Computer Repair Center would post the daily security alert below. Please check if your server, web server, email server and PC have below Vulnerabilities and fix it as soon as possible. You may also contact our IT expertises at 9145-7188.
High Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AEwebworks -- aeDating | Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php. |
|
7.0 | CVE-2006-4870 OTHER-REF BID FRSIRT SECUNIA XF |
||
All Enthusiast Inc -- ReviewPost PHP Pro | PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter. |
|
7.0 | CVE-2006-4864 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF |
||
AlstraSoft -- E-Friends | Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. |
|
7.0 | CVE-2006-4913 OTHER-REF BID FRSIRT SECUNIA XF |
||
Apple -- Mac OS X Server Apple -- Mac OS X |
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. |
|
7.0 | CVE-2006-3507 APPLE BID FRSIRT SECUNIA |
||
Apple -- Mac OS X Server Apple -- Mac OS X |
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. |
|
7.0 | CVE-2006-3508 APPLE BID FRSIRT SECUNIA |
||
Apple -- Mac OS X Server Apple -- Mac OS X |
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. |
|
7.0 | CVE-2006-3509 APPLE BID FRSIRT SECUNIA |
||
Artmedic Webdesign -- Artmedic Links | PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function. |
|
7.0 | CVE-2006-4905 BUGTRAQ OTHER-REF SECTRACK XF |
||
ASP Indir -- Tekman Portal | SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. |
|
7.0 | CVE-2006-4916 OTHER-REF BID XF FRSIRT SECUNIA |
||
Blojsom -- Blojsom | Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post. |
|
7.0 | CVE-2006-4829 BUGTRAQ CERT-VN BID FRSIRT SECUNIA XF |
||
Blojsom -- Blojsom | Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate. |
|
7.0 | CVE-2006-4830 OTHER-REF |
||
BolinOS -- BolinOS | PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
|
7.0 | CVE-2006-4851 FRSIRT XF |
||
Cisco -- Intrusion Prevention System | Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". |
|
7.0 | CVE-2006-4911 CISCO CERT-VN BID FRSIRT SECTRACK SECUNIA XF |
||
Codeworx Technologies -- DCP-Portal | Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. |
|
7.0 | CVE-2006-4837 BUGTRAQ BID |
||
EasyPageCMS -- EasyPageCMS | SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page. |
|
7.0 | CVE-2006-4862 BUGTRAQ |
||
guanxiCRM -- guanxiCRM Business Solution | PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. |
|
7.0 | CVE-2006-4898 OTHER-REF BID XF |
||
Haberx -- Haberx | SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. |
|
7.0 | CVE-2006-4853 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF |
||
Hitweb -- Hitweb | Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php. |
|
7.0 | CVE-2006-4848 BUGTRAQ BID |
||
iDevSpot -- NixieAffiliate | IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. |
|
7.0 | CVE-2006-4895 BUGTRAQ BID |
||
Iodine -- Iodine | Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems." |
|
7.0 | CVE-2006-4831 OTHER-REF BID FRSIRT SECUNIA |
||
Marc Cagninacci -- mcLinksCounter | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file. |
|
7.0 | CVE-2006-4863 BUGTRAQ BUGTRAQ |
||
MobilePublisherPHP -- MobilePublisherPHP | PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. |
|
7.0 | CVE-2006-4849 Milw0rm SECUNIA BID FRSIRT XF |
||
Mohammed Mehdi Panjwani -- Complain Center | SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp. |
|
7.0 | CVE-2006-4861 BUGTRAQ |
||
Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird |
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." |
|
7.0 | CVE-2006-4565 OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA XF SGI UBUNTU SECUNIA |
||
Mozilla -- SeaMonkey Mozilla -- Firefox |
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. |
|
7.0 | CVE-2006-4568 OTHER-REF REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA XF SGI SECUNIA |
||
Mozilla -- SeaMonkey Mozilla -- Thunderbird |
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data. |
|
7.0 | CVE-2006-4571 OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SGI UBUNTU SECUNIA |
||
PhotoPost -- PHP Pro | PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter. |
|
7.0 | CVE-2006-4828 BUGTRAQ BID XF |
||
PHP DocWriter -- PHP DocWriter | PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. |
|
7.0 | CVE-2006-4912 OTHER-REF BID FRSIRT XF |
||
phpBB XS -- phpBB XS | PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780. |
|
7.0 | CVE-2006-4893 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA |
||
phpQuiz -- phpQuiz | PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter. |
|
7.0 | CVE-2006-4834 BUGTRAQ OTHER-REF BID FRSIRT XF |
||
phpunity.postcard -- phpunity-postcard | PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter. |
|
7.0 | CVE-2006-4869 OTHER-REF BID FRSIRT OSVDB SECUNIA |
||
Qualiteam -- X-Cart | Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter. |
|
7.0 | CVE-2006-4904 OTHER-REF BID FRSIRT SECUNIA XF |
||
Quicksilver Forums -- Quicksilver Forums | PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter. |
|
7.0 | CVE-2006-4824 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF |
||
Reamday Enterprises -- Magic News Pro | PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. |
|
7.0 | CVE-2006-4823 OTHER-REF BID FRSIRT SECUNIA BUGTRAQ XF |
||
Shadowed Portal -- Shadowed Portal | PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
|
7.0 | CVE-2006-4826 Milw0rm BID XF OSVDB SECUNIA |
||
Shadowed Portal -- Shadowed Portal | PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826. |
|
7.0 | CVE-2006-4885 SECUNIA |
||
Simple Discussion Board -- Simple Discussion Board | Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php. |
|
7.0 | CVE-2006-4918 OTHER-REF BID XF |
||
Site@School -- Site@School | Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. |
|
7.0 | CVE-2006-4920 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA OSVDB OSVDB |
||
Site@School -- Site@School | PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information. |
|
7.0 | CVE-2006-4921 BUGTRAQ FRSIRT SECUNIA OSVDB |
||
Techno Dreams -- Articles & Papers Package | SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. |
|
7.0 | CVE-2006-4891 BUGTRAQ OTHER-REF BID SECUNIA XF FRSIRT |
||
Techno Dreams -- FAQ Manager Package | SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. |
|
7.0 | CVE-2006-4892 BUGTRAQ OTHER-REF BID SECUNIA XF FRSIRT |
||
Unak -- Unak CMS | Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. |
|
7.0 | CVE-2006-4890 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF |
||
Verso NetPerformer -- Frame Relay Access Device ACT | Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username. |
|
8.0 | CVE-2006-4832 BUGTRAQ FULLDISC BID FRSIRT SECUNIA XF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apple -- Mac OS X Server Apple -- Mac OS X |
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. |
|
4.9 | CVE-2006-4866 FULLDISC OTHER-REF BID |
||
Apple -- Remote Desktop | Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. |
|
4.9 | CVE-2006-4887 BUGTRAQ BID XF |
||
BolinOS -- BlinOS | PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. |
|
5.6 | CVE-2006-4850 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF |
||
Cisco -- Cisco Guard DDos Mitigation Appliance | Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. |
|
4.7 | CVE-2006-4909 CISCO BID FRSIRT SECTRACK SECUNIA XF |
||
Citrix -- Access Gateway AAC | Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. |
|
5.6 | CVE-2006-4846 CITRIX CITRIX BID FRSIRT SECTRACK SECUNIA XF |
||
Claroline -- Claroline Dokeos -- Open Source Learning & Knowledge Management Tool |
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. |
|
5.6 | CVE-2006-4844 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF OTHER-REF FRSIRT SECUNIA |
||
ClickTech -- ClickBlog | SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. |
|
4.7 | CVE-2006-4857 BUGTRAQ BID FRSIRT SECUNIA XF |
||
Codeworx Technologies -- DCP-Portal | SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227. |
|
5.6 | CVE-2006-4836 BUGTRAQ BID |
||
David Bennett -- PHP-Post | SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
|
4.7 | CVE-2006-4879 BUGTRAQ BID |
||
David Bennett -- PHP-Post | Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php. |
|
4.7 | CVE-2006-4881 BUGTRAQ BID |
||
Doctor Web Ltd -- Dr.WebScanner | Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name. |
|
4.7 | CVE-2006-4438 FULLDISC FRSIRT SECUNIA |
||
George Lewe -- TeamCal Pro | PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter. |
|
5.6 | CVE-2006-4845 OTHER-REF BID BID FRSIRT SECUNIA XF |
||
Gnu -- Mailman | ** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable." |
|
4.7 | CVE-2006-2191 MLIST MLIST |
||
GNUTurk -- GNUTurk | SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum." |
|
4.7 | CVE-2006-4867 OTHER-REF OTHER-REF BID FRSIRT SECUNIA |
||
gzip -- gzip | Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." |
|
4.7 | CVE-2006-4335 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA CERT-VN FRSIRT SECUNIA SECUNIA XF |
||
gzip -- gzip | Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. |
|
4.7 | CVE-2006-4336 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA CERT-VN FRSIRT SECUNIA SECUNIA XF |
||
gzip -- gzip | Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. |
|
4.7 | CVE-2006-4337 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA FRSIRT SECUNIA SECUNIA |
||
IDevSpot -- BizDirectory | Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php. |
|
4.7 | CVE-2006-4883 BUGTRAQ BID XF FRSIRT SECTRACK SECUNIA |
||
IDevSpot -- iSupport | Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
|
4.7 | CVE-2006-4884 BID |
||
Ipswitch -- WS_FTP Server | Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. |
|
4.2 | CVE-2006-4847 IPSWITCH FRSIRT SECUNIA XF BID OSVDB |
||
Julian Roberts -- Charon Cart | SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter. |
|
4.7 | CVE-2006-4882 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF |
||
Jupiter CMS -- Jupiter CMS | Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php. |
|
4.7 | CVE-2006-4874 BUGTRAQ BID |
||
Jupiter CMS -- Jupiter CMS | Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register. |
|
4.7 | CVE-2006-4876 BUGTRAQ BID |
||
Keyvan Janghorbani -- EShoppingPro | SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter. |
|
4.7 | CVE-2006-4871 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF |
||
Keyvan Janghorbani -- ECardPro | SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. |
|
4.7 | CVE-2006-4872 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF |
||
Limbo CMS -- Limbo CMS | Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors. |
|
4.9 | CVE-2006-4860 OTHER-REF OTHER-REF |
||
MamboXChange -- Serverstat component | PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
|
5.6 | CVE-2006-4858 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF |
||
Marc Logemann -- More.groupware | SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. |
|
4.7 | CVE-2006-4906 OTHER-REF BID XF FRSIRT SECUNIA |
||
Microsoft -- Internet Explorer | Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. |
|
4.7 | CVE-2006-4868 OTHER-REF CERT-VN BID FRSIRT SECUNIA XF OTHER-REF SECTRACK BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OSVDB |
||
Telekorn -- SignKorn Guestbook | Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788. |
|
5.6 | CVE-2006-4889 BUGTRAQ OTHER-REF BID XF |
||
Vmist -- Downstat | Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php. |
|
5.6 | CVE-2006-4827 Milw0rm BID FRSIRT SECUNIA XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
A.l-Pifou -- A.l-Pifou | Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. |
|
1.9 | CVE-2006-4914 FULLDISC OSVDB SECUNIA BID FRSIRT |
||
Bluview -- Blue Magic Board | Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages. |
|
2.3 | CVE-2006-4835 BUGTRAQ XF |
||
Cisco -- Cisco IDS Cisco -- Cisco IPS |
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. |
|
2.3 | CVE-2006-4910 CISCO BID FRSIRT SECTRACK SECUNIA XF |
||
CMtextS -- CMtextS | CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. |
|
2.3 | CVE-2006-4897 OTHER-REF FRSIRT SECUNIA XF |
||
Codeworx Technologies -- DCP-Portal | Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php. |
|
2.3 | CVE-2006-4838 BUGTRAQ BID |
||
David Bennett -- PHP-Post | Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php. |
|
2.3 | CVE-2006-4877 BUGTRAQ BID |
||
David Bennett -- PHP-Post | Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) sequence in the template parameter. |
|
2.3 | CVE-2006-4878 BUGTRAQ BID |
||
David Bennett -- PHP-Post | David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages. |
|
2.3 | CVE-2006-4880 BUGTRAQ BID |
||
Drupal -- Drupal Userreview module | Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
2.3 | CVE-2006-4821 OTHER-REF FRSIRT SECUNIA BID XF |
||
eMuSOFT -- emuCMS | Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters. |
|
2.3 | CVE-2006-4822 OTHER-REF BID FRSIRT SECUNIA OSVDB |
||
eSyndiCat Portal System -- eSyndiCat Portal System | Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter. |
|
2.3 | CVE-2006-4923 BUGTRAQ BID XF FRSIRT SECUNIA |
||
gzip -- gzip | Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. |
|
2.3 | CVE-2006-4334 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA CERT-VN SECUNIA SECUNIA XF |
||
gzip -- gzip | unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. |
|
2.3 | CVE-2006-4338 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA FRSIRT OSVDB SECUNIA SECUNIA |
||
HP -- HP-UX | Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. |
|
1.6 | CVE-2006-4820 HP BID FRSIRT SECTRACK SECUNIA XF |
||
iDevSpot -- NixieAffiliate | Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. |
|
2.3 | CVE-2006-4894 BUGTRAQ BID |
||
Innovate Portal -- Innovate Portal | Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. |
|
2.3 | CVE-2006-4915 BUGTRAQ BID XF |
||
Jupiter CMS -- Jupiter CMS | Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679. |
|
2.3 | CVE-2006-4873 BUGTRAQ BID |
||
Jupiter CMS -- Jupiter CMS | Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public. |
|
2.3 | CVE-2006-4875 BUGTRAQ BID |
||
Limbo CMS -- Limbo CMS | Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression. |
|
2.3 | CVE-2006-4859 OTHER-REF BID |
||
Linux -- Linux kernel | The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch. |
|
2.3 | CVE-2006-4535 OTHER-REF UBUNTU BID OTHER-REF SECUNIA XF |
||
McAfee -- VirusScan Enterprise McAfee -- McAfee Scan Engine |
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition. |
|
3.9 | CVE-2006-4886 BUGTRAQ XF |
||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. |
|
2.3 | CVE-2006-4888 BUGTRAQ OTHER-REF OSVDB |
||
Mozilla -- Network Security Services (NSS) Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird |
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. |
|
2.3 | CVE-2006-4340 MLIST OTHER-REF OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT FRSIRT FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SGI UBUNTU SECUNIA |
||
Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird |
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read. |
|
2.3 | CVE-2006-4566 OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA XF SGI UBUNTU SECUNIA |
||
Mozilla -- Firefox Mozilla -- Thunderbird |
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update. |
|
1.9 | CVE-2006-4567 OTHER-REF REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA XF UBUNTU |
||
Mozilla -- Firefox | The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. |
|
2.3 | CVE-2006-4569 OTHER-REF SECUNIA REDHAT BID SECTRACK SECUNIA XF |
||
Mozilla -- SeaMonkey Mozilla -- Thunderbird |
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message. |
|
1.9 | CVE-2006-4570 OTHER-REF REDHAT REDHAT BID SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA XF SGI UBUNTU SECUNIA |
||
Ohio State University -- server | OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message. |
|
2.3 | CVE-2006-4907 BUGTRAQ SECUNIA XF |
||
Ohio State University -- OSU httpd | OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information. |
|
2.3 | CVE-2006-4908 BUGTRAQ SECUNIA XF |
||
phpQuiz -- phpQuiz | Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors. |
|
2.3 | CVE-2006-4865 BUGTRAQ |
||
PT News -- PT News | Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter. |
|
2.3 | CVE-2006-4917 BUGTRAQ BID FRSIRT SECUNIA XF |
||
QuadComm -- Q-Shop | SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter. |
|
2.3 | CVE-2006-4852 BUGTRAQ Milw0rm BID SECUNIA XF FRSIRT OSVDB |
||
Roller WebLogger -- Roller WebLogger | Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do. |
|
2.3 | CVE-2006-4856 BUGTRAQ OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECUNIA |
||
Site@School -- Site@School | Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. |
|
1.9 | CVE-2006-4919 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA |
||
Site@School -- Site@School | Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions. |
|
2.3 | CVE-2006-4922 BUGTRAQ OTHER-REF BID |
||
SoftComplex -- PHP Event Calendar | Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters. |
|
2.3 | CVE-2006-4825 BUGTRAQ BID SECUNIA XF |
||
Symantec -- Norton Personal Firewall Symantec -- Norton Internet Security |
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly other versions of Norton Personal Firewall and Norton Internet Security, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. |
|
2.3 | CVE-2006-4855 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA |
||
Usermin -- Usermin | Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. |
|
3.3 | CVE-2006-4246 OTHER-REF SOURCEFORGE OTHER-REF DEBIAN BID SECUNIA SECUNIA FRSIRT XF |
||
Verso NetPerformer -- Frame Relay Access Device ACT | Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability. |
|
3.3 | CVE-2006-4833 BUGTRAQ FULLDISC BID FRSIRT SECUNIA XF |
||
Zope -- Zope | The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. |
|
2.3 | CVE-2006-4684 MLIST OTHER-REF DEBIAN FRSIRT SECUNIA SECUNIA |
Vulnerability Summary for the Week of June 25, 2012
Posted on Tuesday July 03, 2012
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alexis_wilke -- protected_node | The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | 2012-06-26 | 7.5 | CVE-2012-2730 |
apache -- roller | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. | 2012-06-26 | 9.3 | CVE-2012-2380 |
david_hansson -- ruby_on_rails | The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. | 2012-06-22 | 7.5 | CVE-2012-2695 |
google -- chrome | Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. | 2012-06-27 | 7.2 | CVE-2012-2764 |
google -- chrome | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2012-06-27 | 10.0 | CVE-2012-2807 |
google -- chrome | Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors. | 2012-06-27 | 7.8 | CVE-2012-2816 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections. | 2012-06-27 | 7.5 | CVE-2012-2817 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature. | 2012-06-27 | 7.5 | CVE-2012-2818 |
google -- chrome | The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors. | 2012-06-27 | 7.5 | CVE-2012-2821 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources. | 2012-06-27 | 7.5 | CVE-2012-2823 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. | 2012-06-27 | 7.5 | CVE-2012-2824 |
google -- chrome | Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2012-06-27 | 7.5 | CVE-2012-2827 |
google -- chrome | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. | 2012-06-27 | 7.5 | CVE-2012-2829 |
google -- chrome | Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors. | 2012-06-27 | 7.5 | CVE-2012-2830 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references. | 2012-06-27 | 7.5 | CVE-2012-2831 |
google -- chrome | Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2012-06-27 | 7.5 | CVE-2012-2833 |
google -- chrome | Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format. | 2012-06-27 | 9.3 | CVE-2012-2834 |
ibm -- aix | The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. | 2012-06-27 | 7.2 | CVE-2012-2200 |
pippin_williamson -- font_uploader | Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. | 2012-06-27 | 7.5 | CVE-2012-3814 |
pro-face -- pro-server_ex | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode. | 2012-06-25 | 10.0 | CVE-2012-3797 |
ruby_on_rails -- ruby_on_rails | The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695. | 2012-06-22 | 7.5 | CVE-2012-2661 |
sielcosistemi -- winlog_pro | Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14 and earlier allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. | 2012-06-27 | 7.5 | CVE-2012-3815 |
strongswan -- strongswan | The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." | 2012-06-27 | 7.5 | CVE-2012-2388 |
winradius -- winradius | WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet. | 2012-06-27 | 7.8 | CVE-2012-3816 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adam_ross -- tokenauth | The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | 2012-06-26 | 5.0 | CVE-2012-2720 |
adcillc -- simplemeta | Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. | 2012-06-26 | 6.8 | CVE-2012-2729 |
antoine_beaupre -- hostmaster | The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. | 2012-06-26 | 5.8 | CVE-2012-2707 |
blaine_lang -- filedepot | The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." | 2012-06-26 | 5.1 | CVE-2012-2719 |
blaine_lang -- maestro | Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. | 2012-06-26 | 5.1 | CVE-2012-3799 |
bryce_hamrick -- janrain_capture | Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | 2012-06-26 | 5.8 | CVE-2012-2727 |
bryce_hamrick -- janrain_capture | The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | 2012-06-26 | 5.0 | CVE-2012-3798 |
david_hansson -- ruby_on_rails | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694. | 2012-06-22 | 5.0 | CVE-2012-2660 |
david_hansson -- ruby_on_rails | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660. | 2012-06-22 | 4.3 | CVE-2012-2694 |
google -- chrome | Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. | 2012-06-27 | 5.0 | CVE-2012-2815 |
google -- chrome | The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387. | 2012-06-27 | 6.8 | CVE-2012-2819 |
google -- chrome | Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2012-06-27 | 5.0 | CVE-2012-2820 |
google -- chrome | The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2012-06-27 | 5.0 | CVE-2012-2822 |
google -- chrome | The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | 2012-06-27 | 5.0 | CVE-2012-2825 |
google -- chrome | Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2012-06-27 | 5.0 | CVE-2012-2826 |
google -- chrome | Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 2012-06-27 | 6.8 | CVE-2012-2828 |
google -- chrome | The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 2012-06-27 | 6.8 | CVE-2012-2832 |
isaac_sukin -- browserid | Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | 2012-06-26 | 6.8 | CVE-2012-2713 |
jason_moore -- amadou | Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. | 2012-06-26 | 4.3 | CVE-2012-2715 |
john_franklin -- advertisement | The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. | 2012-06-26 | 5.0 | CVE-2012-3801 |
mariadb -- mariadb | sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | 2012-06-26 | 5.1 | CVE-2012-2122 |
mathew_winstone -- mobile_tools | Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. | 2012-06-27 | 4.3 | CVE-2012-2717 |
mikel_olasagasti -- revelation | Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. | 2012-06-27 | 5.0 | CVE-2012-2742 |
mikel_olasagasti -- revelation | Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | 2012-06-27 | 5.0 | CVE-2012-2743 |
moshe_weitzman -- organic_groups | The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. | 2012-06-26 | 6.8 | CVE-2012-2721 |
nicholasthompson -- global_redirect | Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. | 2012-06-25 | 5.8 | CVE-2010-2021 |
peter_pokrivcak -- post_affiliate_pro | Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | 2012-06-26 | 4.3 | CVE-2012-2706 |
peter_pokrivcak -- post_affiliate_pro | Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. | 2012-06-27 | 4.0 | CVE-2012-3802 |
pro-face -- pro-server_ex | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt. | 2012-06-25 | 5.0 | CVE-2012-3792 |
pro-face -- pro-server_ex | Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow. | 2012-06-25 | 5.0 | CVE-2012-3793 |
pro-face -- pro-server_ex | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory. | 2012-06-25 | 5.0 | CVE-2012-3794 |
pro-face -- pro-server_ex | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field. | 2012-06-25 | 5.0 | CVE-2012-3795 |
pro-face -- pro-server_ex | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode. | 2012-06-25 | 5.0 | CVE-2012-3796 |
ronan_dowling -- node_hierarchy | Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. | 2012-06-26 | 6.8 | CVE-2012-2728 |
scott_reynen -- node_embed | The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. | 2012-06-26 | 4.3 | CVE-2012-2722 |
tony_freixas -- ubercart_product_keys | The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. | 2012-06-26 | 5.0 | CVE-2012-2702 |
webatall -- web@all | Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. | 2012-06-27 | 4.3 | CVE-2012-3231 |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-06-27 | 4.3 | CVE-2011-4956 |
wordpress -- wordpress | The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls. | 2012-06-27 | 5.0 | CVE-2011-4957 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alberto_trujillo_gonzalez -- protest | Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. | 2012-06-26 | 2.1 | CVE-2012-2726 |
antoine_beaupre -- hostmaster | Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | 2012-06-26 | 2.1 | CVE-2012-2708 |
apache -- roller | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. | 2012-06-26 | 3.5 | CVE-2012-2381 |
authoring_html -- 6.x-1.0 | classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. | 2012-06-26 | 3.5 | CVE-2012-2725 |
blaine_lang -- maestro | Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. | 2012-06-26 | 2.6 | CVE-2012-2723 |
christopher_mitchell -- smart_breadcrumb | The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | 2012-06-26 | 2.1 | CVE-2012-2705 |
john_albin -- zen | Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | 2012-06-26 | 2.6 | CVE-2012-2710 |
john_franklin -- advertisement | Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | 2012-06-26 | 2.6 | CVE-2012-2703 |
moshe_weitzman -- organic_groups | Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | 2012-06-26 | 2.1 | CVE-2012-3800 |
nancy_wichmann -- taxonomy_list | Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | 2012-06-26 | 2.1 | CVE-2012-2711 |
puppetlabs -- puppet | telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). | 2012-06-27 | 3.6 | CVE-2012-1989 |
python -- python | The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. | 2012-06-27 | 2.6 | CVE-2011-4940 |
richardo_ante -- ubercart_ajax_cart | The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. | 2012-06-26 | 2.6 | CVE-2012-2731 |
shlomi_fish -- config-inifiles | The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries. | 2012-06-27 | 3.6 | CVE-2012-2451 |
thomas_seidl -- search_api | Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | 2012-06-26 | 2.6 | CVE-2012-2712 |
Vulnerability Summary for the Week of April 30, 2007
Posted on Tuesday May 08, 2007
">
High Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Adobe -- Photoshop Adobe -- Photoshop Elements |
Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. |
|
8.0 | CVE-2007-2365 MILW0RM BID FRSIRT SECUNIA XF |
||
AFFLIB -- AFFLIB | Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. |
|
10.0 | CVE-2007-2053 BUGTRAQ OTHER-REF BID XF |
||
AFFLIB -- AFFLIB | Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. |
|
7.0 | CVE-2007-2054 BUGTRAQ OTHER-REF XF |
||
AFFLIB -- AFFLIB | AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called. |
|
7.0 | CVE-2007-2055 BUGTRAQ OTHER-REF XF |
||
AFFLIB -- AFFLIB | Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed. |
|
10.0 | CVE-2007-2352 BUGTRAQ OTHER-REF |
||
Ahhp-Portal -- Ahhp-Portal | Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
7.0 | CVE-2007-2428 BID |
||
Ariadne -- Ariadne CMS | Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
7.0 | CVE-2007-2433 SECUNIA |
||
Aventail -- Aventail Connect | Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query. |
|
10.0 | CVE-2007-2434 FULLDISC BID XF |
||
b2evolution -- b2evolution | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used. |
|
7.0 | CVE-2007-2358 BUGTRAQ VIM XF |
||
Burak Yilmaz -- Burak Yilmaz Blog | SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
7.0 | CVE-2007-2420 BUGTRAQ BID XF |
||
Burnstone -- BurnCMS | Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/. |
|
7.0 | CVE-2007-2364 MILW0RM BID FRSIRT XF |
||
Cerulean Studios -- Trillian Pro | Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. |
|
7.0 | CVE-2007-2418 OTHER-REF |
||
Cerulean Studios -- Trillian Pro | Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string. |
|
7.0 | CVE-2007-2478 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA XF XF |
||
Cisco -- PIX Cisco -- Adaptive Security Appliance |
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. |
|
10.0 | CVE-2007-2462 CISCO CERT-VN BID |
||
CMS Made Simple -- CMS Made Simple | SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. |
|
7.0 | CVE-2007-2473 OTHER-REF OTHER-REF BID SECUNIA |
||
Comdev -- Modules Builder | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string. |
|
7.0 | CVE-2007-2422 BUGTRAQ XF |
||
E-Annu -- E-Annu | SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter. |
|
7.0 | CVE-2007-2416 BUGTRAQ BID XF |
||
EMC -- RSA Security SiteKey | EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. |
|
10.0 | CVE-2006-7201 OTHER-REF OTHER-REF |
||
Fabrice Bellard -- QEMU | Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2 might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. |
|
7.0 | CVE-2007-1320 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA |
||
FileRun -- FileRun | SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. |
|
7.0 | CVE-2007-2469 OTHER-REF BID SECUNIA |
||
FireFly -- FireFly | Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/. |
|
7.0 | CVE-2007-2456 MILW0RM VIM BID FRSIRT |
||
FireFly -- FireFly | PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
7.0 | CVE-2007-2460 VIM FRSIRT |
||
Gregory Kokanosky -- phpMyNewsLetter | admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action. |
|
10.0 | CVE-2007-2371 MILW0RM BID |
||
Gregory Kokanosky -- phpMyNewsLetter | admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/. |
|
10.0 | CVE-2007-2372 MILW0RM BID |
||
Hitachi -- Groupmax Mobile Option | Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
7.0 | CVE-2007-2421 OTHER-REF BID FRSIRT SECUNIA XF |
||
HP -- Power Manager Remote Agent | Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. |
|
7.0 | CVE-2007-2351 HP BID FRSIRT SECUNIA SECTRACK |
||
IBM -- WebSphere Application Server | Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123. |
|
7.0 | CVE-2006-7198 OTHER-REF AIXAPAR AIXAPAR FRSIRT SECTRACK SECUNIA XF |
||
ManageEngine -- PasswordManager Pro | ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
10.0 | CVE-2007-2429 BID |
||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP |
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. |
|
8.0 | CVE-2007-2374 OTHER-REF BID |
||
MicroWorld Technologies -- eScan | The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222. |
|
10.0 | CVE-2007-0655 OTHER-REF FRSIRT SECUNIA |
||
Novell -- Novell SecureLogin | Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes." |
|
7.0 | CVE-2007-2475 NOVELL FRSIRT |
||
Novell -- Novell SecureLogin | Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes. |
|
7.0 | CVE-2007-2476 OTHER-REF FRSIRT |
||
Nukedit -- Nukedit | Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
7.0 | CVE-2007-2432 BID SECUNIA |
||
OPeNDAP -- Server3 | The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. |
|
10.0 | CVE-2007-2355 OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECTRACK SECUNIA |
||
phpMyChat -- phpMyChat | ** DISPUTED ** PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value. |
|
7.0 | CVE-2007-2477 BUGTRAQ BUGTRAQ VIM VIM |
||
Pixaria -- Pixaria Gallery | PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter. |
|
7.0 | CVE-2007-2457 MILW0RM OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF |
||
Pixaria -- Pixaria Gallery | Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts. |
|
7.0 | CVE-2007-2458 OTHER-REF OTHER-REF OTHER-REF FRSIRT |
||
pnFlashGames -- pnFlashGames | SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
|
7.0 | CVE-2007-2427 MILW0RM BID |
||
Ruben Boelinger -- myflash | PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. |
|
7.0 | CVE-2007-2485 MILW0RM OTHER-REF BID FRSIRT XF |
||
Sphider -- Sphider | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue." |
|
7.0 | CVE-2007-2411 BUGTRAQ BID BUGTRAQ XF |
||
Sun -- JRE Sun -- SDK Sun -- Java Enterprise System |
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. |
|
7.0 | CVE-2007-2435 SUNALERT BID FRSIRT SECUNIA SECTRACK XF |
||
Symantec -- LiveState Recovery Symantec -- Ghost Symantec -- BackupExec System Recovery Symantec -- Norton Save & Recovery |
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string. |
|
7.0 | CVE-2007-2359 IDEFENSE OTHER-REF SECTRACK XF |
||
Symantec -- Enterprise Security Manager | The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. |
|
10.0 | CVE-2007-2375 OTHER-REF BID SECUNIA |
||
Tecnick.com -- TCExam | Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter. |
|
7.0 | CVE-2007-2431 MILW0RM OTHER-REF VIM |
||
The GIMP Team -- GIMP | Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file. |
|
8.0 | CVE-2007-2356 MILW0RM BID SECUNIA XF OTHER-REF FRSIRT |
||
The Merchant Project -- The Merchant | PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter. |
|
7.0 | CVE-2007-2424 MILW0RM |
||
Tony Cook -- Imager | Heap-based buffer overflow in Imager before 0.57 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via compressed 8-bit BMP files. |
|
10.0 | CVE-2007-2413 OTHER-REF OTHER-REF SECUNIA BID FRSIRT |
||
Turnkey Web Tools -- SunShop Shopping Cart | Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070. |
|
7.0 | CVE-2007-2474 BUGTRAQ BID |
||
VIM Development Group -- VIM | The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. |
|
8.0 | CVE-2007-2438 MLIST MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF BUGTRAQ BID FRSIRT SECUNIA |
||
WF-Links -- WF-Links | SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
|
7.0 | CVE-2007-2373 MILW0RM |
||
Wildbits -- myGallery | PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter. |
|
7.0 | CVE-2007-2426 MILW0RM BID FRSIRT SECUNIA XF |
||
Xoops -- John Mordo Jobs Module | SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. |
|
7.0 | CVE-2007-2370 MILW0RM VIM |
Medium Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apple -- Mac OS X Server | The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. |
|
4.0 | CVE-2007-0745 APPLE |
||
Corel -- Paint Shop Pro Photo | Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. |
|
4.8 | CVE-2007-2366 MILW0RM BID FRSIRT SECUNIA XF |
||
Don Moore -- MyDNS | Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c. |
|
6.0 | CVE-2007-2362 FULLDISC OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF |
||
EMC -- RSA Security SiteKey | EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." |
|
6.0 | CVE-2006-7199 OTHER-REF OTHER-REF OTHER-REF |
||
EMC -- RSA Security SiteKey | EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. |
|
6.0 | CVE-2006-7200 OTHER-REF OTHER-REF |
||
freePBX -- freePBX | admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. |
|
4.2 | CVE-2007-2350 FULLDISC FRSIRT SECUNIA |
||
IrfanView -- IrfanView | Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. |
|
4.8 | CVE-2007-2363 MILW0RM BID XF FRSIRT SECUNIA |
||
Linux -- Kernel | The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. |
|
4.9 | CVE-2007-2480 OTHER-REF |
||
Parallels -- Parallels Desktop | Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations. |
|
4.2 | CVE-2007-2454 OTHER-REF |
||
Ruben Boelinger -- wordTube | PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. |
|
5.6 | CVE-2007-2481 BUGTRAQ MILW0RM OTHER-REF BID FRSIRT SECUNIA XF |
||
Ruben Boelinger -- wordTube | Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter. |
|
5.6 | CVE-2007-2482 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF |
||
Ruben Boelinger -- wp-Table | PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. |
|
5.6 | CVE-2007-2484 MILW0RM OTHER-REF FRSIRT SECUNIA XF |
||
SineCMS -- SineCMS | Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter. |
|
5.6 | CVE-2007-2357 BUGTRAQ BID FRSIRT SECUNIA XF |
||
Symantec -- LiveState Recovery Symantec -- Ghost Symantec -- BackupExec System Recovery Symantec -- Norton Save & Recovery |
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key. |
|
4.2 | CVE-2007-2360 IDEFENSE OTHER-REF SECTRACK |
||
VMWare -- VMWare Workstation | VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." |
|
4.9 | CVE-2007-1876 OTHER-REF |
||
Xscreensaver -- Xscreensaver | XScreenSaver 4.10, when using a remote directory service for credentials, allows local users to bypass authentication by preventing network connectivity, which causes XScreenSaver to crash and unlock the screen. |
|
4.9 | CVE-2007-1859 REDHAT |
Low Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apache Software Foundation -- Axis | Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. |
|
3.3 | CVE-2007-2353 VIM BID OSVDB |
||
Blackdot -- Imageview | Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter. |
|
2.3 | CVE-2007-2425 MILW0RM |
||
Cerulean Studios -- Trillian Pro | Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. |
|
3.3 | CVE-2007-2479 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA XF XF |
||
Cisco -- PIX Cisco -- Adaptive Security Appliance |
The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used. |
|
3.3 | CVE-2007-2461 CISCO CERT-VN BID |
||
Cisco -- PIX Cisco -- Adaptive Security Appliance |
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password Expiry. |
|
3.3 | CVE-2007-2463 CISCO BID |
||
Cisco -- PIX Cisco -- Adaptive Security Appliance |
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions." |
|
2.7 | CVE-2007-2464 CISCO BID |
||
Clam Anti-Virus -- ClamAV | The PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file, resulting in a "file descriptor leak". |
|
3.3 | CVE-2007-2029 DEBIAN BID SECUNIA |
||
Dojo Toolkit -- Dojo Toolkit | The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2376 OTHER-REF |
||
Fabrice Bellard -- QEMU | QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. |
|
2.3 | CVE-2007-1322 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA |
||
Fabrice Bellard -- QEMU | QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error. |
|
2.3 | CVE-2007-1366 MLIST MLIST OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA |
||
FileRun -- FileRun | Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section parameter. |
|
3.7 | CVE-2007-2470 OTHER-REF BID SECUNIA |
||
Getahead -- Direct Web Remoting | The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2377 OTHER-REF |
||
Google -- Google Web Toolkit | The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2378 OTHER-REF |
||
HP -- OpenVMS | Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." |
|
2.3 | CVE-2007-2468 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF |
||
Invision Power Services -- Invision Power Board | Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. |
|
3.7 | CVE-2007-2349 OTHER-REF FRSIRT SECUNIA XF |
||
ISC -- BIND | Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. |
|
2.7 | CVE-2007-2241 OTHER-REF FRSIRT SECTRACK SECUNIA |
||
jQuery -- jQuery | The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2379 OTHER-REF |
||
Mad4Milk -- Moo.fx | The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2382 OTHER-REF |
||
Microsoft -- Atlas framework | The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2380 OTHER-REF |
||
Mochikit -- MochiKit Framework | The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2381 OTHER-REF |
||
MoinMoin -- MoinMoin | Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
3.7 | CVE-2007-2423 BID |
||
Motobit -- Motobit | Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter. |
|
2.3 | CVE-2007-2486 MILW0RM XF |
||
myServer -- myServer | MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. |
|
3.3 | CVE-2007-2414 OTHER-REF OTHER-REF SECUNIA BID XF |
||
Novell -- eDirectory | ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. |
|
3.3 | CVE-2006-4520 IDEFENSE OTHER-REF BID FRSIRT SECTRACK XF |
||
Parallels -- Parallels Desktop | Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7. |
|
3.3 | CVE-2007-2455 OTHER-REF |
||
PHP -- PHP webSPELL -- webSPELL |
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. |
|
3.3 | CVE-2007-2369 MILW0RM |
||
Pi3Web -- Pi3Web Web Server | Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: as of 20070429, the vendor was unable to reproduce this issue, stating "Couldn't reproduce any crash." |
|
3.3 | CVE-2007-2415 OTHER-REF BID SECUNIA FRSIRT XF |
||
Progress -- WebSpeed Messenger | Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. |
|
3.3 | CVE-2007-2354 BUGTRAQ OTHER-REF |
||
PrototypeJS -- Prototype framework | The Prototype (prototypejs) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2383 OTHER-REF |
||
Red Hat -- Red Hat Enterprise Linux Desktop Red Hat -- Red Hat Enterprise Linux Desktop Workstation Red Hat -- Red Hat Enterprise Linux Linux -- Kernel |
Unspecified vulnerability in the utrace support for Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service |
|
2.3 | CVE-2007-0771 REDHAT BID SECTRACK SECUNIA |
||
rPath -- rPath Linux -- Kernel |
The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows local users to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. |
|
2.3 | CVE-2007-2436 OTHER-REF BID FRSIRT SECUNIA |
||
Script.aculo.us -- Script.aculo.us | The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2384 OTHER-REF |
||
Seir Anphin -- Seir Anphin | ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use. |
|
3.3 | CVE-2007-2412 BUGTRAQ VIM XF |
||
Sendcard -- Sendcard | Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter. |
|
2.3 | CVE-2007-2471 MILW0RM SECUNIA XF |
||
Sendcard -- Sendcard | Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
1.9 | CVE-2007-2472 SECUNIA |
||
Sun -- Solaris | Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. |
|
1.9 | CVE-2007-2465 SUNALERT BID FRSIRT SECTRACK SECUNIA XF |
||
Sun -- Java System Directory Server Sun -- ONE Directory Server |
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings. |
|
3.3 | CVE-2007-2466 SUNALERT BID FRSIRT SECTRACK SECUNIA XF |
||
Symantec -- LiveState Recovery Symantec -- Ghost Symantec -- BackupExec System Recovery Symantec -- Norton Save & Recovery |
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file. |
|
2.3 | CVE-2007-2361 IDEFENSE OTHER-REF SECTRACK XF |
||
Tecnick.com -- TCExam | shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php. |
|
3.3 | CVE-2007-2430 MILW0RM OTHER-REF |
||
Tony Cook -- Imager | Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via 4-bit/pixel BMP files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
3.3 | CVE-2007-2459 FRSIRT |
||
VMWare -- VMWare Workstation | The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). |
|
3.3 | CVE-2007-1069 OTHER-REF |
||
VMWare -- VMWare Workstation | The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. |
|
3.3 | CVE-2007-1337 OTHER-REF XF |
||
VMWare -- VMWare Workstation | Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. |
|
3.7 | CVE-2007-1744 IDEFENSE OTHER-REF BID SECTRACK |
||
VMWare -- VMWare Workstation | VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information. |
|
3.3 | CVE-2007-1877 OTHER-REF |
||
webSPELL -- webSPELL | picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. |
|
3.3 | CVE-2007-2368 MILW0RM |
||
Wserve HTTP Server -- Wserve HTTP Server | Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI. |
|
3.3 | CVE-2007-2367 BUGTRAQ BID |
||
X.Org -- Xserver X.Org -- X Window System |
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. |
|
2.0 | CVE-2007-2437 OTHER-REF SECTRACK XF |
||
Yahoo! -- Yahoo UI framework | The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
|
3.3 | CVE-2007-2385 OTHER-REF |
||
Zone Labs -- ZoneAlarm Pro | ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. |
|
2.3 | CVE-2007-2467 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA |
Vulnerability Summary for the Week of October 22, 2012
Posted on Tuesday October 30, 2012
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2daybiz -- video_community_portal_script | SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-10-25 | 7.5 | CVE-2011-5215 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4172 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4173 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4175, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4174 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-5273. | 2012-10-23 | 10.0 | CVE-2012-4175 |
adobe -- shockwave_player | Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors. | 2012-10-23 | 10.0 | CVE-2012-4176 |
adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-4175. | 2012-10-23 | 10.0 | CVE-2012-5273 |
apache -- open_for_business_project | Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors. | 2012-10-25 | 10.0 | CVE-2012-3506 |
apache -- cloudstack | Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | 2012-10-26 | 10.0 | CVE-2012-4501 |
apprain -- apprain | SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | 2012-10-25 | 7.5 | CVE-2011-5229 |
atutor -- acontent | Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php. | 2012-10-22 | 7.5 | CVE-2012-5167 |
atutor -- acontent | ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. | 2012-10-22 | 7.5 | CVE-2012-5168 |
browsercrm -- browsercrm | Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php. | 2012-10-25 | 7.5 | CVE-2011-5213 |
ca -- arcserve_backup | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. | 2012-10-20 | 7.5 | CVE-2012-2971 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962. | 2012-10-25 | 9.3 | CVE-2012-3936 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967. | 2012-10-25 | 9.3 | CVE-2012-3937 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583. | 2012-10-25 | 9.3 | CVE-2012-3938 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331. | 2012-10-25 | 9.3 | CVE-2012-3939 |
cisco -- webex_recording_format_player | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958. | 2012-10-25 | 9.3 | CVE-2012-3940 |
cisco -- webex_recording_format_player | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850. | 2012-10-25 | 9.3 | CVE-2012-3941 |
enterasys -- netsight | Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514. | 2012-10-25 | 10.0 | CVE-2011-5227 |
ibm -- xiv_storage_system_gen3 | The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports. | 2012-10-20 | 7.8 | CVE-2012-2167 |
ibm -- db2 | Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. | 2012-10-20 | 8.5 | CVE-2012-4826 |
intelliants -- subrion_cms | SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. | 2012-10-22 | 7.5 | CVE-2011-5212 |
intelliants -- subrion_cms | SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. | 2012-10-22 | 7.5 | CVE-2012-4772 |
jcore -- jcore | SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | 2012-10-22 | 7.5 | CVE-2012-4232 |
mnogosearch -- mnogosearch | SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link. | 2012-10-25 | 7.5 | CVE-2011-5235 |
mutiny -- standard | Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." | 2012-10-22 | 8.5 | CVE-2012-3001 |
neubivljiv -- dota_openstats | SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 2012-10-25 | 7.5 | CVE-2011-5218 |
novell -- zenworks_asset_management | The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | 2012-10-20 | 7.8 | CVE-2012-4933 |
openstack -- swift | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | 2012-10-22 | 7.5 | CVE-2012-4406 |
openx -- openx | SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | 2012-10-22 | 7.5 | CVE-2012-4990 |
scripte24shop -- php_flirt-projekt | SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter. | 2012-10-25 | 7.5 | CVE-2011-5222 |
scripte24shop -- social_network_community | SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter. | 2012-10-25 | 7.5 | CVE-2011-5234 |
seotoaster -- seotoaster | Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member. | 2012-10-25 | 7.5 | CVE-2011-5230 |
tibco -- formvine | The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 2012-10-24 | 7.5 | CVE-2012-5302 |
trioniclabs -- sentinel | SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2012-10-25 | 7.5 | CVE-2011-5224 |
troyef -- scorm_cloud | SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. | 2012-10-25 | 7.5 | CVE-2011-5216 |
videolan -- vlc_media_player | Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. | 2012-10-25 | 9.3 | CVE-2011-5231 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apprain -- apprain | Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter. | 2012-10-25 | 4.3 | CVE-2011-5228 |
atutor -- acontent | Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter. | 2012-10-22 | 4.3 | CVE-2012-5169 |
atutor -- acontent | SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | 2012-10-22 | 6.5 | CVE-2012-5453 |
atutor -- acontent | user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168. | 2012-10-22 | 6.5 | CVE-2012-5454 |
bastien_nocera -- libsocialweb | (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 2012-10-22 | 5.8 | CVE-2011-4129 |
bastien_nocera -- libsocialweb | services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 2012-10-22 | 5.8 | CVE-2012-4511 |
boiteaweb -- sentinel | Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2012-10-25 | 4.3 | CVE-2011-5225 |
boiteaweb -- sentinel | Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. | 2012-10-25 | 6.8 | CVE-2011-5226 |
browsercrm -- browsercrm | Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php. | 2012-10-25 | 4.3 | CVE-2011-5214 |
c61 -- tokyo_bbs | Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page. | 2012-10-26 | 4.3 | CVE-2012-4019 |
ca -- arcserve_backup | The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. | 2012-10-20 | 5.0 | CVE-2012-2972 |
cacti -- cacti | Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2012-10-25 | 4.3 | CVE-2011-5223 |
cipherdyne -- fwknop | fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address. | 2012-10-22 | 4.0 | CVE-2012-4435 |
cipherdyne -- fwknop | Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments. | 2012-10-22 | 4.4 | CVE-2012-4436 |
claws-mail -- claws-mail | The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. | 2012-10-22 | 4.3 | CVE-2012-4507 |
cristopher_shi -- php-scms | Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php. | 2012-10-25 | 4.3 | CVE-2011-5220 |
gnome -- gnome-keyring | GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | 2012-10-22 | 4.4 | CVE-2012-3466 |
hitachi -- jp1/serverconductor/deploymentmanager | Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. | 2012-10-25 | 5.0 | CVE-2011-5217 |
ibm -- aix | The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | 2012-10-20 | 6.8 | CVE-2012-4845 |
intelliants -- subrion_cms | Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. | 2012-10-22 | 4.3 | CVE-2011-5211 |
intelliants -- subrion_cms | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452. | 2012-10-22 | 4.3 | CVE-2012-4771 |
intelliants -- subrion_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/. | 2012-10-22 | 6.8 | CVE-2012-4773 |
intelliants -- subrion_cms | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2. | 2012-10-22 | 4.3 | CVE-2012-5452 |
irfanview -- flashpix_plugin | Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. | 2012-10-25 | 5.0 | CVE-2011-5232 |
irfanview -- irfanview | Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file. | 2012-10-25 | 4.3 | CVE-2011-5233 |
jcore -- jcore | Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 2012-10-22 | 4.3 | CVE-2012-4231 |
joomla -- joomla! | Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | 2012-10-22 | 4.3 | CVE-2012-5455 |
microsoft -- excel | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. | 2012-10-25 | 4.3 | CVE-2012-5672 |
mpdf1 -- mpdf | Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | 2012-10-25 | 5.0 | CVE-2011-5219 |
openfabrics -- librdmacm | librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service. | 2012-10-22 | 5.8 | CVE-2012-4516 |
openfabrics -- ibacm | ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. | 2012-10-22 | 5.0 | CVE-2012-4517 |
openx -- openx | Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action. | 2012-10-22 | 4.3 | CVE-2012-4989 |
otrs -- otrs | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element. | 2012-10-22 | 4.3 | CVE-2012-4751 |
phpmyadmin -- phpmyadmin | phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. | 2012-10-25 | 4.3 | CVE-2012-5368 |
phpmyfaq -- phpmyfaq | Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | 2012-10-22 | 4.3 | CVE-2010-4821 |
razorcms -- razorcms | Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action. | 2012-10-22 | 6.8 | CVE-2012-1900 |
redhat -- jboss_enterprise_application_platform | mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors. | 2012-10-22 | 4.3 | CVE-2012-1154 |
sitaram_chamarty -- gitolite | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. | 2012-10-22 | 4.6 | CVE-2012-4506 |
videolan -- vlc_media_player | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | 2012-10-26 | 4.3 | CVE-2012-5470 |
videousermanuals -- white-label-cms | Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences. | 2012-10-24 | 6.8 | CVE-2012-5387 |
videousermanuals -- white-label-cms | Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. | 2012-10-24 | 4.3 | CVE-2012-5388 |
websvn -- websvn | Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. | 2012-10-25 | 4.3 | CVE-2011-5221 |
wftpserver -- wing_ftp_server | Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands. | 2012-10-26 | 6.8 | CVE-2012-4729 |
zoner -- zoner_antivirus_free | The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files. | 2012-10-24 | 4.3 | CVE-2012-5456 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
openfabrics -- ibacm | ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. | 2012-10-22 | 3.6 | CVE-2012-4518 |
phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | 2012-10-25 | 3.5 | CVE-2012-5339 |
redhat -- rhncfg | Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file. | 2012-10-22 | 2.1 | CVE-2012-2679 |
Vulnerability Summary for the Week of December 10, 2007
Posted on Tuesday December 18, 2007
">
High Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Aurora -- Aurora Framework | SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information. |
|
7.5 | CVE-2007-6345 OTHER-REF SECUNIA |
||
AVS Media -- AVSMJPEGFILE.DLL | Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method. |
|
7.5 | CVE-2007-6327 MILW0RM OTHER-REF BID XF |
||
David Castro -- Apache_AuthCAS | SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. |
|
7.5 | CVE-2007-6342 BUGTRAQ BID |
||
DOSBox -- DOSBox | ** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem. |
|
7.2 | CVE-2007-6328 BUGTRAQ FRSIRT XF |
||
Falt4 CMS -- Falt4 Extreme RC4 | SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter. |
|
7.5 | CVE-2007-6311 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID |
||
GNU -- Emacs | Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. |
|
10.0 | CVE-2007-6109 SUSE OTHER-REF GENTOO SECUNIA XF |
||
HP -- OpenView Network Node Manager | Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe. |
|
10.0 | CVE-2007-6204 BUGTRAQ OTHER-REF HP BID FRSIRT SECTRACK SECUNIA XF |
||
HP -- Info Center | Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista. |
|
9.3 | CVE-2007-6331 MILW0RM OTHER-REF BID FRSIRT SECTRACK SECUNIA XF |
||
HP -- Info Center | The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. |
|
9.3 | CVE-2007-6332 MILW0RM OTHER-REF BID FRSIRT SECTRACK SECUNIA XF |
||
Meridian Software -- Prolog Manager | Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack. |
|
10.0 | CVE-2007-6330 BUGTRAQ BID XF |
||
Microsoft -- windows_media_format_runtime Microsoft -- windows_media_services Microsoft -- Media Format Runtime |
Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. |
|
9.3 | CVE-2007-0064 MS |
||
Microsoft -- Message Queuing MSMQ | Buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via unspecified vectors. NOTE: remote vectors exist for Windows 2000 Professional SP4 and Windows XP SP2; they are only local for the other operating systems. |
|
9.0 | CVE-2007-3039 MS |
||
Microsoft -- DirectX | Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. |
|
9.3 | CVE-2007-3895 MS FRSIRT SECUNIA |
||
Microsoft -- DirectX | Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted Synchronized Accessible Media Interchange (SAMI) file. |
|
10.0 | CVE-2007-3901 MS FRSIRT SECUNIA XF |
||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3903 and CVE-2007-5344, one variant of "Uninitialized Memory Corruption Vulnerability." |
|
10.0 | CVE-2007-3902 | ||
Microsoft -- windows-nt | Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." |
|
7.2 | CVE-2007-5350 MS |
||
scponly -- scponly | scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, and (3) svn , as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. |
|
8.5 | CVE-2007-6350 OTHER-REF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apache Software Foundation -- Apache HTTP Server | Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4.3 | CVE-2007-5000 OTHER-REF OTHER-REF OTHER-REF FRSIRT FRSIRT SECUNIA SECUNIA |
||
City Writer -- CityWriter | PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
|
6.8 | CVE-2007-6324 MILW0RM |
||
Drupal -- feature_module | Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. |
|
4.3 | CVE-2007-6320 OTHER-REF |
||
Ext2 Filesystems Utilities -- e2fsprogs | Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. |
|
5.8 | CVE-2007-5497 SUSE OTHER-REF DEBIAN UBUNTU BID FRSIRT SECUNIA SECUNIA SECUNIA XF MANDRIVA SECUNIA |
||
Falt4 CMS -- Falt4 Extreme RC4 | Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php). |
|
4.3 | CVE-2007-6310 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID |
||
Fastpublish -- Fastpublish CMS | PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726. |
|
6.8 | CVE-2007-6325 MILW0RM FRSIRT SECUNIA |
||
GNOME -- Balsa | Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. |
|
6.8 | CVE-2007-5007 MLIST OTHER-REF OTHER-REF OTHER-REF GENTOO SUSE BID FRSIRT SECUNIA SECUNIA SECUNIA |
||
HP -- Info Center | The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method. |
|
5.8 | CVE-2007-6333 MILW0RM OTHER-REF BID FRSIRT SECTRACK SECUNIA XF |
||
HP -- OpenView Network Node Manager | Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4.3 | CVE-2007-6343 HP FRSIRT SECTRACK SECUNIA |
||
HttpLogger -- HttpLogger | Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4.3 | CVE-2007-6308 OTHER-REF OTHER-REF SECUNIA |
||
IBM -- Hardware Management Console | Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." |
|
4.6 | CVE-2007-6305 OTHER-REF OTHER-REF SECUNIA |
||
JFree -- JFreeChart | Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area. |
|
4.3 | CVE-2007-6306 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID SECUNIA XF |
||
JFree -- JFreeChart | Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. |
|
4.3 | CVE-2007-6307 BUGTRAQ OTHER-REF BID SECUNIA XF |
||
Mcms -- Easy Web Make | Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. |
|
6.8 | CVE-2007-6344 MILW0RM BID SECUNIA XF |
||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." |
|
6.8 | CVE-2007-3903 MS |
||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, a variant of "Uninitialized Memory Corruption Vulnerability." |
|
6.8 | CVE-2007-5344 | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." |
|
6.8 | CVE-2007-5347 MS |
||
Microsoft -- windows-nt | Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." |
|
6.4 | CVE-2007-5351 MS |
||
Microsoft -- Office | Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. |
|
6.4 | CVE-2007-6329 BUGTRAQ BID |
||
MMS Gallery -- MMS Gallery PHP | Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/. |
|
5.0 | CVE-2007-6323 MILW0RM |
||
MySQL -- MySQL | MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. |
|
5.8 | CVE-2007-5970 OTHER-REF OTHER-REF |
||
MySQL -- MySQL | The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, does not properly handle a response with a small number of columns, which allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. |
|
5.0 | CVE-2007-6304 OTHER-REF OTHER-REF OTHER-REF OTHER-REF |
||
Novell -- NetMail | Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CVE-162." |
|
6.8 | CVE-2007-6302 OTHER-REF OTHER-REF FRSIRT SECUNIA BUGTRAQ OTHER-REF BID SECTRACK XF |
||
Rainboard -- Rainboard | Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4.3 | CVE-2007-6346 OTHER-REF OTHER-REF SECUNIA |
||
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server |
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. |
|
5.0 | CVE-2007-6314 BUGTRAQ OTHER-REF BID SECUNIA |
||
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server |
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference. |
|
4.0 | CVE-2007-6315 BUGTRAQ OTHER-REF BID SECUNIA |
||
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server |
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page. |
|
4.3 | CVE-2007-6316 BUGTRAQ OTHER-REF BID SECUNIA |
||
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server |
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. |
|
5.5 | CVE-2007-6317 BUGTRAQ OTHER-REF BID SECUNIA |
||
Red Hat -- enterprise_linux | The default configuration of autofs 5 in Red Hat Enterprise Linux (RHEL) 5 omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. |
|
6.9 | CVE-2007-5964 OTHER-REF REDHAT SECUNIA |
||
Roundcube Webmail Project -- Roundcube Webmail | Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. |
|
4.3 | CVE-2007-6321 BUGTRAQ OTHER-REF XF |
||
S9Y -- Serendipity | Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. |
|
4.3 | CVE-2007-6205 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA |
||
Samba -- Samba | Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. |
|
6.8 | CVE-2007-6015 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF REDHAT BID SECUNIA |
||
Sergey Lyubka -- Simple HTTPD | Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. |
|
5.0 | CVE-2007-6326 MILW0RM OTHER-REF BID XF |
||
Skype Technologies -- Skype | Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. |
|
6.8 | CVE-2007-5989 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA |
||
SquirrelMail -- SquirrelMail | SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. |
|
6.8 | CVE-2007-6348 OTHER-REF |
||
ViArt -- Helpdesk ViArt -- Shop Evaluation ViArt -- Shop Free ViArt -- CMS |
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information. |
|
6.8 | CVE-2007-6347 MILW0RM BID SECUNIA |
||
Websense -- Web Security Suite Websense -- Enterpise Websense -- Reporting Tools |
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field. |
|
4.3 | CVE-2007-6312 BUGTRAQ OTHER-REF OTHER-REF BID |
||
webSPELL -- webSPELL | Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action. |
|
4.3 | CVE-2007-6309 BUGTRAQ BID |
||
WordPress -- WordPress | SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. |
|
6.8 | CVE-2007-6318 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF FULLDISC |
||
xml2owl -- xml2owl | Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
|
5.0 | CVE-2007-6322 MILW0RM |
Low Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
MySQL -- MySQL | MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
|
3.5 | CVE-2007-6303 OTHER-REF OTHER-REF OTHER-REF OTHER-REF |
Vulnerability Summary for the Week of June 3, 2013
Posted on Tuesday June 11, 2013
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- mac_os_x | Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. | 2013-06-05 | 9.3 | CVE-2013-0984 |
google -- chrome | Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2013-06-04 | 7.5 | CVE-2013-2854 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | 2013-06-04 | 7.5 | CVE-2013-2856 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. | 2013-06-04 | 7.5 | CVE-2013-2857 |
google -- chrome | Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2013-06-04 | 7.5 | CVE-2013-2858 |
google -- chrome | Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | 2013-06-04 | 7.5 | CVE-2013-2859 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. | 2013-06-04 | 7.5 | CVE-2013-2860 |
google -- chrome | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2013-06-04 | 7.5 | CVE-2013-2861 |
google -- chrome | Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2013-06-04 | 7.5 | CVE-2013-2862 |
google -- chrome | Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2013-06-04 | 10.0 | CVE-2013-2863 |
google -- chrome | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2013-06-04 | 7.5 | CVE-2013-2865 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629. | 2013-06-06 | 10.0 | CVE-2013-2324 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633. | 2013-06-06 | 10.0 | CVE-2013-2325 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634. | 2013-06-06 | 10.0 | CVE-2013-2326 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635. | 2013-06-06 | 10.0 | CVE-2013-2327 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636. | 2013-06-06 | 10.0 | CVE-2013-2328 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637. | 2013-06-06 | 10.0 | CVE-2013-2329 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638. | 2013-06-06 | 10.0 | CVE-2013-2330 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652. | 2013-06-06 | 10.0 | CVE-2013-2331 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654. | 2013-06-06 | 10.0 | CVE-2013-2332 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. | 2013-06-06 | 10.0 | CVE-2013-2333 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681. | 2013-06-06 | 10.0 | CVE-2013-2334 |
hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733. | 2013-06-06 | 10.0 | CVE-2013-2335 |
ibm -- tivoli_netcool_application_service_monitors | Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory. | 2013-06-04 | 7.6 | CVE-2013-0508 |
ibm -- tivoli_netcool_application_service_monitors | Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder. | 2013-06-04 | 7.6 | CVE-2013-0509 |
ibm -- db2 | Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors. | 2013-06-04 | 7.2 | CVE-2013-3475 |
isc -- bind | resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone. | 2013-06-06 | 7.8 | CVE-2013-3919 |
linux -- linux_kernel | Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. | 2013-06-07 | 7.9 | CVE-2013-2850 |
mutiny -- mutiny | Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation. | 2013-06-01 | 8.5 | CVE-2013-0136 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
algisinfo -- aicontactsafe | Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-05-31 | 4.3 | CVE-2013-3719 |
apache -- tomcat | Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. | 2013-06-01 | 5.0 | CVE-2012-3544 |
apache -- tomcat | java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. | 2013-06-01 | 6.8 | CVE-2013-2067 |
apple -- mac_os_x | Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 2013-06-05 | 6.8 | CVE-2013-0975 |
apple -- mac_os_x | Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. | 2013-06-05 | 6.8 | CVE-2013-0983 |
apple -- mac_os_x | SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | 2013-06-05 | 4.9 | CVE-2013-0990 |
apple -- safari | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. | 2013-06-05 | 6.8 | CVE-2013-1009 |
apple -- safari | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. | 2013-06-05 | 4.3 | CVE-2013-1012 |
apple -- safari | XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | 2013-06-05 | 4.3 | CVE-2013-1013 |
apple -- safari | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. | 2013-06-05 | 6.8 | CVE-2013-1023 |
apple -- mac_os_x | CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 2013-06-05 | 6.8 | CVE-2013-1024 |
apple -- iphone_os | Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. | 2013-06-05 | 4.3 | CVE-2013-3948 |
apple -- iphone_os | Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | 2013-06-05 | 5.0 | CVE-2013-3950 |
apple -- iphone_os | sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | 2013-06-05 | 4.6 | CVE-2013-3951 |
apple -- mac_os_x | The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | 2013-06-05 | 4.9 | CVE-2013-3953 |
apple -- mac_os_x | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | 2013-06-05 | 5.4 | CVE-2013-3954 |
cisco -- webex_meetings_server | The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. | 2013-06-06 | 4.3 | CVE-2013-1205 |
cisco -- telepresence_system_software | Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610. | 2013-05-31 | 6.8 | CVE-2013-1246 |
cisco -- prime_infrastructure | Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356. | 2013-05-31 | 4.3 | CVE-2013-1247 |
feedweb -- feedweb | Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. | 2013-05-31 | 4.3 | CVE-2013-3720 |
fenrir-inc -- sleipnir_mobile | The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. | 2013-06-03 | 5.8 | CVE-2013-2317 |
google -- chrome | The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2013-06-04 | 5.0 | CVE-2013-2855 |
ibm -- eclipse_help_system | Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2013-06-03 | 4.3 | CVE-2013-0464 |
ibm -- websphere_portal | Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2013-06-03 | 4.3 | CVE-2013-0549 |
ibm -- qradar_security_information_and_event_manager | Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors. | 2013-06-03 | 6.5 | CVE-2013-2970 |
linux -- linux_kernel | The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet. | 2013-06-07 | 6.8 | CVE-2011-4604 |
linux -- linux_kernel | Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. | 2013-06-07 | 4.4 | CVE-2013-1929 |
linux -- linux_kernel | The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. | 2013-06-07 | 4.9 | CVE-2013-2128 |
linux -- linux_kernel | arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. | 2013-06-07 | 4.7 | CVE-2013-2146 |
linux -- linux_kernel | Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. | 2013-06-07 | 6.0 | CVE-2013-2851 |
linux -- linux_kernel | Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. | 2013-06-07 | 6.9 | CVE-2013-2852 |
photogallerycreator -- flash-album-gallery | Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. | 2013-06-01 | 4.3 | CVE-2013-3261 |
php -- php | ** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id." | 2013-05-31 | 5.0 | CVE-2013-3735 |
tibco -- silver_mobile | The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors. | 2013-05-31 | 6.5 | CVE-2013-3315 |
yahoo -- yahoo!_browser | The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. | 2013-06-03 | 5.8 | CVE-2013-2316 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
N/A -- N/A | The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. | 2013-06-04 | 0.0 | CVE-2013-2864 |
apache -- tomcat | java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. | 2013-06-01 | 2.6 | CVE-2013-2071 |
apple -- mac_os_x | The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | 2013-06-05 | 1.7 | CVE-2013-0982 |
apple -- mac_os_x | Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | 2013-06-05 | 2.1 | CVE-2013-0985 |
apple -- mac_os_x | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. | 2013-06-05 | 2.1 | CVE-2013-3949 |
apple -- mac_os_x | The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. | 2013-06-05 | 2.1 | CVE-2013-3952 |
apple -- iphone_os | The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. | 2013-06-05 | 3.7 | CVE-2013-3955 |
ibm -- websphere_portal | CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2013-06-03 | 3.5 | CVE-2013-2950 |
jig -- movatwitouch | The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application. | 2013-06-06 | 2.6 | CVE-2013-2318 |
linux -- linux_kernel | The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. | 2013-06-07 | 2.1 | CVE-2013-2141 |
linux -- linux_kernel | The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. | 2013-06-07 | 2.1 | CVE-2013-2147 |
linux -- linux_kernel | The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. | 2013-06-07 | 2.1 | CVE-2013-2148 |
Vulnerability Summary for the Week of July 21, 2008
Posted on Tuesday July 29, 2008
">
High Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
alphadmin -- alphadmin_cms | AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
7.5 | CVE-2008-3300 BID |
||
AlstraSoft -- Affiliate Network Pro | SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action. |
|
7.5 | CVE-2008-3240 MILW0RM BID |
||
aprox -- aprox_cms_engine aprox -- aproxengine |
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
7.5 | CVE-2008-3291 MILW0RM OTHER-REF BID XF |
||
arctictracker -- arctic_issue_tracker | SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter. |
|
7.5 | CVE-2008-3250 MILW0RM BID |
||
Asterisk -- Asterisk | Asterisk allows remote attackers to cause a denial of service (CPU consumption) by quickly sending a large number of IAX POKE requests. |
|
7.8 | CVE-2008-3263 OTHER-REF BID XF |
||
Asterisk -- AsteriskNOW Asterisk -- Asterisk Business Edition Asterisk -- Asterisk Appliance Developer Kit Asterisk -- Open Source |
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. |
|
7.8 | CVE-2008-3264 OTHER-REF BID |
||
cable-modems -- phphoo3 | SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter. |
|
7.5 | CVE-2008-3245 MILW0RM BID XF |
||
Drupal -- Drupal | Session fixation vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. |
|
7.5 | CVE-2008-3222 MLIST OTHER-REF |
||
eSyndicat -- esyndicat | eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
7.5 | CVE-2008-3299 BID |
||
Fedora -- newsx | Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. |
|
10.0 | CVE-2008-3252 FEDORA FEDORA BID XF |
||
iamilkay -- yuhhu_pubs_black_cat | SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter. |
|
7.5 | CVE-2008-3206 BUGTRAQ BID XF |
||
Linux -- Kernel | The LDT implementation in the Linux kernel 2.6.25.x on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors. |
|
7.2 | CVE-2008-3247 OTHER-REF |
||
MojoScripts -- mojojobs | SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. |
|
7.5 | CVE-2008-3267 MILW0RM XF |
||
Oracle -- weblogic_server BEA Systems -- WebLogic Server BEA Systems -- apache_connector_in_weblogic_server |
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. NOTE: it is possible that this overlaps CVE-2008-2579 or another issue disclosed in Oracle's CPUJul2008 advisory. |
|
10.0 | CVE-2008-3257 MILW0RM VIM VIM SECTRACK XF |
||
ppmate -- ppmedia_class | Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information. |
|
10.0 | CVE-2008-3242 MILW0RM BID XF |
||
pragyan -- praygan_cms | PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter. |
|
9.3 | CVE-2008-3207 MILW0RM BID XF |
||
RIM -- blackberry_enterprise_server_for_exchange RIM -- blackberry_enterprise_server_for_domino Blackberry -- enterprise_server RIM -- blackberry_enterprise_server_for_novell_groupwise Blackberry -- unite RIM -- Blackberry Enterprise Server RIM -- blackberry_unite |
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. |
|
9.3 | CVE-2008-3246 OTHER-REF OTHER-REF CERT-VN SECTRACK SECUNIA XF XF |
||
Siteframe -- siteframe_cms Siteframe -- Siteframe Beaumont |
SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
7.5 | CVE-2008-3256 MILW0RM BID |
||
Social Engine -- Social Engine | Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php. |
|
7.5 | CVE-2008-3297 BUGTRAQ BID XF |
||
Softacid -- hotel_reservation_system_multi | SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter. |
|
7.5 | CVE-2008-3266 MILW0RM BID |
||
TPL Design -- tplsoccersite | Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. |
|
7.5 | CVE-2008-3251 MILW0RM XF |
||
ultrastats -- ultrastats | SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
7.5 | CVE-2008-3241 MILW0RM OTHER-REF BID |
||
XOOPS -- Xoops | Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
7.5 | CVE-2008-3296 BID XF |
||
Zoph -- Zoph | Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
7.5 | CVE-2008-3258 OTHER-REF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
alain_barbet -- filesys_smbclientparser | The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters. |
|
6.8 | CVE-2008-3285 BUGTRAQ BID XF |
||
BrickHost -- phpScheduleIt | Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. |
|
6.8 | CVE-2008-3268 OTHER-REF BID XF |
||
Carlos Desseno -- youtube_blog | Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter. |
|
4.3 | CVE-2008-3305 MILW0RM BID XF |
||
Citrix -- xenserver | Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4.3 | CVE-2008-3253 OTHER-REF BID SECTRACK XF |
||
Clam Anti-Virus -- ClamAV | libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. |
|
5.0 | CVE-2008-3215 MLIST MLIST OTHER-REF OTHER-REF |
||
Claroline -- Claroline | Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/. |
|
4.3 | CVE-2008-3260 BUGTRAQ OTHER-REF OTHER-REF BID XF |
||
Claroline -- Claroline | Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
|
4.3 | CVE-2008-3261 BUGTRAQ OTHER-REF OTHER-REF BID XF |
||
Claroline -- Claroline | Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password. |
|
5.8 | CVE-2008-3262 BUGTRAQ OTHER-REF OTHER-REF XF |
||
Debian -- projectl | The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack. |
|
4.6 | CVE-2008-3216 MLIST OTHER-REF |
||
Drupal -- Drupal | Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. |
|
4.3 | CVE-2008-3218 MLIST OTHER-REF |
||
Drupal -- Drupal | The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. |
|
5.0 | CVE-2008-3219 MLIST |
||
EMC -- dantz_retrospect_backup_server | The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords. |
|
5.0 | CVE-2008-3288 BUGTRAQ OTHER-REF |
||
EMC Dantz -- Retrospect Backup Client | retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. |
|
5.0 | CVE-2008-3287 BUGTRAQ BID |
||
EMC Dantz -- Retrospect Backup Client | EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. |
|
5.8 | CVE-2008-3289 BUGTRAQ OTHER-REF |
||
EMC Dantz -- Retrospect Backup Client | retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version. |
|
5.0 | CVE-2008-3290 BUGTRAQ BID |
||
EZWebAlbum -- EZWebAlbum | constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. |
|
6.4 | CVE-2008-3292 MILW0RM BID XF |
||
EZWebAlbum -- EZWebAlbum | Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter. |
|
5.0 | CVE-2008-3293 MILW0RM BID XF |
||
F-Prot -- F-Prot Antivirus F-Prot -- scanning_engine |
Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash. |
|
4.3 | CVE-2008-3243 OTHER-REF BID |
||
F-Prot -- F-Prot Antivirus F-Prot -- scanning_engine |
The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read. |
|
4.3 | CVE-2008-3244 OTHER-REF OTHER-REF BID SECTRACK XF |
||
Joomla -- com_dtregister | SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. |
|
6.8 | CVE-2008-3265 MILW0RM OTHER-REF BID XF |
||
Lenovo -- thinkvantage_system_update | The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. |
|
5.1 | CVE-2008-3249 OTHER-REF |
||
ln-lab -- webproxy | Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4.3 | CVE-2008-3255 OTHER-REF OTHER-REF BID XF |
||
opensuse -- libxcrypt | libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. |
|
6.2 | CVE-2008-3188 | ||
precoc -- precms | SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action. |
|
6.8 | CVE-2008-3254 MILW0RM BID XF |
||
Sierra -- SWAT 4 | SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string. |
|
5.0 | CVE-2008-3286 OTHER-REF OTHER-REF BID XF XF |
||
Social Engine -- Social Engine | SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code. |
|
6.0 | CVE-2008-3298 BUGTRAQ XF |
||
tuxplanet -- bilboblog | SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter. |
|
6.0 | CVE-2008-3302 MILW0RM XF |
||
tuxplanet -- bilboblog | admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. |
|
6.8 | CVE-2008-3303 MILW0RM BID XF |
||
tuxplanet -- bilboblog | BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message. |
|
5.0 | CVE-2008-3304 MILW0RM XF |
||
VIM Development Group -- VIM | src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by writing to this file during a time window associated with a race condition. |
|
4.6 | CVE-2008-3294 FULLDISC |
||
winsoftmagic -- winremotepc_full winsoftmagic -- winremotepc_lite |
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321. |
|
5.0 | CVE-2008-3269 MILW0RM BID |
||
XOOPS -- Xoops | Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
4.3 | CVE-2008-3295 BID XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product |
Description |
|
CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
OpenBSD -- OpenSSH OpenSSH -- OpenSSH |
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. |
|
1.2 | CVE-2008-3259 OTHER-REF OTHER-REF BID |
||
tuxplanet -- bilboblog | Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information. |
|
3.5 | CVE-2008-3301 MILW0RM BID XF |
Vulnerability Summary for the Week of December 30, 2013
Posted on Tuesday January 07, 2014
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
emc -- replication_manager | Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. | 2013-12-27 | 7.2 | CVE-2013-6182 |
esri -- arcgis | SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | 2013-12-29 | 7.5 | CVE-2013-7232 |
hp -- application_information_optimizer | Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666. | 2013-12-28 | 10.0 | CVE-2013-6189 |
ibm -- i | The OSPF implementation in IBM i 6.1 and 7.1, and in z/OS on zSeries servers, does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | 2014-01-02 | 8.5 | CVE-2013-5385 |
irfanview -- irfanview | Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. | 2013-12-27 | 7.6 | CVE-2013-6932 |
microsoft -- internet_explorer | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161. | 2013-12-28 | 9.3 | CVE-2013-3846 |
op5 -- monitor | license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. | 2013-12-31 | 10.0 | CVE-2012-0261 |
op5 -- monitor | op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. | 2013-12-31 | 10.0 | CVE-2012-0262 |
op5 -- monitor | op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. | 2013-12-31 | 10.0 | CVE-2012-0264 |
openx -- openx_source | SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. | 2013-12-27 | 7.5 | CVE-2013-7149 |
realvnc -- realvnc | RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | 2013-12-27 | 7.2 | CVE-2013-6886 |
synology -- diskstation_manager | Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. | 2013-12-31 | 7.5 | CVE-2013-6987 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adtran -- netvanta_7060 | Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-29 | 4.3 | CVE-2013-5210 |
barebones -- bbedit | The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates. | 2013-12-31 | 6.4 | CVE-2013-3667 |
cisco -- ios_xe | Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | 2013-12-27 | 5.4 | CVE-2013-6981 |
cisco -- unified_presence_server | SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | 2013-12-31 | 6.5 | CVE-2013-6983 |
cloudbees -- jenkins | Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. | 2013-12-31 | 4.3 | CVE-2013-5573 |
cybozu -- garoon | Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | 2013-12-27 | 5.8 | CVE-2013-6006 |
cybozu -- garoon | SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | 2013-12-27 | 6.5 | CVE-2013-6929 |
fatfreecrm -- fat_free_crm | config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code. | 2014-01-02 | 5.0 | CVE-2013-7222 |
fatfreecrm -- fat_free_crm | Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb. | 2014-01-02 | 6.8 | CVE-2013-7223 |
fatfreecrm -- fat_free_crm | Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. | 2014-01-02 | 5.0 | CVE-2013-7224 |
fatfreecrm -- fat_free_crm | Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature. | 2014-01-02 | 6.5 | CVE-2013-7225 |
fatfreecrm -- fat_free_crm | Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224. | 2014-01-02 | 5.0 | CVE-2013-7249 |
hot -- hotbox_router | The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | 2013-12-29 | 5.8 | CVE-2013-5038 |
hot -- hotbox_router | Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. | 2013-12-29 | 5.4 | CVE-2013-5039 |
hot -- hotbox_router | goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. | 2013-12-29 | 6.1 | CVE-2013-5220 |
hp -- service_manager | Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. | 2013-12-28 | 5.2 | CVE-2013-6197 |
hp -- service_manager | Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-28 | 4.3 | CVE-2013-6198 |
jforum -- jforum | Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action. | 2013-12-30 | 6.8 | CVE-2013-7209 |
joomla -- joomla! | Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2013-12-28 | 4.3 | CVE-2013-5583 |
matrix42 -- service_store | Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string. | 2013-12-28 | 4.3 | CVE-2013-2504 |
microsoft -- windows_movie_maker | Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | 2013-12-29 | 4.3 | CVE-2013-4858 |
mislav_marohnic -- will_paginate | Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. | 2013-12-31 | 4.3 | CVE-2013-6459 |
nextdc -- onedc | The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2013-12-27 | 5.8 | CVE-2013-6812 |
novell -- identity_manager_roles_based_provisioning_module | Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. | 2013-12-27 | 4.3 | CVE-2013-1096 |
ntp -- ntp | The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. | 2014-01-02 | 5.0 | CVE-2013-5211 |
op5 -- monitor | monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config. | 2013-12-31 | 4.0 | CVE-2012-0263 |
openssl -- openssl | The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. | 2014-01-01 | 5.8 | CVE-2013-6450 |
projectforge -- projectforge | Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2) web/core/, (3) web/dialog/, (4) web/fibu/, (5) web/mobile/, (6) web/task/, or (7) web/wicket/. | 2014-01-02 | 6.8 | CVE-2013-7251 |
ubnt -- unifi | Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. | 2013-12-31 | 4.3 | CVE-2013-3572 |
wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. | 2013-12-29 | 6.8 | CVE-2013-7233 |
zend -- zendto | Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. | 2013-12-27 | 4.3 | CVE-2013-6808 |
zenphoto -- zenphoto | Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI. | 2013-12-31 | 4.3 | CVE-2013-7241 |
zenphoto -- zenphoto | SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter. | 2013-12-31 | 6.5 | CVE-2013-7242 |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
emc -- watch4net | EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. | 2013-12-27 | 2.1 | CVE-2013-6181 |
esri -- arcgis | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-29 | 3.5 | CVE-2013-5222 |
esri -- arcgis | Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. | 2013-12-29 | 3.5 | CVE-2013-7231 |
hot -- hotbox_router | The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. | 2013-12-29 | 3.3 | CVE-2013-5037 |
hot -- hotbox_router | Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. | 2013-12-29 | 2.9 | CVE-2013-5218 |
hot -- hotbox_router | Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd. | 2013-12-29 | 3.3 | CVE-2013-5219 |
projectforge -- projectforge | Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message. | 2014-01-02 | 3.5 | CVE-2011-5269 |
projectforge -- projectforge | Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java. | 2014-01-02 | 3.5 | CVE-2013-7250 |
Vulnerability Summary for the Week of October 24, 2022
Posted on Tuesday November 01, 2022
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web -- form_maker | The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 2022-10-25 | 7.2 | CVE-2022-3300 CONFIRM |
adenion -- blog2social | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers | 2022-10-25 | 8.8 | CVE-2022-3246 CONFIRM |
adobe -- illustrator |
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-25 | 7.8 | CVE-2022-38435 MISC |
adobe-- illustrator |
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-25 | 7.8 | CVE-2022-38436 MISC |
advantech -- r-seenet | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. | 2022-10-27 | 9.8 | CVE-2022-3385 MISC |
advantech -- r-seenet | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. | 2022-10-27 | 9.8 | CVE-2022-3386 MISC |
apache -- batik | A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | 2022-10-25 | 7.5 | CVE-2022-41704 MISC MLIST MLIST DEBIAN |
apache -- batik | A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | 2022-10-25 | 7.5 | CVE-2022-42890 MISC MLIST MLIST DEBIAN |
apache -- flume | Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | 2022-10-26 | 9.8 | CVE-2022-42468 CONFIRM CONFIRM CONFIRM |
apache -- heron | Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. | 2022-10-24 | 9.8 | CVE-2021-42010 MISC MLIST |
apache -- iotdb | Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. | 2022-10-26 | 7.5 | CVE-2022-43766 CONFIRM |
apache -- linkis | In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0. | 2022-10-26 | 8.8 | CVE-2022-39944 CONFIRM |
arm -- midguard_gpu_kernel_driver | An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory. | 2022-10-25 | 8.8 | CVE-2022-38181 MISC MISC |
autodesk -- autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-41309 MISC |
autodesk -- autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-41310 MISC |
autodesk -- autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42933 MISC |
autodesk -- autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42934 MISC |
autodesk -- autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42935 MISC |
autodesk -- autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42936 MISC |
autodesk -- autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42937 MISC |
autodesk -- autocad_plant_3d | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42938 MISC |
autodesk -- autocad_plant_3d | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42939 MISC |
autodesk -- autocad_plant_3d | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42940 MISC |
autodesk -- autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42941 MISC |
autodesk -- autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42942 MISC |
autodesk -- autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42943 MISC |
autodesk -- autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42944 MISC |
automox -- automox | The Automox Agent before 40 on Windows incorrectly sets permissions on key files. | 2022-10-21 | 7.8 | CVE-2022-36122 MISC MISC |
axiosys -- bento4 | A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3662 MISC MISC MISC |
axiosys -- bento4 | A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004. | 2022-10-26 | 7.8 | CVE-2022-3664 MISC MISC MISC |
axiosys -- bento4 | A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3665 MISC MISC MISC |
axiosys -- bento4 | A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3666 MISC MISC MISC |
axiosys -- bento4 | A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3670 MISC MISC MISC |
axiosys -- bento4 | A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007. | 2022-10-26 | 7.5 | CVE-2022-3667 MISC MISC MISC |
baramundi -- management_suite | baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2. | 2022-10-26 | 9.8 | CVE-2022-43747 MISC |
barangay_management_system_project -- barangay_management_system | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. | 2022-10-28 | 7.2 | CVE-2022-43228 MISC |
bestwebsoft -- post_to_csv | The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | 2022-10-25 | 9.8 | CVE-2022-3393 CONFIRM |
broadcom -- fabric_operating_system | Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | 2022-10-25 | 8.8 | CVE-2022-28169 MISC |
broadcom -- fabric_operating_system | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | 2022-10-25 | 8.8 | CVE-2022-33179 MISC |
broadcom -- fabric_operating_system | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | 2022-10-25 | 8.8 | CVE-2022-33183 MISC |
broadcom -- fabric_operating_system | A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | 2022-10-25 | 7.8 | CVE-2022-33182 MISC |
broadcom -- fabric_operating_system | A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | 2022-10-25 | 7.8 | CVE-2022-33184 MISC |
broadcom -- fabric_operating_system | Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | 2022-10-25 | 7.8 | CVE-2022-33185 MISC |
broadcom -- fabric_operating_system | A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | 2022-10-25 | 7.2 | CVE-2022-33178 MISC |
canteen_management_system_project -- canteen_management_system | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-28 | 7.2 | CVE-2022-43231 MISC |
canteen_management_system_project -- canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. | 2022-10-28 | 7.2 | CVE-2022-43232 MISC |
canteen_management_system_project -- canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. | 2022-10-28 | 7.2 | CVE-2022-43233 MISC |
canteen_management_system_project -- canteen_management_system | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-28 | 7.2 | CVE-2022-43275 MISC |
canteen_management_system_project -- canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. | 2022-10-28 | 7.2 | CVE-2022-43276 MISC |
cert -- vince | A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed. | 2022-10-26 | 8.8 | CVE-2022-40238 MISC |
cleantalk -- spam_protection\,_antispam\,_firewall | The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | 2022-10-25 | 7.2 | CVE-2022-3302 CONFIRM |
dataease -- dataease | Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue. | 2022-10-25 | 9.8 | CVE-2022-39312 MISC MISC MISC CONFIRM |
dell -- emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | 2022-10-21 | 7.5 | CVE-2022-34439 CONFIRM |
dell -- powerstoreos | Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. | 2022-10-21 | 9.8 | CVE-2022-26870 CONFIRM |
deltaww -- diaenergie | The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 2022-10-26 | 9.8 | CVE-2022-43774 MISC |
deltaww -- diaenergie | The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 2022-10-26 | 9.8 | CVE-2022-43775 MISC |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | 2022-10-27 | 8.8 | CVE-2022-40967 MISC |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | 2022-10-27 | 8.8 | CVE-2022-41133 MISC |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | 2022-10-27 | 8.8 | CVE-2022-41773 MISC |
discourse -- patreon | Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. | 2022-10-26 | 9.8 | CVE-2022-39355 MISC CONFIRM |
dlink -- dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. | 2022-10-26 | 9.8 | CVE-2022-42998 MISC MISC |
dlink -- dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. | 2022-10-26 | 9.8 | CVE-2022-43000 MISC MISC |
dlink -- dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. | 2022-10-26 | 9.8 | CVE-2022-43001 MISC MISC |
dlink -- dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. | 2022-10-26 | 9.8 | CVE-2022-43002 MISC MISC |
dlink -- dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. | 2022-10-26 | 9.8 | CVE-2022-43003 MISC MISC |
dlink -- dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | 2022-10-26 | 7.5 | CVE-2022-42999 MISC MISC |
elearning_system_project -- elearning_system | A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. | 2022-10-26 | 9.8 | CVE-2022-3671 N/A N/A |
employee_record_management_system_project -- employee_record_management_system | Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | 2022-10-28 | 9.8 | CVE-2021-37782 MISC MISC |
evm_project -- evm | SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds. | 2022-10-25 | 7.5 | CVE-2022-39354 MISC CONFIRM |
exiv2 -- exiv2 | A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348. | 2022-10-27 | 9.8 | CVE-2022-3717 MISC MISC |
exiv2 -- exiv2 | A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability. | 2022-10-27 | 9.8 | CVE-2022-3719 MISC MISC MISC |
extended_keccak_code_package_project -- extended_keccak_code_package | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | 2022-10-21 | 9.8 | CVE-2022-37454 MISC MISC MISC MISC |
f5 -- nginx | A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability. | 2022-10-21 | 7.5 | CVE-2022-3638 N/A N/A N/A |
featherjs -- feathers-sequelize | Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | 2022-10-26 | 9.8 | CVE-2022-2422 CONFIRM CONFIRM |
featherjs -- feathers-sequelize | Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | 2022-10-26 | 9.8 | CVE-2022-29822 CONFIRM CONFIRM |
featherjs -- feathers-sequelize | Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. | 2022-10-26 | 9.8 | CVE-2022-29823 CONFIRM CONFIRM |
free5gc -- free5gc | Free5gc v3.2.1 is vulnerable to Information disclosure. | 2022-10-25 | 7.5 | CVE-2022-38870 MISC |
gin-vue-admin_project -- gin-vue-admin | Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. | 2022-10-24 | 9.8 | CVE-2022-39305 MISC CONFIRM |
gin-vue-admin_project -- gin-vue-admin | Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. | 2022-10-25 | 7.5 | CVE-2022-39345 CONFIRM MISC MISC MISC |
github -- runner | GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered in versions prior to 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4 that allows an input to escape the environment variable and modify that docker command invocation directly. Jobs that use container actions, job containers, or service containers alongside untrusted user inputs in environment variables may be vulnerable. The Actions Runner has been patched, both on `github.com` and hotfixes for GHES and GHAE customers in versions 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. GHES and GHAE customers may want to patch their instance in order to have their runners automatically upgrade to these new runner versions. As a workaround, users may consider removing any container actions, job containers, or service containers from their jobs until they are able to upgrade their runner versions. | 2022-10-25 | 9.9 | CVE-2022-39321 MISC MISC CONFIRM |
gnu -- libtasn1 | GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | 2022-10-24 | 9.1 | CVE-2021-46848 MISC MISC MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z. | 2022-10-25 | 10 | CVE-2022-33192 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z. | 2022-10-25 | 10 | CVE-2022-33193 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`. | 2022-10-25 | 10 | CVE-2022-33194 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`. | 2022-10-25 | 10 | CVE-2022-33195 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33204 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33205 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33206 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33207 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-27804 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-27805 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29472 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29477 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29520 MISC |
goabode -- iota_all-in-one_security_kit_firmware | A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29889 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-30541 MISC |
goabode -- iota_all-in-one_security_kit_firmware | A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-32454 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-32773 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-33189 MISC |
goabode -- iota_all-in-one_security_kit_firmware | A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-33938 MISC |
goabode -- iota_all-in-one_security_kit_firmware | A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-35244 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35874 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35875 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35876 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35877 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 8.8 | CVE-2022-30603 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 8.8 | CVE-2022-32586 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 8.8 | CVE-2022-32775 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35878 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35879 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35880 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35881 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35884 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35885 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35886 MISC |
goabode -- iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35887 MISC |
goabode -- iota_all-in-one_security_kit_firmware | An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-10-25 | 8.1 | CVE-2022-29475 MISC |
goabode -- iota_all-in-one_security_kit_firmware | A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 7.5 | CVE-2022-32760 MISC |
gradle -- enterprise | A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. | 2022-10-21 | 7.5 | CVE-2022-41575 MISC MISC |
hospital_management_system_project -- hospital_management_system | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | 2022-10-28 | 8.8 | CVE-2021-35387 MISC MISC |
iij -- iij_smartkey | Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. | 2022-10-24 | 7.5 | CVE-2022-41986 MISC MISC |
jflyfox -- jfinal_cms | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list | 2022-10-26 | 8.8 | CVE-2022-37202 MISC MISC |
jupyter -- jupyter_core | Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. | 2022-10-26 | 8.8 | CVE-2022-39286 MISC CONFIRM |
kadencewp -- kadence_woocommerce_email_designer | The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 2022-10-25 | 7.2 | CVE-2022-3335 CONFIRM |
kartverket -- github-workflows | kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the context of the workflow. Users should upgrade to at least version 2.7.5 to resolve the issue. As a workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build. | 2022-10-25 | 8.8 | CVE-2022-39326 CONFIRM MISC MISC |
keystonejs -- keystone | @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field. | 2022-10-25 | 9.8 | CVE-2022-39322 CONFIRM MISC |
lannerinc -- iac-ast2500_firmware | Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | 2022-10-24 | 8.1 | CVE-2021-4228 MISC |
lannerinc -- iac-ast2500a_firmware | Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26727 MISC MISC |
lannerinc -- iac-ast2500a_firmware | Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26728 MISC MISC |
lannerinc -- iac-ast2500a_firmware | Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26729 MISC MISC |
lannerinc -- iac-ast2500a_firmware | A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26730 MISC MISC |
lannerinc -- iac-ast2500a_firmware | Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26731 MISC MISC |
lannerinc -- iac-ast2500a_firmware | Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-46279 MISC MISC |
lannerinc -- iac-ast2500a_firmware | A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 7.5 | CVE-2021-26733 MISC MISC |
lannerinc -- iac-ast2500a_firmware | A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 7.5 | CVE-2021-44467 MISC MISC |
lannerinc -- iac-ast2500a_firmware | An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 7.5 | CVE-2021-44769 MISC MISC |
libexpat_project -- libexpat | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 2022-10-24 | 7.5 | CVE-2022-43680 MISC MISC MISC MLIST DEBIAN |
linux -- linux_kernel | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. | 2022-10-21 | 9.8 | CVE-2022-3649 N/A N/A |
linux -- linux_kernel | A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. | 2022-10-21 | 8.8 | CVE-2022-3640 MISC MISC |
linux -- linux_kernel | A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. | 2022-10-21 | 7.8 | CVE-2022-3625 N/A N/A |
linux -- linux_kernel | A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935. | 2022-10-21 | 7.8 | CVE-2022-3636 N/A N/A |
linux -- linux_kernel | drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. | 2022-10-26 | 7.8 | CVE-2022-43750 MISC MISC MISC MISC |
linux -- linux_kernel | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. | 2022-10-21 | 7 | CVE-2022-3635 N/A N/A |
litespeedtech -- openlitespeed | Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. | 2022-10-27 | 8.8 | CVE-2022-0073 MISC MISC |
litespeedtech -- openlitespeed | Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. | 2022-10-27 | 8.8 | CVE-2022-0074 MISC |
metabase -- metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries. | 2022-10-26 | 8.8 | CVE-2022-39361 CONFIRM |
metabase -- metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want. | 2022-10-26 | 8.8 | CVE-2022-39362 MISC CONFIRM |
microsoft -- azure_command-line_interface | Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability. | 2022-10-25 | 9.8 | CVE-2022-39327 CONFIRM MISC MISC |
mitel -- micollab | A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. | 2022-10-25 | 8.8 | CVE-2022-36451 MISC MISC |
mitel -- micollab | A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. | 2022-10-25 | 8.8 | CVE-2022-36453 MISC MISC |
octopus -- octopus_server | In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | 2022-10-27 | 9.1 | CVE-2022-2782 MISC |
online_medicine_ordering_system_project -- online_medicine_ordering_system | A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. | 2022-10-27 | 9.8 | CVE-2022-3714 MISC |
online_pet_shop_we_app_project -- online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | 2022-10-27 | 7.2 | CVE-2022-39977 MISC |
online_pet_shop_we_app_project -- online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | 2022-10-27 | 7.2 | CVE-2022-39978 MISC |
open-xchange -- ox_app_suite | documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | 2022-10-25 | 9.8 | CVE-2022-29851 MISC |
openfga -- openfga | OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue. | 2022-10-25 | 9.8 | CVE-2022-39341 CONFIRM MISC MISC |
openfga -- openfga | OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other than a direct relationship (e.g. ‘as self’) are vulnerable. Version 0.2.4 contains a patch for this issue. | 2022-10-25 | 9.8 | CVE-2022-39342 CONFIRM MISC MISC |
opensuse -- factory | A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. | 2022-10-26 | 7.8 | CVE-2022-31256 CONFIRM |
oxilab -- accordions | Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | 2022-10-21 | 7.2 | CVE-2022-38104 CONFIRM CONFIRM |
parseplatform -- parse-server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds. | 2022-10-24 | 7.5 | CVE-2022-39313 CONFIRM |
pikepdf_project -- pikepdf | pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing. | 2022-10-24 | 9.8 | CVE-2021-46849 MISC MISC |
redis -- redis | A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. | 2022-10-21 | 7.5 | CVE-2022-3647 N/A N/A |
robustel -- r1510_firmware | An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-32765 MISC |
robustel -- r1510_firmware | An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-33150 MISC |
robustel -- r1510_firmware | A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 9.1 | CVE-2022-33897 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35261 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_xml_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35262 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35263 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_aaa_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35264 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_nodejs_app/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35265 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_firmware/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35266 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35267 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35268 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35269 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35270 MISC |
robustel -- r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35271 MISC |
robustel -- r1510_firmware | An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 7.2 | CVE-2022-34850 MISC |
sanitization_management_system_project -- sanitization_management_system | A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. | 2022-10-26 | 9.8 | CVE-2022-3674 N/A |
school_activity_updates_with_sms_notification_project -- school_activity_updates_with_sms_notification | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. | 2022-10-27 | 9.8 | CVE-2022-39976 MISC |
sem-cms -- semcms | SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | 2022-10-28 | 9.8 | CVE-2021-38217 MISC |
sem-cms -- semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. | 2022-10-28 | 9.8 | CVE-2021-38729 MISC MISC |
sem-cms -- semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. | 2022-10-28 | 9.8 | CVE-2021-38730 MISC MISC |
sem-cms -- semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. | 2022-10-28 | 9.8 | CVE-2021-38731 MISC MISC |
sem-cms -- semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. | 2022-10-28 | 9.8 | CVE-2021-38732 MISC MISC |
sem-cms -- semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. | 2022-10-28 | 9.8 | CVE-2021-38733 MISC MISC |
sem-cms -- semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. | 2022-10-28 | 9.8 | CVE-2021-38734 MISC MISC |
sem-cms -- semcms | SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. | 2022-10-28 | 9.8 | CVE-2021-38736 MISC MISC |
sem-cms -- semcms | SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. | 2022-10-28 | 9.8 | CVE-2021-38737 MISC MISC |
shescape_project -- shescape | The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. | 2022-10-27 | 7.5 | CVE-2022-25918 MISC MISC MISC MISC |
siemens -- siveillance_video_mobile_server | A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | 2022-10-21 | 9.8 | CVE-2022-43400 MISC |
simple_cold_storage_management_system_project -- simple_cold_storage_managment_system | Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. | 2022-10-28 | 7.2 | CVE-2022-43229 MISC |
simple_cold_storage_management_system_project -- simple_cold_storage_managment_system | Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. | 2022-10-28 | 7.2 | CVE-2022-43230 MISC |
socket -- socket.io-parser | Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | 2022-10-26 | 9.8 | CVE-2022-2421 CONFIRM CONFIRM |
soflyy -- wp_all_export | The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well. | 2022-10-25 | 8.8 | CVE-2022-3395 CONFIRM |
soflyy -- wp_all_export | The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. | 2022-10-25 | 7.2 | CVE-2022-3394 CONFIRM |
softmotions -- iowow | IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch. | 2022-10-21 | 7.5 | CVE-2022-23462 CONFIRM MISC |
sony -- content_transfer | Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2022-10-24 | 7.8 | CVE-2022-41796 MISC MISC |
st -- stm32_mw_usb_host | A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. | 2022-10-21 | 9.8 | CVE-2021-42553 CONFIRM |
synology -- diskstation_manager | Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | 2022-10-25 | 9.1 | CVE-2022-27623 CONFIRM |
synology -- presto_file_server | Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | 2022-10-26 | 8.8 | CVE-2022-43749 CONFIRM |
synology -- presto_file_server | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. | 2022-10-26 | 7.5 | CVE-2022-43748 CONFIRM |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. | 2022-10-27 | 7.5 | CVE-2022-40874 MISC |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. | 2022-10-27 | 7.5 | CVE-2022-40875 MISC |
uatech -- badaso | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 2022-10-25 | 9.8 | CVE-2022-41711 MISC MISC |
vestacp -- control_panel | myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint. | 2022-10-24 | 7.2 | CVE-2021-46850 MISC MISC MISC MISC MISC |
vim -- vim | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | 2022-10-26 | 7.5 | CVE-2022-3705 MISC MISC |
webmin -- usermin | Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | 2022-10-25 | 8.8 | CVE-2022-35132 MISC MISC |
wintercms -- winter | Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts. | 2022-10-26 | 9.8 | CVE-2022-39357 MISC MISC MISC CONFIRM MISC |
yokogawa -- wtviewerefree | Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. | 2022-10-24 | 9.8 | CVE-2022-40984 MISC MISC |
yordam -- library_automation_system | Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | 2022-10-27 | 7.5 | CVE-2021-45475 CONFIRM |
zalando -- skipper | Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | 2022-10-25 | 9.8 | CVE-2022-38580 MISC MISC MISC MISC |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adenion -- blog2social | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks | 2022-10-25 | 6.5 | CVE-2022-3247 CONFIRM |
adminpad_project -- adminpad | The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack | 2022-10-25 | 6.5 | CVE-2022-2762 MISC |
advantech -- r-seenet | Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. | 2022-10-27 | 5.3 | CVE-2022-3387 MISC |
algosec -- fireflow | AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user. | 2022-10-25 | 5.4 | CVE-2022-36783 MISC |
alivecor -- kardia | CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. | 2022-10-26 | 6.1 | CVE-2022-40703 MISC |
apache -- geode | Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. | 2022-10-25 | 5.4 | CVE-2022-34870 MISC MLIST |
axiosys -- bento4 | A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003. | 2022-10-26 | 5.5 | CVE-2022-3663 MISC MISC MISC |
axiosys -- bento4 | A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008. | 2022-10-26 | 5.5 | CVE-2022-3668 MISC MISC MISC |
axiosys -- bento4 | A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. | 2022-10-26 | 5.5 | CVE-2022-3669 MISC MISC MISC |
bookstackapp -- bookstack | Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. | 2022-10-24 | 5.4 | CVE-2022-40690 MISC MISC MISC |
bricksbuilder -- bricks | The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. | 2022-10-28 | 6.5 | CVE-2022-3400 MISC MISC |
broadcom -- fabric_operating_system | Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | 2022-10-25 | 6.5 | CVE-2022-28170 MISC |
broadcom -- fabric_operating_system | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | 2022-10-25 | 5.5 | CVE-2022-33180 MISC |
broadcom -- fabric_operating_system | An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | 2022-10-25 | 5.5 | CVE-2022-33181 MISC |
cisco -- identity_services_engine | A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2022-10-26 | 5.4 | CVE-2022-20959 CISCO |
dell -- emc_isilon_onefs | The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. | 2022-10-21 | 4.3 | CVE-2020-5355 CONFIRM |
dell -- emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. | 2022-10-21 | 6.7 | CVE-2022-34437 CONFIRM |
dell -- emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. | 2022-10-21 | 6.7 | CVE-2022-34438 CONFIRM |
dell -- emc_powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. | 2022-10-21 | 4.4 | CVE-2022-31239 CONFIRM |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | 2022-10-27 | 5.4 | CVE-2022-40965 MISC |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | 2022-10-27 | 5.4 | CVE-2022-41555 MISC |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | 2022-10-27 | 5.4 | CVE-2022-41651 MISC |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | 2022-10-27 | 5.4 | CVE-2022-41701 MISC |
deltaww -- diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | 2022-10-27 | 5.4 | CVE-2022-41702 MISC |
eclipse -- openj9 | In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. | 2022-10-24 | 6.5 | CVE-2022-3676 CONFIRM CONFIRM CONFIRM |
employee_record_management_system_project -- employee_record_management_system | Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | 2022-10-28 | 5.4 | CVE-2021-37781 MISC MISC |
esri -- arcgis_server | There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | 2022-10-25 | 6.1 | CVE-2022-38195 CONFIRM |
esri -- arcgis_server | There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | 2022-10-25 | 6.1 | CVE-2022-38198 CONFIRM |
esri -- arcgis_server | A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet. | 2022-10-25 | 6.1 | CVE-2022-38199 CONFIRM |
exiv2 -- exiv2 | A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability. | 2022-10-27 | 6.5 | CVE-2022-3718 MISC MISC MISC |
expresstech -- quiz_and_survey_master | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 2022-10-28 | 5.4 | CVE-2021-36863 CONFIRM CONFIRM |
fluxcd -- source-controller | Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation. | 2022-10-22 | 4.3 | CVE-2022-39272 CONFIRM MISC |
free5gc -- free5gc | In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. | 2022-10-24 | 5.5 | CVE-2022-43677 MISC |
genivi -- diagnostic_log_and_trace | An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. | 2022-10-25 | 5.5 | CVE-2022-39836 MISC MISC |
genivi -- diagnostic_log_and_trace | An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, | 2022-10-25 | 5.5 | CVE-2022-39837 MISC MISC |
getkirby -- kirby | Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. | 2022-10-25 | 5.3 | CVE-2022-39315 CONFIRM MISC MISC MISC MISC |
gitlab -- gitlab | An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | 2022-10-28 | 4.9 | CVE-2022-3018 MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | 2022-10-28 | 4.3 | CVE-2022-2882 MISC MISC CONFIRM |
goabode -- iota_all-in-one_security_kit_firmware | A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 6.5 | CVE-2022-32574 MISC |
google -- bazel | A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3. | 2022-10-26 | 4.3 | CVE-2022-3474 CONFIRM |
hospital_management_system_project -- hospital_management_system | Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | 2022-10-28 | 5.4 | CVE-2021-35388 MISC MISC |
ipfire -- ipfire | Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script. | 2022-10-24 | 4.8 | CVE-2022-36368 MISC MISC MISC MISC |
jadx_project -- jadx | jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds. | 2022-10-21 | 5.5 | CVE-2022-39259 CONFIRM |
joomla -- joomla\! | An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | 2022-10-25 | 6.1 | CVE-2022-27913 MISC |
joomla -- joomla\! | An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | 2022-10-25 | 5.3 | CVE-2022-27912 MISC |
juiker -- juiker | Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it. | 2022-10-24 | 6.1 | CVE-2022-38117 MISC |
lannerinc -- iac-ast2500a_firmware | A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 5.3 | CVE-2021-26732 MISC MISC |
lannerinc -- iac-ast2500a_firmware | A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 5.3 | CVE-2021-44776 MISC MISC |
lannerinc -- iac-ast2500a_firmware | Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 5.3 | CVE-2021-45925 MISC MISC |
laubrotel -- lbstopattack | The LBStopAttack WordPress plugin through 1.1.2 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. | 2022-10-25 | 6.5 | CVE-2022-3097 MISC |
lemon8_project -- lemon8 | Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | 2022-10-24 | 6.5 | CVE-2022-41797 MISC MISC MISC |
linux -- linux_kernel | A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). | 2022-10-25 | 5.5 | CVE-2022-3344 MISC MISC |
linux -- linux_kernel | A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931. | 2022-10-21 | 5.5 | CVE-2022-3630 N/A N/A |
linux -- linux_kernel | A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959. | 2022-10-21 | 5.5 | CVE-2022-3642 MISC MISC |
linux -- linux_kernel | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. | 2022-10-21 | 5.3 | CVE-2022-3646 N/A N/A |
litespeedtech -- openlitespeed | Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | 2022-10-27 | 5.8 | CVE-2022-0072 MISC MISC |
metabase -- metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6. | 2022-10-26 | 6.5 | CVE-2022-39358 CONFIRM |
metabase -- metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default). | 2022-10-26 | 6.5 | CVE-2022-39359 CONFIRM MISC |
metabase -- metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login. | 2022-10-26 | 6.5 | CVE-2022-39360 MISC CONFIRM |
metabase -- metabase | The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. | 2022-10-26 | 6.5 | CVE-2022-43776 MISC |
mitel -- micollab | A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. | 2022-10-25 | 6.5 | CVE-2022-36454 MISC MISC |
octopus -- octopus_server | In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | 2022-10-27 | 5.3 | CVE-2022-2508 MISC |
online_medicine_ordering_system_project -- online_medicine_ordering_system | A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | 2022-10-27 | 5.4 | CVE-2022-3716 MISC |
open-xchange -- ox_app_suite | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | 2022-10-25 | 6.1 | CVE-2022-31468 MISC |
openfga -- openfga | OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. | 2022-10-25 | 5.3 | CVE-2022-39340 CONFIRM MISC MISC |
owasp -- dependency-track | Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage. | 2022-10-25 | 4.4 | CVE-2022-39351 MISC CONFIRM MISC |
owasp -- dependency-track_frontend | @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown's output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability's page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1. | 2022-10-25 | 5.4 | CVE-2022-39350 CONFIRM MISC MISC |
paessler -- prtg_network_monitor | PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability. | 2022-10-25 | 5.3 | CVE-2022-35739 MISC MISC |
password_storage_application_project -- password_storage_application | Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. | 2022-10-27 | 5.4 | CVE-2022-42993 MISC MISC MISC |
pulpproject -- pulp_ansible | The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 2022-10-25 | 5.5 | CVE-2022-3644 MISC |
retain -- retain_live_chat | The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-25 | 4.8 | CVE-2022-3391 CONFIRM |
rubyonrails -- rails | A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. | 2022-10-26 | 5.4 | CVE-2022-3704 MISC MISC MISC |
rukovoditel -- rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". | 2022-10-28 | 5.4 | CVE-2022-43164 MISC |
rukovoditel -- rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". | 2022-10-28 | 5.4 | CVE-2022-43165 MISC |
rukovoditel -- rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | 2022-10-28 | 5.4 | CVE-2022-43166 MISC |
sanitization_management_system_project -- sanitization_management_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015. | 2022-10-26 | 6.1 | CVE-2022-3672 N/A |
sanitization_management_system_project -- sanitization_management_system | A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016. | 2022-10-26 | 6.1 | CVE-2022-3673 N/A |
sem-cms -- semcms | SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. | 2022-10-28 | 6.1 | CVE-2021-38728 MISC MISC |
simple_online_public_access_catalog_project -- simple_online_public_access_catalog | A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field. | 2022-10-27 | 5.4 | CVE-2022-42991 MISC MISC MISC |
softr -- softr | Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2022-10-27 | 6.1 | CVE-2022-32407 MISC MISC |
synology -- diskstation_manager | Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | 2022-10-25 | 4.3 | CVE-2022-27622 CONFIRM |
tasks -- tasks | The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds. | 2022-10-25 | 5.5 | CVE-2022-39349 CONFIRM MISC |
tech-banker -- contact_bank | The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-25 | 4.8 | CVE-2022-3350 MISC |
tenable -- nessus | An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance. | 2022-10-25 | 6.5 | CVE-2022-33757 MISC |
themepoints -- testimonials | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. | 2022-10-28 | 4.8 | CVE-2021-36858 CONFIRM CONFIRM |
train_scheduler_app_project -- train_scheduler_app | Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. | 2022-10-27 | 5.4 | CVE-2022-42992 MISC MISC MISC |
twistedmatrix -- twisted | Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. | 2022-10-26 | 5.4 | CVE-2022-39348 MISC CONFIRM MISC |
weseek -- growi | Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users. | 2022-10-24 | 6.5 | CVE-2022-41799 MISC MISC |
wp_humans.txt_project -- wp_humans.txt | The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-25 | 4.8 | CVE-2022-3392 CONFIRM |
yordam -- library_automation_system | Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. | 2022-10-27 | 6.1 | CVE-2021-45476 CONFIRM |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
getkirby -- kirby | Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms. | 2022-10-24 | 3.7 | CVE-2022-39314 CONFIRM |
linux -- linux_kernel | A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928. | 2022-10-21 | 3.3 | CVE-2022-3624 N/A N/A |
linux -- linux_kernel | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. | 2022-10-21 | 3.3 | CVE-2022-3629 N/A N/A |
linux -- linux_kernel | A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. | 2022-10-21 | 3.3 | CVE-2022-3633 MISC MISC |
robustel -- r1510_firmware | A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 2.7 | CVE-2022-34845 MISC |
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alivecor -- kardiamobile | The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves. | 2022-10-27 | not yet calculated | CVE-2022-41627 MISC |
ansible -- ansible |
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. | 2022-10-28 | not yet calculated | CVE-2022-3697 MISC |
apache -- dolphinscheduler | Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | 2022-10-28 | not yet calculated | CVE-2022-26884 MISC MLIST |
aruba -- edgeconnect_enterprise_orchestrator | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | 2022-10-28 | not yet calculated | CVE-2022-37913 MISC |
aruba -- edgeconnect_enterprise_orchestrator | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | 2022-10-28 | not yet calculated | CVE-2022-37914 MISC |
aruba -- edgeconnect_enterprise_orchestrator | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. | 2022-10-28 | not yet calculated | CVE-2022-37915 MISC |
bosch -- videojet_multi_4000 | An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | 2022-10-27 | not yet calculated | CVE-2022-40183 CONFIRM |
bosch -- videojet_multi_4000 | Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. | 2022-10-27 | not yet calculated | CVE-2022-40184 CONFIRM |
chatwoot -- chatwoot |
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | 2022-10-28 | not yet calculated | CVE-2022-3741 CONFIRM MISC |
cisco -- anyconnect | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability. | 2022-10-26 | not yet calculated | CVE-2022-20933 CISCO |
cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability. | 2022-10-26 | not yet calculated | CVE-2022-20822 CISCO |
cisco -- telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20776 CISCO |
cisco -- telepresence_and_roomos |
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20811 CISCO |
cisco -- telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20953 CISCO |
cisco -- telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20954 CISCO |
cisco -- telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20955 CISCO |
cloudflare -- octorpki |
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. | 2022-10-28 | not yet calculated | CVE-2022-3616 MISC |
cloudflare -- warp_client |
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint. | 2022-10-28 | not yet calculated | CVE-2022-3512 MISC |
cloudflare -- warp_mobile_client | It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | 2022-10-28 | not yet calculated | CVE-2022-3337 MISC |
cloudflare -- zero_trust_platform | It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. | 2022-10-28 | not yet calculated | CVE-2022-3320 MISC |
cloudflare -- zero_trust_platform |
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. | 2022-10-28 | not yet calculated | CVE-2022-3321 MISC |
cloudflare -- zero_trust_platform |
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. | 2022-10-28 | not yet calculated | CVE-2022-3322 MISC |
curl -- curl | curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. | 2022-10-29 | not yet calculated | CVE-2022-42915 MISC FEDORA |
curl -- curl | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. | 2022-10-29 | not yet calculated | CVE-2022-42916 MISC FEDORA |
datahub -- datahub | DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. | 2022-10-28 | not yet calculated | CVE-2022-39366 MISC MISC MISC CONFIRM MISC |
dzzoffice -- dzzoffice | A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | 2022-10-27 | not yet calculated | CVE-2022-43340 MISC MISC MISC |
eaton -- foreseer_epms |
A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | 2022-10-28 | not yet calculated | CVE-2022-33859 MISC |
esri -- arcgis_server | Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | 2022-10-25 | not yet calculated | CVE-2022-38196 CONFIRM |
esri -- arcgis_server | Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | 2022-10-25 | not yet calculated | CVE-2022-38197 CONFIRM |
esri -- arcgis_server | A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser. | 2022-10-25 | not yet calculated | CVE-2022-38200 CONFIRM |
exiv2 -- exiv2 | A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. | 2022-10-29 | not yet calculated | CVE-2022-3755 MISC MISC MISC |
exiv2 -- exiv2 | A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. | 2022-10-29 | not yet calculated | CVE-2022-3756 MISC MISC |
exiv2 -- exiv2 | A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. | 2022-10-29 | not yet calculated | CVE-2022-3757 MISC MISC MISC |
forgerock -- access_management | It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. | 2022-10-27 | not yet calculated | CVE-2022-24669 MISC MISC |
forgerock -- access_management | An attacker can use the unrestricted LDAP queries to determine configuration entries | 2022-10-27 | not yet calculated | CVE-2022-24670 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO | 2022-10-28 | not yet calculated | CVE-2022-2826 CONFIRM MISC MISC |
gl-inet -- multiple_products | gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | 2022-10-27 | not yet calculated | CVE-2022-31898 MISC |
gl.inet_goodcloud_iot_device_management_system -- gl.inet_goodcloud_iot_device_management_system | Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | 2022-10-27 | not yet calculated | CVE-2022-42054 MISC |
gl.inet_goodcloud_iot_device_management_system -- gl.inet_goodcloud_iot_device_management_system | Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | 2022-10-27 | not yet calculated | CVE-2022-42055 MISC |
google -- multiple_products |
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue. | 2022-10-27 | not yet calculated | CVE-2022-3095 CONFIRM |
haas -- haas_cnc_controller | Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. | 2022-10-28 | not yet calculated | CVE-2022-41636 MISC |
haas_automation_inc -- haas_controller | Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. | 2022-10-28 | not yet calculated | CVE-2022-2474 MISC |
haas_automation_inc -- haas_controller | Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | 2022-10-28 | not yet calculated | CVE-2022-2475 MISC |
heidenhain -- controller_tnc_640 | The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. | 2022-10-28 | not yet calculated | CVE-2022-41648 MISC |
honeywell -- experion_pks |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 2022-10-28 | not yet calculated | CVE-2021-38395 CONFIRM CONFIRM |
honeywell -- experion_pks |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 2022-10-28 | not yet calculated | CVE-2021-38397 CONFIRM CONFIRM |
honeywell -- experion_pks |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | 2022-10-28 | not yet calculated | CVE-2021-38399 CONFIRM CONFIRM |
horner_automation -- cscape |
Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write. | 2022-10-27 | not yet calculated | CVE-2022-3378 MISC |
horner_automation -- cscape | Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer. | 2022-10-27 | not yet calculated | CVE-2022-3379 MISC |
host_engineering -- h0-ecom100 |
Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. | 2022-10-28 | not yet calculated | CVE-2022-3228 MISC |
iku-soft -- rdiffweb |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. | 2022-10-26 | not yet calculated | CVE-2022-3363 CONFIRM MISC |
ip-com_ew9 -- ip-com_ew9 | An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. | 2022-10-27 | not yet calculated | CVE-2022-43364 MISC |
ip-com_ew9 -- ip-com_ew9 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-10-27 | not yet calculated | CVE-2022-43365 MISC |
ip-com_ew9 -- ip-com_ew9 | IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. | 2022-10-27 | not yet calculated | CVE-2022-43366 MISC |
ip-com_ew9 -- ip-com_ew9 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. | 2022-10-27 | not yet calculated | CVE-2022-43367 MISC |
johnson_controls -- cevas | All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | 2022-10-28 | not yet calculated | CVE-2021-36206 CERT CONFIRM |
mitel -- micollab | A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | 2022-10-25 | not yet calculated | CVE-2022-36452 MISC MISC |
multipath-tools -- multipath-tools | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. | 2022-10-29 | not yet calculated | CVE-2022-41973 MISC MISC MISC FULLDISC |
multipath-tools -- multipath-tools | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | 2022-10-29 | not yet calculated | CVE-2022-41974 MISC MISC MISC FULLDISC |
multiple_products -- multiple_products | In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | 2022-10-27 | not yet calculated | CVE-2022-40876 MISC MISC |
nextcloud -- server | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | 2022-10-27 | not yet calculated | CVE-2022-39329 MISC CONFIRM MISC |
nextcloud -- server | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app. | 2022-10-27 | not yet calculated | CVE-2022-39330 MISC CONFIRM MISC |
nextcloud -- server | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. | 2022-10-27 | not yet calculated | CVE-2022-39364 MISC CONFIRM MISC MISC |
nginx_njs -- nginx_njs | Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. | 2022-10-28 | not yet calculated | CVE-2022-43284 MISC MISC |
nginx_njs -- nginx_njs | Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. | 2022-10-28 | not yet calculated | CVE-2022-43285 MISC |
nginx_njs -- nginx_njs | Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. | 2022-10-28 | not yet calculated | CVE-2022-43286 MISC MISC |
openbmc -- bmcweb | A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. | 2022-10-27 | not yet calculated | CVE-2022-2809 CONFIRM |
openbmc -- openbmc |
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. | 2022-10-27 | not yet calculated | CVE-2022-3409 CONFIRM |
opennebula -- opennebula |
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | 2022-10-28 | not yet calculated | CVE-2022-37424 MISC |
opennebula -- opennebula |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | 2022-10-28 | not yet calculated | CVE-2022-37425 MISC |
opennebula -- opennebula |
Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | 2022-10-28 | not yet calculated | CVE-2022-37426 MISC |
packet_storm -- hashicorp_boundary | Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | 2022-10-27 | not yet calculated | CVE-2022-36182 MISC MISC |
phpmyfaq -- phpmyfaq |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 2022-10-29 | not yet calculated | CVE-2022-3754 |