Vulnerability Summary for the Week of October 22, 2012
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2daybiz -- video_community_portal_script | SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-10-25 | 7.5 | CVE-2011-5215 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4172 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4173 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4175, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4174 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4175 |
adobe -- shockwave_player | Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors. | 2012-10-23 | 10.0 | CVE-2012-4176 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-4175. | 2012-10-23 | 10.0 | CVE-2012-5273 |
apache -- open_for_business_project | Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors. | 2012-10-25 | 10.0 | CVE-2012-3506 |
apache -- cloudstack | Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | 2012-10-26 | 10.0 | CVE-2012-4501 |
apprain -- apprain | SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | 2012-10-25 | 7.5 | CVE-2011-5229 |
atutor -- acontent | Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php. | 2012-10-22 | 7.5 | CVE-2012-5167 |
atutor -- acontent | ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. | 2012-10-22 | 7.5 | CVE-2012-5168 |
browsercrm -- browsercrm | Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php. | 2012-10-25 | 7.5 | CVE-2011-5213 |
ca -- arcserve_backup | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. | 2012-10-20 | 7.5 | CVE-2012-2971 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962. | 2012-10-25 | 9.3 | CVE-2012-3936 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967. | 2012-10-25 | 9.3 | CVE-2012-3937 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583. | 2012-10-25 | 9.3 | CVE-2012-3938 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331. | 2012-10-25 | 9.3 | CVE-2012-3939 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958. | 2012-10-25 | 9.3 | CVE-2012-3940 |
cisco -- webex_recording_format_player | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850. | 2012-10-25 | 9.3 | CVE-2012-3941 |
enterasys -- netsight | Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514. | 2012-10-25 | 10.0 | CVE-2011-5227 |
ibm -- xiv_storage_system_gen3 | The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports. | 2012-10-20 | 7.8 | CVE-2012-2167 |
ibm -- db2 | Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. | 2012-10-20 | 8.5 | CVE-2012-4826 |
intelliants -- subrion_cms | SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. | 2012-10-22 | 7.5 | CVE-2011-5212 |
intelliants -- subrion_cms | SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. | 2012-10-22 | 7.5 | CVE-2012-4772 |
jcore -- jcore | SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | 2012-10-22 | 7.5 | CVE-2012-4232 |
mnogosearch -- mnogosearch | SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link. | 2012-10-25 | 7.5 | CVE-2011-5235 |
mutiny -- standard | Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." | 2012-10-22 | 8.5 | CVE-2012-3001 |
neubivljiv -- dota_openstats | SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 2012-10-25 | 7.5 | CVE-2011-5218 |
novell -- zenworks_asset_management | The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | 2012-10-20 | 7.8 | CVE-2012-4933 |
openstack -- swift | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | 2012-10-22 | 7.5 | CVE-2012-4406 |
openx -- openx | SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | 2012-10-22 | 7.5 | CVE-2012-4990 |
scripte24shop -- php_flirt-projekt | SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter. | 2012-10-25 | 7.5 | CVE-2011-5222 |
scripte24shop -- social_network_community | SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter. | 2012-10-25 | 7.5 | CVE-2011-5234 |
seotoaster -- seotoaster | Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member. | 2012-10-25 | 7.5 | CVE-2011-5230 |
tibco -- formvine | The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 2012-10-24 | 7.5 | CVE-2012-5302 |
trioniclabs -- sentinel | SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2012-10-25 | 7.5 | CVE-2011-5224 |
troyef -- scorm_cloud | SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. | 2012-10-25 | 7.5 | CVE-2011-5216 |
videolan -- vlc_media_player | Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. | 2012-10-25 | 9.3 | CVE-2011-5231 |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apprain -- apprain | Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter. | 2012-10-25 | 4.3 | CVE-2011-5228 |
atutor -- acontent | Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter. | 2012-10-22 | 4.3 | CVE-2012-5169 |
atutor -- acontent | SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | 2012-10-22 | 6.5 | CVE-2012-5453 |
atutor -- acontent | user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168. | 2012-10-22 | 6.5 | CVE-2012-5454 |
bastien_nocera -- libsocialweb | (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 2012-10-22 | 5.8 | CVE-2011-4129 |
bastien_nocera -- libsocialweb | services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 2012-10-22 | 5.8 | CVE-2012-4511 |
boiteaweb -- sentinel | Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2012-10-25 | 4.3 | CVE-2011-5225 |
boiteaweb -- sentinel | Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. | 2012-10-25 | 6.8 | CVE-2011-5226 |
browsercrm -- browsercrm | Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php. | 2012-10-25 | 4.3 | CVE-2011-5214 |
c61 -- tokyo_bbs | Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page. | 2012-10-26 | 4.3 | CVE-2012-4019 |
ca -- arcserve_backup | The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. | 2012-10-20 | 5.0 | CVE-2012-2972 |
cacti -- cacti | Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2012-10-25 | 4.3 | CVE-2011-5223 |
cipherdyne -- fwknop | fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address. | 2012-10-22 | 4.0 | CVE-2012-4435 |
cipherdyne -- fwknop | Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments. | 2012-10-22 | 4.4 | CVE-2012-4436 |
claws-mail -- claws-mail | The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. | 2012-10-22 | 4.3 | CVE-2012-4507 |
cristopher_shi -- php-scms | Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php. | 2012-10-25 | 4.3 | CVE-2011-5220 |
gnome -- gnome-keyring | GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | 2012-10-22 | 4.4 | CVE-2012-3466 |
hitachi -- jp1/serverconductor/deploymentmanager | Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. | 2012-10-25 | 5.0 | CVE-2011-5217 |
ibm -- aix | The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | 2012-10-20 | 6.8 | CVE-2012-4845 |
intelliants -- subrion_cms | Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. | 2012-10-22 | 4.3 | CVE-2011-5211 |
intelliants -- subrion_cms | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452. | 2012-10-22 | 4.3 | CVE-2012-4771 |
intelliants -- subrion_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/. | 2012-10-22 | 6.8 | CVE-2012-4773 |
intelliants -- subrion_cms | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2. | 2012-10-22 | 4.3 | CVE-2012-5452 |
irfanview -- flashpix_plugin | Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. | 2012-10-25 | 5.0 | CVE-2011-5232 |
irfanview -- irfanview | Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file. | 2012-10-25 | 4.3 | CVE-2011-5233 |
jcore -- jcore | Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 2012-10-22 | 4.3 | CVE-2012-4231 |
joomla -- joomla! | Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | 2012-10-22 | 4.3 | CVE-2012-5455 |
microsoft -- excel | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. | 2012-10-25 | 4.3 | CVE-2012-5672 |
mpdf1 -- mpdf | Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | 2012-10-25 | 5.0 | CVE-2011-5219 |
openfabrics -- librdmacm | librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service. | 2012-10-22 | 5.8 | CVE-2012-4516 |
openfabrics -- ibacm | ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. | 2012-10-22 | 5.0 | CVE-2012-4517 |
openx -- openx | Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action. | 2012-10-22 | 4.3 | CVE-2012-4989 |
otrs -- otrs | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element. | 2012-10-22 | 4.3 | CVE-2012-4751 |
phpmyadmin -- phpmyadmin | phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. | 2012-10-25 | 4.3 | CVE-2012-5368 |
phpmyfaq -- phpmyfaq | Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | 2012-10-22 | 4.3 | CVE-2010-4821 |
razorcms -- razorcms | Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action. | 2012-10-22 | 6.8 | CVE-2012-1900 |
redhat -- jboss_enterprise_application_platform | mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors. | 2012-10-22 | 4.3 | CVE-2012-1154 |
sitaram_chamarty -- gitolite | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. | 2012-10-22 | 4.6 | CVE-2012-4506 |
videolan -- vlc_media_player | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | 2012-10-26 | 4.3 | CVE-2012-5470 |
videousermanuals -- white-label-cms | Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences. | 2012-10-24 | 6.8 | CVE-2012-5387 |
videousermanuals -- white-label-cms | Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. | 2012-10-24 | 4.3 | CVE-2012-5388 |
websvn -- websvn | Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. | 2012-10-25 | 4.3 | CVE-2011-5221 |
wftpserver -- wing_ftp_server | Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands. | 2012-10-26 | 6.8 | CVE-2012-4729 |
zoner -- zoner_antivirus_free | The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files. | 2012-10-24 | 4.3 | CVE-2012-5456 |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
openfabrics -- ibacm | ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. | 2012-10-22 | 3.6 | CVE-2012-4518 |
phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | 2012-10-25 | 3.5 | CVE-2012-5339 |
redhat -- rhncfg | Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file. | 2012-10-22 | 2.1 | CVE-2012-2679 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.