4.9 |
2012-11-23 | CVE-2012-6031 | XEN | Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0 The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | 4.7 |
2012-11-23 | CVE-2012-3496 | Citrix XEN | Configuration vulnerability in multiple products XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. | 4.7 |
2012-11-23 | CVE-2012-1167 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat products The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. | 4.6 |
2012-11-23 | CVE-2012-6036 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN 4.0.0/4.1.0/4.2.0 The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. | 4.4 |
2012-11-23 | CVE-2012-6034 | XEN | Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0 The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. | 4.4 |
2012-11-23 | CVE-2012-6033 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN 4.0.0/4.1.0/4.2.0 The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. | 4.4 |
2012-11-24 | CVE-2012-6037 | Mahara | Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. | 4.3 |
2012-11-24 | CVE-2012-2253 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2012-11-24 | CVE-2012-2247 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file. | 4.3 |
2012-11-24 | CVE-2012-2243 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. | 4.3 |
2012-11-23 | CVE-2012-3431 | Redhat | Cryptographic Issues vulnerability in Redhat Jboss Enterprise Data Services Platform 5.1.0/5.2.0 The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack. | 4.3 |
2012-11-23 | CVE-2010-1330 | Jruby | Cross-Site Scripting vulnerability in Jruby The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. | 4.3 |
2012-11-23 | CVE-2012-5756 | IBM | Cryptographic Issues vulnerability in IBM Websphere Datapower Xc10 Appliance The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. | 4.3 |
2012-11-22 | CVE-2012-2211 | Egroupware | Cross-Site Scripting vulnerability in Egroupware 1.8.001.20110421/1.8.001.20110805 Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. | 4.3 |
2012-11-22 | CVE-2012-2084 | Joao Ventura Drupal | Cross-Site Scripting vulnerability in Joao Ventura Print Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. | 4.3 |
2012-11-21 | CVE-2012-4208 | Mozilla Opensuse Suse Canonical | Information Exposure vulnerability in multiple products The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. | 4.3 |
2012-11-20 | CVE-2012-5920 | Cross-Site Scripting vulnerability in Google web Toolkit 2.4/2.4.0/2.5.0 Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 | |
2012-11-20 | CVE-2012-3354 | Dokuwiki Fedoraproject | Information Exposure vulnerability in multiple products doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. | 4.3 |
2012-11-19 | CVE-2012-5919 | Havalite | Cross-Site Scripting vulnerability in Havalite CMS Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php. | 4.3 |
2012-11-19 | CVE-2012-4541 | Matomo | Cross-Site Scripting vulnerability in Matomo Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-11-19 | CVE-2012-4233 | Libreoffice SUN | NULL Pointer Dereference Denial of Service vulnerability in LibreOffice and OpenOffice LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll. | 4.3 |
2012-11-21 | CVE-2012-5481 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle 2.3.0/2.3.1/2.3.2 Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. | 4.0 |
2012-11-21 | CVE-2012-5473 | Moodle | Information Exposure vulnerability in Moodle The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search. | 4.0 |
2012-11-21 | CVE-2012-5472 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. | 4.0 |
2012-11-19 | CVE-2012-5918 | Razorcms | Permissions, Privileges, and Access Controls vulnerability in Razorcms 1.2 razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-20 | CVE-2012-5529 | Firebirdsql | Resource Management Errors vulnerability in Firebirdsql Firebird 2.5.0/2.5.1 TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query. | 3.5 |
2012-11-23 | CVE-2012-2377 | Redhat | Improper Authentication vulnerability in Redhat products JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast. | 3.3 |
2012-11-20 | CVE-2012-4366 | Belkin | Cryptographic Issues vulnerability in Belkin products Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames. | 3.3 |
2012-11-24 | CVE-2012-0959 | Remote Login Service Hackers | Information Exposure vulnerability in Remote Login Service Hackers Remote Login Service 1.0.0 Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials. | 2.1 |
2012-11-23 | CVE-2012-3494 | Citrix XEN | Permissions, Privileges, and Access Controls vulnerability in multiple products The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. | 2.1 |
2012-11-21 | CVE-2012-4539 | XEN | Resource Management Errors vulnerability in XEN Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability." | 2.1 |
2012-11-21 | CVE-2012-4537 | XEN | Configuration vulnerability in XEN Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | 2.1 |
2012-11-21 | CVE-2012-4536 | XEN | Denial of Service vulnerability in XEN 2.2.0 The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read. | 2.1 |
2012-11-21 | CVE-2012-4535 | XEN | Resource Management Errors vulnerability in XEN Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." | 1.9 |