U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB12-282)

Vulnerability Summary for the Week of October 1, 2012

Original release date: October 08, 2012 | Last revised: February 06, 2013

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accomplishtechnology -- phpmydirectorySQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.2012-10-047.5CVE-2012-5288
akiva -- webboardSQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.2012-10-047.5CVE-2011-5203
atar2b -- atar2b_cmsMultiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.2012-10-047.5CVE-2012-5292
ca -- license_softwareCA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors.2012-10-027.2CVE-2012-0691
ca -- license_softwareCA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.2012-10-027.2CVE-2012-0692
condor_project -- condorMultiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.2012-09-2810.0CVE-2012-5196
condor_project -- condorMultiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."2012-09-2810.0CVE-2012-5197
crawlability -- vbseoThe proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.2012-10-017.5CVE-2012-5223
devscripts_devel_team -- devscriptsscripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."2012-09-307.5CVE-2012-2240
google -- sketchupGoogle SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.2012-10-059.3CVE-2012-4894
guac-dev -- guacamoleStack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.2012-09-307.5CVE-2012-4415
harmistechnology -- com_jesubmitUnspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.2012-10-017.5CVE-2012-5230
jessgramp -- minicmsminiCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.2012-10-017.5CVE-2012-5231
krzysztof_kowalczyk -- sumatrapdfHeap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896.2012-10-059.3CVE-2012-4895
krzysztof_kowalczyk -- sumatrapdfHeap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895.2012-10-059.3CVE-2012-4896
linux -- linux_kernelHeap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.2012-10-037.6CVE-2012-3400
linux -- linux_kernelThe sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.2012-10-037.8CVE-2012-3412
mavili_guestbook_project -- mavili_guestbookSQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.2012-10-047.5CVE-2012-5297
mavili_guestbook_project -- mavili_guestbookMavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via direct a request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.2012-10-047.5CVE-2012-5299
mystorexpress -- tienda_virtualSQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.2012-10-047.5CVE-2012-5294
mystorexpress -- tienda_virtualSQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.2012-10-047.5CVE-2012-5300
nextbbs -- nextbbsuser.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.2012-10-017.5CVE-2012-1602
nextbbs -- nextbbsMultiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.2012-10-017.5CVE-2012-1603
optipng -- optipngUse-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction."2012-09-307.5CVE-2012-4432
peel -- peel_shoppingSQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.2012-10-017.5CVE-2012-5227
plogger -- ploggerMultiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php.2012-10-047.5CVE-2012-5289
possesports -- posse_softball_director_cmsSQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.2012-10-047.5CVE-2012-5291
redgraphic -- sapid_cmsMultiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.2012-10-047.5CVE-2012-5293
redhat -- enterprise_mrgMultiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.2012-09-287.5CVE-2012-2684
vbadvanced -- vbadvanced_cmpsPHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.2012-10-017.5CVE-2012-5224
wcs4web -- easywebrealestateMultiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.2012-10-047.5CVE-2012-5290
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- qpidApache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.2012-09-285.0CVE-2012-2145
atheme -- athemeThe myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.2012-10-016.0CVE-2012-1576
cerberusftp -- ftp_serverMultiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.2012-10-046.8CVE-2012-2999
cerberusftp -- ftp_serverThe default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.2012-10-045.0CVE-2012-5301
condor_project -- condorsrc/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.2012-09-284.0CVE-2012-3491
condor_project -- condorThe filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.2012-09-286.4CVE-2012-3492
condor_project -- condorThe command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.2012-09-285.8CVE-2012-3493
dart -- powertcp_activexStack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.2012-10-045.0CVE-2012-3819
david_king -- vinoVino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.2012-09-305.0CVE-2012-4429
devscripts_devel_team -- devscriptsscripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.2012-09-305.0CVE-2012-2241
devscripts_devel_team -- devscriptsscripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.2012-09-306.8CVE-2012-2242
drupal -- drupalThe forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.2012-09-304.0CVE-2012-1590
drupal -- drupalThe image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.2012-09-305.0CVE-2012-1591
drupal -- drupalDrupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.2012-09-304.0CVE-2012-2153
eliteweaver -- xclick_cartCross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.2012-10-014.3CVE-2012-5225
emerson -- deltavBuffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port.2012-10-015.0CVE-2012-3035
eucalyptus -- eucalyptusThe Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.2012-10-015.0CVE-2012-4063
eucalyptus -- eucalyptusEucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.2012-10-016.5CVE-2012-4064
fedoraproject -- 389_directory_server389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.2012-09-306.0CVE-2012-4450
finalbeta -- mywebsearchCross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.2012-10-054.3CVE-2012-4018
fusetalk -- fusetalkCross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.2012-10-044.3CVE-2012-5295
gnome -- gnome-shellThe gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.2012-09-306.8CVE-2012-4427
hp -- ibrixUnspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors.2012-10-025.0CVE-2012-3266
hp -- network_node_manager_iUnspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.2012-10-045.0CVE-2012-3267
ibm -- rational_team_concertMultiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items.2012-10-016.8CVE-2012-0748
ibm -- tivoli_federated_identity_managerIBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.2012-10-025.8CVE-2012-3314
ibm -- rational_business_developerIBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product.2012-10-015.0CVE-2012-3319
ibm -- websphere_commerceUnspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors.2012-10-015.0CVE-2012-4830
ivano_binetti -- wolf_cmsMultiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters.2012-10-014.3CVE-2012-1898
linux -- linux_kernelThe div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.2012-10-034.9CVE-2011-3209
linux -- linux_kernelThe epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.2012-10-034.9CVE-2012-3375
linux -- linux_kernelUse-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.2012-10-035.6CVE-2012-3510
linux -- linux_kernelMultiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.2012-10-034.7CVE-2012-3511
linux -- linux_kernelThe IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.2012-10-035.4CVE-2012-3552
luke_herrington -- stickynoteCross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.2012-10-014.3CVE-2012-1636
matthew_fries -- mf_gig_calendarCross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.2012-10-014.3CVE-2012-4242
mavili_guestbook_project -- mavili_guestbookMultiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp.2012-10-044.3CVE-2012-5296
mavili_guestbook_project -- mavili_guestbookMavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.2012-10-045.0CVE-2012-5298
mediafire -- mod_quick_formCross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2012-10-014.3CVE-2012-5232
michael_biebl -- policykitPolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.2012-10-014.4CVE-2011-4945
nextbbs -- nextbbsCross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.2012-10-014.3CVE-2012-1604
ocportal -- ocportalMultiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.2012-10-014.3CVE-2012-1470
ocportal -- ocportalDirectory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.2012-10-015.0CVE-2012-1471
ocportal -- ocportalOpen redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.2012-10-015.8CVE-2012-5234
oneorzero -- action_and_information_management_systemCross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.2012-10-014.3CVE-2012-0989
peel -- peel_shoppingMultiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.2012-10-014.3CVE-2012-5226
postgresql -- postgresqlThe libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.2012-10-035.8CVE-2012-3488
postgresql -- postgresqlThe xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.2012-10-035.0CVE-2012-3489
rapidleech -- rapidleechCross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter.2012-10-044.3CVE-2011-5205
rapidleech -- rapidleechCross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter.2012-10-044.3CVE-2011-5206
redhat -- enterprise_mrgCumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing."2012-09-285.0CVE-2012-2680
redhat -- enterprise_mrgCumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.2012-09-285.8CVE-2012-2681
redhat -- enterprise_mrgMultiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."2012-09-284.3CVE-2012-2683
redhat -- enterprise_mrgCumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.2012-09-284.0CVE-2012-2685
redhat -- enterprise_mrgMultiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.2012-09-286.8CVE-2012-2734
redhat -- enterprise_mrgSession fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.2012-09-284.3CVE-2012-2735
redhat -- enterprise_mrgCumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.2012-09-284.9CVE-2012-3459
smarty -- smartyCross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.2012-09-304.3CVE-2012-4437
springsource -- grailsVMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.2012-09-285.0CVE-2012-1833
thecartpress -- thecartpressCross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.2012-10-044.3CVE-2011-5207
tikiwiki -- tikiki_cms_groupwareCross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.2012-09-304.3CVE-2011-4551
tincan -- phplistCross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.2012-10-014.3CVE-2012-5228
ubiquity_slideshow_team -- ubiquity-slideshow-ubuntuubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed.2012-09-286.8CVE-2012-0956
wireshark -- wiresharkBuffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.2012-10-045.8CVE-2012-5240
wolfcms -- wolf_cmsMultiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout.2012-10-016.8CVE-2012-1897
wordpress -- wordpressCross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.2012-09-286.8CVE-2012-4448
wordpress -- slideshow_gallery2Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.2012-10-014.3CVE-2012-5229
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
akiva -- webboardAkiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.2012-10-041.9CVE-2011-5204
bywombats -- commerceMultiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.2012-10-013.5CVE-2012-1639
devscripts_devel_team -- devscriptsscripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.2012-09-301.2CVE-2012-3500
drupal -- drupalAlgorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.2012-09-303.5CVE-2012-1588
eucalyptus -- eucalyptusEucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting.2012-10-013.5CVE-2012-4065
ibm -- aixfuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.2012-10-012.1CVE-2012-4833
linux -- linux_kernelRace condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.2012-10-033.3CVE-2011-1833
linux -- linux_kernelThe rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.2012-10-032.1CVE-2012-3430
linux -- linux_kernelThe Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.2012-10-031.9CVE-2012-3520
luke_herrington -- stickynoteCross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.2012-10-012.1CVE-2012-5233
sysprogs -- wincdemuBazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe.2012-10-012.1CVE-2011-5202
wireshark -- wiresharkThe dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.2012-10-043.3CVE-2012-5237
wireshark -- wiresharkepan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.2012-10-043.3CVE-2012-5238
Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top