電腦維修

電腦維修保養計劃

電腦維修服務收費

清除電腦病毒

網絡工程

網路監控

免費軟件

電腦病毒及入侵警告

聯絡電腦維修中心

電腦維修中心

電腦維修中心每天都會更新以下電腦病毒及入侵警告, 希望大家可以及早留意; 以免因病毒感染而引致資料遺失或硬件損壞!

 

Vulnerability Summary for the Week of September 18, 2006
Posted on Tuesday September 26, 2006

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
AEwebworks -- aeDating Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
unknown
2006-09-19
7.0 CVE-2006-4870
OTHER-REF
BID
FRSIRT
SECUNIA
XF
All Enthusiast Inc -- ReviewPost PHP Pro PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.
unknown
2006-09-19
7.0 CVE-2006-4864
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
AlstraSoft -- E-Friends Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
unknown
2006-09-20
7.0 CVE-2006-4913
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
unknown
2006-09-21
7.0 CVE-2006-3507
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
unknown
2006-09-21
7.0 CVE-2006-3508
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
unknown
2006-09-21
7.0 CVE-2006-3509
APPLE
BID
FRSIRT
SECUNIA
Artmedic Webdesign -- Artmedic Links PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.
unknown
2006-09-20
7.0 CVE-2006-4905
BUGTRAQ
OTHER-REF
SECTRACK
XF
ASP Indir -- Tekman Portal SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.
unknown
2006-09-20
7.0 CVE-2006-4916
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Blojsom -- Blojsom Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.
unknown
2006-09-15
7.0 CVE-2006-4829
BUGTRAQ
CERT-VN
BID
FRSIRT
SECUNIA
XF
Blojsom -- Blojsom Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
unknown
2006-09-15
7.0 CVE-2006-4830
OTHER-REF
BolinOS -- BolinOS PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-18
7.0 CVE-2006-4851
FRSIRT
XF
Cisco -- Intrusion Prevention System Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
unknown
2006-09-20
7.0 CVE-2006-4911
CISCO
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Codeworx Technologies -- DCP-Portal Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
unknown
2006-09-15
7.0 CVE-2006-4837
BUGTRAQ
BID
EasyPageCMS -- EasyPageCMS SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page.
unknown
2006-09-19
7.0 CVE-2006-4862
BUGTRAQ
guanxiCRM -- guanxiCRM Business Solution PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
unknown
2006-09-19
7.0 CVE-2006-4898
OTHER-REF
BID
XF
Haberx -- Haberx SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp.
unknown
2006-09-18
7.0 CVE-2006-4853
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Hitweb -- Hitweb Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php.
unknown
2006-09-18
7.0 CVE-2006-4848
BUGTRAQ
BID
iDevSpot -- NixieAffiliate IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.
unknown
2006-09-19
7.0 CVE-2006-4895
BUGTRAQ
BID
Iodine -- Iodine Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
unknown
2006-09-15
7.0 CVE-2006-4831
OTHER-REF
BID
FRSIRT
SECUNIA
Marc Cagninacci -- mcLinksCounter ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file.
unknown
2006-09-19
7.0 CVE-2006-4863
BUGTRAQ
BUGTRAQ
MobilePublisherPHP -- MobilePublisherPHP PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
unknown
2006-09-18
7.0 CVE-2006-4849
Milw0rm
SECUNIA
BID
FRSIRT
XF
Mohammed Mehdi Panjwani -- Complain Center SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.
unknown
2006-09-19
7.0 CVE-2006-4861
BUGTRAQ
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
unknown
2006-09-15
7.0 CVE-2006-4565
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
unknown
2006-09-15
7.0 CVE-2006-4568
OTHER-REF
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
XF
SGI
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
unknown
2006-09-15
7.0 CVE-2006-4571
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SGI
UBUNTU
SECUNIA
PhotoPost -- PHP Pro PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.
unknown
2006-09-15
7.0 CVE-2006-4828
BUGTRAQ
BID
XF
PHP DocWriter -- PHP DocWriter PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
unknown
2006-09-20
7.0 CVE-2006-4912
OTHER-REF
BID
FRSIRT
XF
phpBB XS -- phpBB XS PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
unknown
2006-09-19
7.0 CVE-2006-4893
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
phpQuiz -- phpQuiz PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.
unknown
2006-09-15
7.0 CVE-2006-4834
BUGTRAQ
OTHER-REF
BID
FRSIRT
XF
phpunity.postcard -- phpunity-postcard PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.
unknown
2006-09-19
7.0 CVE-2006-4869
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
Qualiteam -- X-Cart Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
unknown
2006-09-20
7.0 CVE-2006-4904
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Quicksilver Forums -- Quicksilver Forums PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
unknown
2006-09-15
7.0 CVE-2006-4824
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Reamday Enterprises -- Magic News Pro PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.
unknown
2006-09-15
7.0 CVE-2006-4823
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
XF
Shadowed Portal -- Shadowed Portal PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2006-09-15
7.0 CVE-2006-4826
Milw0rm
BID
XF
OSVDB
SECUNIA
Shadowed Portal -- Shadowed Portal PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.
unknown
2006-09-19
7.0 CVE-2006-4885
SECUNIA
Simple Discussion Board -- Simple Discussion Board Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.
unknown
2006-09-20
7.0 CVE-2006-4918
OTHER-REF
BID
XF
Site@School -- Site@School Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
unknown
2006-09-20
7.0 CVE-2006-4920
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
OSVDB
Site@School -- Site@School PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.
unknown
2006-09-20
7.0 CVE-2006-4921
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
Techno Dreams -- Articles & Papers Package SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-09-19
7.0 CVE-2006-4891
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
FRSIRT
Techno Dreams -- FAQ Manager Package SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-09-19
7.0 CVE-2006-4892
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
FRSIRT
Unak -- Unak CMS Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.
unknown
2006-09-19
7.0 CVE-2006-4890
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Verso NetPerformer -- Frame Relay Access Device ACT Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
unknown
2006-09-15
8.0 CVE-2006-4832
BUGTRAQ
FULLDISC
BID
FRSIRT
SECUNIA
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
unknown
2006-09-19
4.9 CVE-2006-4866
FULLDISC
OTHER-REF
BID
Apple -- Remote Desktop Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation.
unknown
2006-09-19
4.9 CVE-2006-4887
BUGTRAQ
BID
XF
BolinOS -- BlinOS PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.
unknown
2006-09-18
5.6 CVE-2006-4850
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Cisco -- Cisco Guard DDos Mitigation Appliance Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.
unknown
2006-09-20
4.7 CVE-2006-4909
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Citrix -- Access Gateway AAC Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.
unknown
2006-09-18
5.6 CVE-2006-4846
CITRIX
CITRIX
BID
FRSIRT
SECTRACK
SECUNIA
XF
Claroline -- Claroline
Dokeos -- Open Source Learning & Knowledge Management Tool
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
unknown
2006-09-18
5.6 CVE-2006-4844
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
OTHER-REF
FRSIRT
SECUNIA
ClickTech -- ClickBlog SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.
unknown
2006-09-19
4.7 CVE-2006-4857
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Codeworx Technologies -- DCP-Portal SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
unknown
2006-09-15
5.6 CVE-2006-4836
BUGTRAQ
BID
David Bennett -- PHP-Post SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
unknown
2006-09-19
4.7 CVE-2006-4879
BUGTRAQ
BID
David Bennett -- PHP-Post Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php.
unknown
2006-09-19
4.7 CVE-2006-4881
BUGTRAQ
BID
Doctor Web Ltd -- Dr.WebScanner Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
unknown
2006-09-20
4.7 CVE-2006-4438
FULLDISC
FRSIRT
SECUNIA
George Lewe -- TeamCal Pro PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.
unknown
2006-09-18
5.6 CVE-2006-4845
OTHER-REF
BID
BID
FRSIRT
SECUNIA
XF
Gnu -- Mailman ** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."
unknown
2006-09-19
4.7 CVE-2006-2191
MLIST
MLIST
GNUTurk -- GNUTurk SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum."
unknown
2006-09-19
4.7 CVE-2006-4867
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
gzip -- gzip Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
unknown
2006-09-19
4.7 CVE-2006-4335
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
FRSIRT
SECUNIA
SECUNIA
XF
gzip -- gzip Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
unknown
2006-09-19
4.7 CVE-2006-4336
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
FRSIRT
SECUNIA
SECUNIA
XF
gzip -- gzip Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
unknown
2006-09-19
4.7 CVE-2006-4337
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
FRSIRT
SECUNIA
SECUNIA
IDevSpot -- BizDirectory Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.
unknown
2006-09-19
4.7 CVE-2006-4883
BUGTRAQ
BID
XF
FRSIRT
SECTRACK
SECUNIA
IDevSpot -- iSupport Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-19
4.7 CVE-2006-4884
BID
Ipswitch -- WS_FTP Server Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
unknown
2006-09-18
4.2 CVE-2006-4847
IPSWITCH
FRSIRT
SECUNIA
XF
BID
OSVDB
Julian Roberts -- Charon Cart SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.
unknown
2006-09-19
4.7 CVE-2006-4882
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Jupiter CMS -- Jupiter CMS Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.
unknown
2006-09-19
4.7 CVE-2006-4874
BUGTRAQ
BID
Jupiter CMS -- Jupiter CMS Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.
unknown
2006-09-19
4.7 CVE-2006-4876
BUGTRAQ
BID
Keyvan Janghorbani -- EShoppingPro SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.
unknown
2006-09-19
4.7 CVE-2006-4871
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Keyvan Janghorbani -- ECardPro SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
unknown
2006-09-19
4.7 CVE-2006-4872
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Limbo CMS -- Limbo CMS Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors.
unknown
2006-09-19
4.9 CVE-2006-4860
OTHER-REF
OTHER-REF
MamboXChange -- Serverstat component PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-09-19
5.6 CVE-2006-4858
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Marc Logemann -- More.groupware SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
unknown
2006-09-20
4.7 CVE-2006-4906
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Microsoft -- Internet Explorer Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
unknown
2006-09-19
4.7 CVE-2006-4868
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
XF
OTHER-REF
SECTRACK
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OSVDB
Telekorn -- SignKorn Guestbook Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
unknown
2006-09-19
5.6 CVE-2006-4889
BUGTRAQ
OTHER-REF
BID
XF
Vmist -- Downstat Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.
unknown
2006-09-15
5.6 CVE-2006-4827
Milw0rm
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
A.l-Pifou -- A.l-Pifou Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
unknown
2006-09-20
1.9 CVE-2006-4914
FULLDISC
OSVDB
SECUNIA
BID
FRSIRT
Bluview -- Blue Magic Board Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
unknown
2006-09-15
2.3 CVE-2006-4835
BUGTRAQ
XF
Cisco -- Cisco IDS
Cisco -- Cisco IPS
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
unknown
2006-09-20
2.3 CVE-2006-4910
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
CMtextS -- CMtextS CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
unknown
2006-09-19
2.3 CVE-2006-4897
OTHER-REF
FRSIRT
SECUNIA
XF
Codeworx Technologies -- DCP-Portal Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
unknown
2006-09-15
2.3 CVE-2006-4838
BUGTRAQ
BID
David Bennett -- PHP-Post Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.
unknown
2006-09-19
2.3 CVE-2006-4877
BUGTRAQ
BID
David Bennett -- PHP-Post Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) sequence in the template parameter.
unknown
2006-09-19
2.3 CVE-2006-4878
BUGTRAQ
BID
David Bennett -- PHP-Post David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
unknown
2006-09-19
2.3 CVE-2006-4880
BUGTRAQ
BID
Drupal -- Drupal Userreview module Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-09-15
2.3 CVE-2006-4821
OTHER-REF
FRSIRT
SECUNIA
BID
XF
eMuSOFT -- emuCMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.
unknown
2006-09-15
2.3 CVE-2006-4822
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
eSyndiCat Portal System -- eSyndiCat Portal System Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.
unknown
2006-09-20
2.3 CVE-2006-4923
BUGTRAQ
BID
XF
FRSIRT
SECUNIA
gzip -- gzip Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
unknown
2006-09-19
2.3 CVE-2006-4334
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
SECUNIA
SECUNIA
XF
gzip -- gzip unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
unknown
2006-09-19
2.3 CVE-2006-4338
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
FRSIRT
OSVDB
SECUNIA
SECUNIA
HP -- HP-UX Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
unknown
2006-09-15
1.6 CVE-2006-4820
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF
iDevSpot -- NixieAffiliate Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
unknown
2006-09-19
2.3 CVE-2006-4894
BUGTRAQ
BID
Innovate Portal -- Innovate Portal Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
unknown
2006-09-20
2.3 CVE-2006-4915
BUGTRAQ
BID
XF
Jupiter CMS -- Jupiter CMS Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.
unknown
2006-09-19
2.3 CVE-2006-4873
BUGTRAQ
BID
Jupiter CMS -- Jupiter CMS Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.
unknown
2006-09-19
2.3 CVE-2006-4875
BUGTRAQ
BID
Limbo CMS -- Limbo CMS Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
unknown
2006-09-19
2.3 CVE-2006-4859
OTHER-REF
BID
Linux -- Linux kernel The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
unknown
2006-09-19
2.3 CVE-2006-4535
OTHER-REF
UBUNTU
BID
OTHER-REF
SECUNIA
XF
McAfee -- VirusScan Enterprise
McAfee -- McAfee Scan Engine
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
unknown
2006-09-19
3.9 CVE-2006-4886
BUGTRAQ
XF
Microsoft -- Internet Explorer Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
unknown
2006-09-19
2.3 CVE-2006-4888
BUGTRAQ
OTHER-REF
OSVDB
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.
unknown
2006-09-15
2.3 CVE-2006-4340
MLIST
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
FRSIRT
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SGI
UBUNTU
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
unknown
2006-09-15
2.3 CVE-2006-4566
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
unknown
2006-09-15
1.9 CVE-2006-4567
OTHER-REF
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
XF
UBUNTU
Mozilla -- Firefox The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
unknown
2006-09-15
2.3 CVE-2006-4569
OTHER-REF
SECUNIA
REDHAT
BID
SECTRACK
SECUNIA
XF
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
unknown
2006-09-15
1.9 CVE-2006-4570
OTHER-REF
REDHAT
REDHAT
BID
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Ohio State University -- server OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.
unknown
2006-09-20
2.3 CVE-2006-4907
BUGTRAQ
SECUNIA
XF
Ohio State University -- OSU httpd OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.
unknown
2006-09-20
2.3 CVE-2006-4908
BUGTRAQ
SECUNIA
XF
phpQuiz -- phpQuiz Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.
unknown
2006-09-19
2.3 CVE-2006-4865
BUGTRAQ
PT News -- PT News Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
unknown
2006-09-20
2.3 CVE-2006-4917
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
QuadComm -- Q-Shop SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
unknown
2006-09-18
2.3 CVE-2006-4852
BUGTRAQ
Milw0rm
BID
SECUNIA
XF
FRSIRT
OSVDB
Roller WebLogger -- Roller WebLogger Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.
unknown
2006-09-19
2.3 CVE-2006-4856
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
Site@School -- Site@School Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
unknown
2006-09-20
1.9 CVE-2006-4919
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Site@School -- Site@School Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.
unknown
2006-09-20
2.3 CVE-2006-4922
BUGTRAQ
OTHER-REF
BID
SoftComplex -- PHP Event Calendar Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.
unknown
2006-09-15
2.3 CVE-2006-4825
BUGTRAQ
BID
SECUNIA
XF
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly other versions of Norton Personal Firewall and Norton Internet Security, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
unknown
2006-09-19
2.3 CVE-2006-4855
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Usermin -- Usermin Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
unknown
2006-09-19
3.3 CVE-2006-4246
OTHER-REF
SOURCEFORGE
OTHER-REF
DEBIAN
BID
SECUNIA
SECUNIA
FRSIRT
XF
Verso NetPerformer -- Frame Relay Access Device ACT Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.
unknown
2006-09-15
3.3 CVE-2006-4833
BUGTRAQ
FULLDISC
BID
FRSIRT
SECUNIA
XF
Zope -- Zope The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
unknown
2006-09-19
2.3 CVE-2006-4684
MLIST
OTHER-REF
DEBIAN
FRSIRT
SECUNIA
SECUNIA

Back to top

Vulnerability Summary for the Week of June 25, 2012
Posted on Tuesday July 03, 2012


High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alexis_wilke -- protected_node The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. 2012-06-26 7.5 CVE-2012-2730
apache -- roller Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. 2012-06-26 9.3 CVE-2012-2380
david_hansson -- ruby_on_rails The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. 2012-06-22 7.5 CVE-2012-2695
google -- chrome Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. 2012-06-27 7.2 CVE-2012-2764
google -- chrome Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2012-06-27 10.0 CVE-2012-2807
google -- chrome Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors. 2012-06-27 7.8 CVE-2012-2816
google -- chrome Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections. 2012-06-27 7.5 CVE-2012-2817
google -- chrome Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature. 2012-06-27 7.5 CVE-2012-2818
google -- chrome The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors. 2012-06-27 7.5 CVE-2012-2821
google -- chrome Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources. 2012-06-27 7.5 CVE-2012-2823
google -- chrome Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. 2012-06-27 7.5 CVE-2012-2824
google -- chrome Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2012-06-27 7.5 CVE-2012-2827
google -- chrome Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. 2012-06-27 7.5 CVE-2012-2829
google -- chrome Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors. 2012-06-27 7.5 CVE-2012-2830
google -- chrome Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references. 2012-06-27 7.5 CVE-2012-2831
google -- chrome Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2012-06-27 7.5 CVE-2012-2833
google -- chrome Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format. 2012-06-27 9.3 CVE-2012-2834
ibm -- aix The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. 2012-06-27 7.2 CVE-2012-2200
pippin_williamson -- font_uploader Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. 2012-06-27 7.5 CVE-2012-3814
pro-face -- pro-server_ex Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode. 2012-06-25 10.0 CVE-2012-3797
ruby_on_rails -- ruby_on_rails The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695. 2012-06-22 7.5 CVE-2012-2661
sielcosistemi -- winlog_pro Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14 and earlier allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. 2012-06-27 7.5 CVE-2012-3815
strongswan -- strongswan The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." 2012-06-27 7.5 CVE-2012-2388
winradius -- winradius WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet. 2012-06-27 7.8 CVE-2012-3816

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adam_ross -- tokenauth The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. 2012-06-26 5.0 CVE-2012-2720
adcillc -- simplemeta Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. 2012-06-26 6.8 CVE-2012-2729
antoine_beaupre -- hostmaster The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. 2012-06-26 5.8 CVE-2012-2707
blaine_lang -- filedepot The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." 2012-06-26 5.1 CVE-2012-2719
blaine_lang -- maestro Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. 2012-06-26 5.1 CVE-2012-3799
bryce_hamrick -- janrain_capture Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. 2012-06-26 5.8 CVE-2012-2727
bryce_hamrick -- janrain_capture The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. 2012-06-26 5.0 CVE-2012-3798
david_hansson -- ruby_on_rails actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694. 2012-06-22 5.0 CVE-2012-2660
david_hansson -- ruby_on_rails actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660. 2012-06-22 4.3 CVE-2012-2694
google -- chrome Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. 2012-06-27 5.0 CVE-2012-2815
google -- chrome The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387. 2012-06-27 6.8 CVE-2012-2819
google -- chrome Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. 2012-06-27 5.0 CVE-2012-2820
google -- chrome The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. 2012-06-27 5.0 CVE-2012-2822
google -- chrome The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. 2012-06-27 5.0 CVE-2012-2825
google -- chrome Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. 2012-06-27 5.0 CVE-2012-2826
google -- chrome Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. 2012-06-27 6.8 CVE-2012-2828
google -- chrome The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. 2012-06-27 6.8 CVE-2012-2832
isaac_sukin -- browserid Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. 2012-06-26 6.8 CVE-2012-2713
jason_moore -- amadou Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. 2012-06-26 4.3 CVE-2012-2715
john_franklin -- advertisement The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. 2012-06-26 5.0 CVE-2012-3801
mariadb -- mariadb sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. 2012-06-26 5.1 CVE-2012-2122
mathew_winstone -- mobile_tools Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. 2012-06-27 4.3 CVE-2012-2717
mikel_olasagasti -- revelation Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. 2012-06-27 5.0 CVE-2012-2742
mikel_olasagasti -- revelation Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. 2012-06-27 5.0 CVE-2012-2743
moshe_weitzman -- organic_groups The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. 2012-06-26 6.8 CVE-2012-2721
nicholasthompson -- global_redirect Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. 2012-06-25 5.8 CVE-2010-2021
peter_pokrivcak -- post_affiliate_pro Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. 2012-06-26 4.3 CVE-2012-2706
peter_pokrivcak -- post_affiliate_pro Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. 2012-06-27 4.0 CVE-2012-3802
pro-face -- pro-server_ex Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt. 2012-06-25 5.0 CVE-2012-3792
pro-face -- pro-server_ex Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow. 2012-06-25 5.0 CVE-2012-3793
pro-face -- pro-server_ex Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory. 2012-06-25 5.0 CVE-2012-3794
pro-face -- pro-server_ex Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field. 2012-06-25 5.0 CVE-2012-3795
pro-face -- pro-server_ex Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode. 2012-06-25 5.0 CVE-2012-3796
ronan_dowling -- node_hierarchy Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. 2012-06-26 6.8 CVE-2012-2728
scott_reynen -- node_embed The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. 2012-06-26 4.3 CVE-2012-2722
tony_freixas -- ubercart_product_keys The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. 2012-06-26 5.0 CVE-2012-2702
webatall -- web@all Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. 2012-06-27 4.3 CVE-2012-3231
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-06-27 4.3 CVE-2011-4956
wordpress -- wordpress The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls. 2012-06-27 5.0 CVE-2011-4957

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alberto_trujillo_gonzalez -- protest Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. 2012-06-26 2.1 CVE-2012-2726
antoine_beaupre -- hostmaster Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. 2012-06-26 2.1 CVE-2012-2708
apache -- roller Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. 2012-06-26 3.5 CVE-2012-2381
authoring_html -- 6.x-1.0 classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. 2012-06-26 3.5 CVE-2012-2725
blaine_lang -- maestro Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. 2012-06-26 2.6 CVE-2012-2723
christopher_mitchell -- smart_breadcrumb The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. 2012-06-26 2.1 CVE-2012-2705
john_albin -- zen Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. 2012-06-26 2.6 CVE-2012-2710
john_franklin -- advertisement Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." 2012-06-26 2.6 CVE-2012-2703
moshe_weitzman -- organic_groups Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. 2012-06-26 2.1 CVE-2012-3800
nancy_wichmann -- taxonomy_list Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. 2012-06-26 2.1 CVE-2012-2711
puppetlabs -- puppet telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). 2012-06-27 3.6 CVE-2012-1989
python -- python The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. 2012-06-27 2.6 CVE-2011-4940
richardo_ante -- ubercart_ajax_cart The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. 2012-06-26 2.6 CVE-2012-2731
shlomi_fish -- config-inifiles The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries. 2012-06-27 3.6 CVE-2012-2451
thomas_seidl -- search_api Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. 2012-06-26 2.6 CVE-2012-2712

Back to top

Vulnerability Summary for the Week of April 30, 2007
Posted on Tuesday May 08, 2007

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
Adobe -- Photoshop
Adobe -- Photoshop Elements
Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
unknown
2007-04-30
8.0 CVE-2007-2365
MILW0RM
BID
FRSIRT
SECUNIA
XF
AFFLIB -- AFFLIB Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
unknown
2007-04-30
10.0 CVE-2007-2053
BUGTRAQ
OTHER-REF
BID
XF
AFFLIB -- AFFLIB Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
unknown
2007-04-30
7.0 CVE-2007-2054
BUGTRAQ
OTHER-REF
XF
AFFLIB -- AFFLIB AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.
unknown
2007-04-30
7.0 CVE-2007-2055
BUGTRAQ
OTHER-REF
XF
AFFLIB -- AFFLIB Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.
unknown
2007-04-30
10.0 CVE-2007-2352
BUGTRAQ
OTHER-REF
Ahhp-Portal -- Ahhp-Portal Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-01
7.0 CVE-2007-2428
BID
Ariadne -- Ariadne CMS Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-02
7.0 CVE-2007-2433
SECUNIA
Aventail -- Aventail Connect Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query.
unknown
2007-05-02
10.0 CVE-2007-2434
FULLDISC
BID
XF
b2evolution -- b2evolution ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.
unknown
2007-04-30
7.0 CVE-2007-2358
BUGTRAQ
VIM
XF
Burak Yilmaz -- Burak Yilmaz Blog SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-01
7.0 CVE-2007-2420
BUGTRAQ
BID
XF
Burnstone -- BurnCMS Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/.
unknown
2007-04-30
7.0 CVE-2007-2364
MILW0RM
BID
FRSIRT
XF
Cerulean Studios -- Trillian Pro Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.
unknown
2007-05-02
7.0 CVE-2007-2418
OTHER-REF
Cerulean Studios -- Trillian Pro Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.
unknown
2007-05-02
7.0 CVE-2007-2478
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
XF
Cisco -- PIX
Cisco -- Adaptive Security Appliance
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.
unknown
2007-05-02
10.0 CVE-2007-2462
CISCO
CERT-VN
BID
CMS Made Simple -- CMS Made Simple SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
unknown
2007-05-02
7.0 CVE-2007-2473
OTHER-REF
OTHER-REF
BID
SECUNIA
Comdev -- Modules Builder ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string.
unknown
2007-05-01
7.0 CVE-2007-2422
BUGTRAQ
XF
E-Annu -- E-Annu SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.
unknown
2007-05-01
7.0 CVE-2007-2416
BUGTRAQ
BID
XF
EMC -- RSA Security SiteKey EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.
unknown
2007-04-30
10.0 CVE-2006-7201
OTHER-REF
OTHER-REF
Fabrice Bellard -- QEMU Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2 might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
unknown
2007-05-02
7.0 CVE-2007-1320
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
FileRun -- FileRun SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
unknown
2007-05-02
7.0 CVE-2007-2469
OTHER-REF
BID
SECUNIA
FireFly -- FireFly Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.
unknown
2007-05-02
7.0 CVE-2007-2456
MILW0RM
VIM
BID
FRSIRT
FireFly -- FireFly PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-02
7.0 CVE-2007-2460
VIM
FRSIRT
Gregory Kokanosky -- phpMyNewsLetter admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.
unknown
2007-04-30
10.0 CVE-2007-2371
MILW0RM
BID
Gregory Kokanosky -- phpMyNewsLetter admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.
unknown
2007-04-30
10.0 CVE-2007-2372
MILW0RM
BID
Hitachi -- Groupmax Mobile Option Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-01
7.0 CVE-2007-2421
OTHER-REF
BID
FRSIRT
SECUNIA
XF
HP -- Power Manager Remote Agent Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors.
unknown
2007-04-30
7.0 CVE-2007-2351
HP
BID
FRSIRT
SECUNIA
SECTRACK
IBM -- WebSphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.
unknown
2007-04-30
7.0 CVE-2006-7198
OTHER-REF
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
SECUNIA
XF
ManageEngine -- PasswordManager Pro ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-01
10.0 CVE-2007-2429
BID
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
unknown
2007-04-30
8.0 CVE-2007-2374
OTHER-REF
BID
MicroWorld Technologies -- eScan The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
unknown
2007-05-02
10.0 CVE-2007-0655
OTHER-REF
FRSIRT
SECUNIA
Novell -- Novell SecureLogin Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."
unknown
2007-05-02
7.0 CVE-2007-2475
NOVELL
FRSIRT
Novell -- Novell SecureLogin Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.
unknown
2007-05-02
7.0 CVE-2007-2476
OTHER-REF
FRSIRT
Nukedit -- Nukedit Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-02
7.0 CVE-2007-2432
BID
SECUNIA
OPeNDAP -- Server3 The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
unknown
2007-04-30
10.0 CVE-2007-2355
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
phpMyChat -- phpMyChat ** DISPUTED ** PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value.
unknown
2007-05-02
7.0 CVE-2007-2477
BUGTRAQ
BUGTRAQ
VIM
VIM
Pixaria -- Pixaria Gallery PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.
unknown
2007-05-02
7.0 CVE-2007-2457
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Pixaria -- Pixaria Gallery Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts.
unknown
2007-05-02
7.0 CVE-2007-2458
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
pnFlashGames -- pnFlashGames SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2007-05-01
7.0 CVE-2007-2427
MILW0RM
BID
Ruben Boelinger -- myflash PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
unknown
2007-05-03
7.0 CVE-2007-2485
MILW0RM
OTHER-REF
BID
FRSIRT
XF
Sphider -- Sphider ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue."
unknown
2007-05-01
7.0 CVE-2007-2411
BUGTRAQ
BID
BUGTRAQ
XF
Sun -- JRE
Sun -- SDK
Sun -- Java Enterprise System
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
unknown
2007-05-02
7.0 CVE-2007-2435
SUNALERT
BID
FRSIRT
SECUNIA
SECTRACK
XF
Symantec -- LiveState Recovery
Symantec -- Ghost
Symantec -- BackupExec System Recovery
Symantec -- Norton Save & Recovery
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
unknown
2007-04-30
7.0 CVE-2007-2359
IDEFENSE
OTHER-REF
SECTRACK
XF
Symantec -- Enterprise Security Manager The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
unknown
2007-04-30
10.0 CVE-2007-2375
OTHER-REF
BID
SECUNIA
Tecnick.com -- TCExam Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
unknown
2007-05-01
7.0 CVE-2007-2431
MILW0RM
OTHER-REF
VIM
The GIMP Team -- GIMP Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
unknown
2007-04-30
8.0 CVE-2007-2356
MILW0RM
BID
SECUNIA
XF
OTHER-REF
FRSIRT
The Merchant Project -- The Merchant PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.
unknown
2007-05-01
7.0 CVE-2007-2424
MILW0RM
Tony Cook -- Imager Heap-based buffer overflow in Imager before 0.57 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via compressed 8-bit BMP files.
unknown
2007-05-01
10.0 CVE-2007-2413
OTHER-REF
OTHER-REF
SECUNIA
BID
FRSIRT
Turnkey Web Tools -- SunShop Shopping Cart Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070.
unknown
2007-05-02
7.0 CVE-2007-2474
BUGTRAQ
BID
VIM Development Group -- VIM The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
unknown
2007-05-02
8.0 CVE-2007-2438
MLIST
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BUGTRAQ
BID
FRSIRT
SECUNIA
WF-Links -- WF-Links SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2007-04-30
7.0 CVE-2007-2373
MILW0RM
Wildbits -- myGallery PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
unknown
2007-05-01
7.0 CVE-2007-2426
MILW0RM
BID
FRSIRT
SECUNIA
XF
Xoops -- John Mordo Jobs Module SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
unknown
2007-04-30
7.0 CVE-2007-2370
MILW0RM
VIM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
Apple -- Mac OS X Server The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories.
unknown
2007-05-02
4.0 CVE-2007-0745
APPLE
Corel -- Paint Shop Pro Photo Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
unknown
2007-04-30
4.8 CVE-2007-2366
MILW0RM
BID
FRSIRT
SECUNIA
XF
Don Moore -- MyDNS Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
unknown
2007-04-30
6.0 CVE-2007-2362
FULLDISC
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
EMC -- RSA Security SiteKey EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."
unknown
2007-04-30
6.0 CVE-2006-7199
OTHER-REF
OTHER-REF
OTHER-REF
EMC -- RSA Security SiteKey EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
unknown
2007-04-30
6.0 CVE-2006-7200
OTHER-REF
OTHER-REF
freePBX -- freePBX admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
unknown
2007-04-30
4.2 CVE-2007-2350
FULLDISC
FRSIRT
SECUNIA
IrfanView -- IrfanView Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
unknown
2007-04-30
4.8 CVE-2007-2363
MILW0RM
BID
XF
FRSIRT
SECUNIA
Linux -- Kernel The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.
unknown
2007-05-03
4.9 CVE-2007-2480
OTHER-REF
Parallels -- Parallels Desktop Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations.
unknown
2007-05-02
4.2 CVE-2007-2454
OTHER-REF
Ruben Boelinger -- wordTube PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
unknown
2007-05-03
5.6 CVE-2007-2481
BUGTRAQ
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Ruben Boelinger -- wordTube Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.
unknown
2007-05-03
5.6 CVE-2007-2482
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Ruben Boelinger -- wp-Table PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
unknown
2007-05-03
5.6 CVE-2007-2484
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
XF
SineCMS -- SineCMS Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter.
unknown
2007-04-30
5.6 CVE-2007-2357
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Symantec -- LiveState Recovery
Symantec -- Ghost
Symantec -- BackupExec System Recovery
Symantec -- Norton Save & Recovery
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
unknown
2007-04-30
4.2 CVE-2007-2360
IDEFENSE
OTHER-REF
SECTRACK
VMWare -- VMWare Workstation VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."
unknown
2007-05-02
4.9 CVE-2007-1876
OTHER-REF
Xscreensaver -- Xscreensaver XScreenSaver 4.10, when using a remote directory service for credentials, allows local users to bypass authentication by preventing network connectivity, which causes XScreenSaver to crash and unlock the screen.
unknown
2007-05-02
4.9 CVE-2007-1859
REDHAT

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
Apache Software Foundation -- Axis Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
unknown
2007-04-30
3.3 CVE-2007-2353
VIM
BID
OSVDB
Blackdot -- Imageview Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.
unknown
2007-05-01
2.3 CVE-2007-2425
MILW0RM
Cerulean Studios -- Trillian Pro Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
unknown
2007-05-02
3.3 CVE-2007-2479
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
XF
Cisco -- PIX
Cisco -- Adaptive Security Appliance
The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used.
unknown
2007-05-02
3.3 CVE-2007-2461
CISCO
CERT-VN
BID
Cisco -- PIX
Cisco -- Adaptive Security Appliance
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password Expiry.
unknown
2007-05-02
3.3 CVE-2007-2463
CISCO
BID
Cisco -- PIX
Cisco -- Adaptive Security Appliance
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."
unknown
2007-05-02
2.7 CVE-2007-2464
CISCO
BID
Clam Anti-Virus -- ClamAV The PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file, resulting in a "file descriptor leak".
unknown
2007-04-30
3.3 CVE-2007-2029
DEBIAN
BID
SECUNIA
Dojo Toolkit -- Dojo Toolkit The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2376
OTHER-REF
Fabrice Bellard -- QEMU QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
unknown
2007-05-02
2.3 CVE-2007-1322
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Fabrice Bellard -- QEMU QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
unknown
2007-05-02
2.3 CVE-2007-1366
MLIST
MLIST
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
FileRun -- FileRun Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section parameter.
unknown
2007-05-02
3.7 CVE-2007-2470
OTHER-REF
BID
SECUNIA
Getahead -- Direct Web Remoting The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2377
OTHER-REF
Google -- Google Web Toolkit The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2378
OTHER-REF
HP -- OpenVMS Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions."
unknown
2007-05-02
2.3 CVE-2007-2468
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Invision Power Services -- Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.
unknown
2007-04-30
3.7 CVE-2007-2349
OTHER-REF
FRSIRT
SECUNIA
XF
ISC -- BIND Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
unknown
2007-05-02
2.7 CVE-2007-2241
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
jQuery -- jQuery The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2379
OTHER-REF
Mad4Milk -- Moo.fx The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2382
OTHER-REF
Microsoft -- Atlas framework The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2380
OTHER-REF
Mochikit -- MochiKit Framework The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2381
OTHER-REF
MoinMoin -- MoinMoin Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-01
3.7 CVE-2007-2423
BID
Motobit -- Motobit Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.
unknown
2007-05-03
2.3 CVE-2007-2486
MILW0RM
XF
myServer -- myServer MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.
unknown
2007-05-01
3.3 CVE-2007-2414
OTHER-REF
OTHER-REF
SECUNIA
BID
XF
Novell -- eDirectory ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.
unknown
2007-04-30
3.3 CVE-2006-4520
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Parallels -- Parallels Desktop Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7.
unknown
2007-05-02
3.3 CVE-2007-2455
OTHER-REF
PHP -- PHP
webSPELL -- webSPELL
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
unknown
2007-04-30
3.3 CVE-2007-2369
MILW0RM
Pi3Web -- Pi3Web Web Server Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: as of 20070429, the vendor was unable to reproduce this issue, stating "Couldn't reproduce any crash."
unknown
2007-05-01
3.3 CVE-2007-2415
OTHER-REF
BID
SECUNIA
FRSIRT
XF
Progress -- WebSpeed Messenger Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.
unknown
2007-04-30
3.3 CVE-2007-2354
BUGTRAQ
OTHER-REF
PrototypeJS -- Prototype framework The Prototype (prototypejs) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2383
OTHER-REF
Red Hat -- Red Hat Enterprise Linux Desktop
Red Hat -- Red Hat Enterprise Linux Desktop Workstation
Red Hat -- Red Hat Enterprise Linux
Linux -- Kernel
Unspecified vulnerability in the utrace support for Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service
unknown
2007-05-02
2.3 CVE-2007-0771
REDHAT
BID
SECTRACK
SECUNIA
rPath -- rPath
Linux -- Kernel
The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows local users to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.
unknown
2007-05-02
2.3 CVE-2007-2436
OTHER-REF
BID
FRSIRT
SECUNIA
Script.aculo.us -- Script.aculo.us The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2384
OTHER-REF
Seir Anphin -- Seir Anphin ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use.
unknown
2007-05-01
3.3 CVE-2007-2412
BUGTRAQ
VIM
XF
Sendcard -- Sendcard Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter.
unknown
2007-05-02
2.3 CVE-2007-2471
MILW0RM
SECUNIA
XF
Sendcard -- Sendcard Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-02
1.9 CVE-2007-2472
SECUNIA
Sun -- Solaris Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function.
unknown
2007-05-02
1.9 CVE-2007-2465
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
XF
Sun -- Java System Directory Server
Sun -- ONE Directory Server
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.
unknown
2007-05-02
3.3 CVE-2007-2466
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
XF
Symantec -- LiveState Recovery
Symantec -- Ghost
Symantec -- BackupExec System Recovery
Symantec -- Norton Save & Recovery
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
unknown
2007-04-30
2.3 CVE-2007-2361
IDEFENSE
OTHER-REF
SECTRACK
XF
Tecnick.com -- TCExam shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
unknown
2007-05-01
3.3 CVE-2007-2430
MILW0RM
OTHER-REF
Tony Cook -- Imager Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via 4-bit/pixel BMP files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-02
3.3 CVE-2007-2459
FRSIRT
VMWare -- VMWare Workstation The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).
unknown
2007-05-02
3.3 CVE-2007-1069
OTHER-REF
VMWare -- VMWare Workstation The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.
unknown
2007-05-02
3.3 CVE-2007-1337
OTHER-REF
XF
VMWare -- VMWare Workstation Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
unknown
2007-05-02
3.7 CVE-2007-1744
IDEFENSE
OTHER-REF
BID
SECTRACK
VMWare -- VMWare Workstation VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.
unknown
2007-05-02
3.3 CVE-2007-1877
OTHER-REF
webSPELL -- webSPELL picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.
unknown
2007-04-30
3.3 CVE-2007-2368
MILW0RM
Wserve HTTP Server -- Wserve HTTP Server Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
unknown
2007-04-30
3.3 CVE-2007-2367
BUGTRAQ
BID
X.Org -- Xserver
X.Org -- X Window System
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.
unknown
2007-05-02
2.0 CVE-2007-2437
OTHER-REF
SECTRACK
XF
Yahoo! -- Yahoo UI framework The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
unknown
2007-04-30
3.3 CVE-2007-2385
OTHER-REF
Zone Labs -- ZoneAlarm Pro ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.
unknown
2007-05-02
2.3 CVE-2007-2467
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Vulnerability Summary for the Week of October 22, 2012
Posted on Tuesday October 30, 2012

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2daybiz -- video_community_portal_script SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. 2012-10-25 7.5 CVE-2011-5215
adobe -- shockwave_player Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273. 2012-10-23 10.0 CVE-2012-4172
adobe -- shockwave_player Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273. 2012-10-23 10.0 CVE-2012-4173
adobe -- shockwave_player Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4175, and CVE-2012-5273. 2012-10-23 10.0 CVE-2012-4174
adobe -- shockwave_player Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-5273. 2012-10-23 10.0 CVE-2012-4175
adobe -- shockwave_player Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors. 2012-10-23 10.0 CVE-2012-4176
adobe -- shockwave_player Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-4175. 2012-10-23 10.0 CVE-2012-5273
apache -- open_for_business_project Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors. 2012-10-25 10.0 CVE-2012-3506
apache -- cloudstack Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. 2012-10-26 10.0 CVE-2012-4501
apprain -- apprain SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. 2012-10-25 7.5 CVE-2011-5229
atutor -- acontent Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php. 2012-10-22 7.5 CVE-2012-5167
atutor -- acontent ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. 2012-10-22 7.5 CVE-2012-5168
browsercrm -- browsercrm Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php. 2012-10-25 7.5 CVE-2011-5213
ca -- arcserve_backup The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. 2012-10-20 7.5 CVE-2012-2971
cisco -- webex_recording_format_player Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962. 2012-10-25 9.3 CVE-2012-3936
cisco -- webex_recording_format_player Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967. 2012-10-25 9.3 CVE-2012-3937
cisco -- webex_recording_format_player Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583. 2012-10-25 9.3 CVE-2012-3938
cisco -- webex_recording_format_player Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331. 2012-10-25 9.3 CVE-2012-3939
cisco -- webex_recording_format_player Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958. 2012-10-25 9.3 CVE-2012-3940
cisco -- webex_recording_format_player Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850. 2012-10-25 9.3 CVE-2012-3941
enterasys -- netsight Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514. 2012-10-25 10.0 CVE-2011-5227
ibm -- xiv_storage_system_gen3 The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports. 2012-10-20 7.8 CVE-2012-2167
ibm -- db2 Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. 2012-10-20 8.5 CVE-2012-4826
intelliants -- subrion_cms SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. 2012-10-22 7.5 CVE-2011-5212
intelliants -- subrion_cms SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. 2012-10-22 7.5 CVE-2012-4772
jcore -- jcore SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. 2012-10-22 7.5 CVE-2012-4232
mnogosearch -- mnogosearch SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link. 2012-10-25 7.5 CVE-2011-5235
mutiny -- standard Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." 2012-10-22 8.5 CVE-2012-3001
neubivljiv -- dota_openstats SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. 2012-10-25 7.5 CVE-2011-5218
novell -- zenworks_asset_management The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. 2012-10-20 7.8 CVE-2012-4933
openstack -- swift OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. 2012-10-22 7.5 CVE-2012-4406
openx -- openx SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. 2012-10-22 7.5 CVE-2012-4990
scripte24shop -- php_flirt-projekt SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter. 2012-10-25 7.5 CVE-2011-5222
scripte24shop -- social_network_community SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter. 2012-10-25 7.5 CVE-2011-5234
seotoaster -- seotoaster Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member. 2012-10-25 7.5 CVE-2011-5230
tibco -- formvine The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. 2012-10-24 7.5 CVE-2012-5302
trioniclabs -- sentinel SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2012-10-25 7.5 CVE-2011-5224
troyef -- scorm_cloud SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. 2012-10-25 7.5 CVE-2011-5216
videolan -- vlc_media_player Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. 2012-10-25 9.3 CVE-2011-5231

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apprain -- apprain Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter. 2012-10-25 4.3 CVE-2011-5228
atutor -- acontent Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter. 2012-10-22 4.3 CVE-2012-5169
atutor -- acontent SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. 2012-10-22 6.5 CVE-2012-5453
atutor -- acontent user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168. 2012-10-22 6.5 CVE-2012-5454
bastien_nocera -- libsocialweb (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. 2012-10-22 5.8 CVE-2011-4129
bastien_nocera -- libsocialweb services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. 2012-10-22 5.8 CVE-2012-4511
boiteaweb -- sentinel Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. 2012-10-25 4.3 CVE-2011-5225
boiteaweb -- sentinel Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. 2012-10-25 6.8 CVE-2011-5226
browsercrm -- browsercrm Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php. 2012-10-25 4.3 CVE-2011-5214
c61 -- tokyo_bbs Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page. 2012-10-26 4.3 CVE-2012-4019
ca -- arcserve_backup The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. 2012-10-20 5.0 CVE-2012-2972
cacti -- cacti Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2012-10-25 4.3 CVE-2011-5223
cipherdyne -- fwknop fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address. 2012-10-22 4.0 CVE-2012-4435
cipherdyne -- fwknop Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments. 2012-10-22 4.4 CVE-2012-4436
claws-mail -- claws-mail The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. 2012-10-22 4.3 CVE-2012-4507
cristopher_shi -- php-scms Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php. 2012-10-25 4.3 CVE-2011-5220
gnome -- gnome-keyring GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. 2012-10-22 4.4 CVE-2012-3466
hitachi -- jp1/serverconductor/deploymentmanager Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. 2012-10-25 5.0 CVE-2011-5217
ibm -- aix The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. 2012-10-20 6.8 CVE-2012-4845
intelliants -- subrion_cms Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. 2012-10-22 4.3 CVE-2011-5211
intelliants -- subrion_cms Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452. 2012-10-22 4.3 CVE-2012-4771
intelliants -- subrion_cms Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/. 2012-10-22 6.8 CVE-2012-4773
intelliants -- subrion_cms Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2. 2012-10-22 4.3 CVE-2012-5452
irfanview -- flashpix_plugin Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. 2012-10-25 5.0 CVE-2011-5232
irfanview -- irfanview Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file. 2012-10-25 4.3 CVE-2011-5233
jcore -- jcore Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. 2012-10-22 4.3 CVE-2012-4231
joomla -- joomla! Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." 2012-10-22 4.3 CVE-2012-5455
microsoft -- excel Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. 2012-10-25 4.3 CVE-2012-5672
mpdf1 -- mpdf Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. 2012-10-25 5.0 CVE-2011-5219
openfabrics -- librdmacm librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service. 2012-10-22 5.8 CVE-2012-4516
openfabrics -- ibacm ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. 2012-10-22 5.0 CVE-2012-4517
openx -- openx Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action. 2012-10-22 4.3 CVE-2012-4989
otrs -- otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element. 2012-10-22 4.3 CVE-2012-4751
phpmyadmin -- phpmyadmin phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. 2012-10-25 4.3 CVE-2012-5368
phpmyfaq -- phpmyfaq Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. 2012-10-22 4.3 CVE-2010-4821
razorcms -- razorcms Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action. 2012-10-22 6.8 CVE-2012-1900
redhat -- jboss_enterprise_application_platform mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors. 2012-10-22 4.3 CVE-2012-1154
sitaram_chamarty -- gitolite Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. 2012-10-22 4.6 CVE-2012-4506
videolan -- vlc_media_player libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. 2012-10-26 4.3 CVE-2012-5470
videousermanuals -- white-label-cms Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences. 2012-10-24 6.8 CVE-2012-5387
videousermanuals -- white-label-cms Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. 2012-10-24 4.3 CVE-2012-5388
websvn -- websvn Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. 2012-10-25 4.3 CVE-2011-5221
wftpserver -- wing_ftp_server Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands. 2012-10-26 6.8 CVE-2012-4729
zoner -- zoner_antivirus_free The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files. 2012-10-24 4.3 CVE-2012-5456

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
openfabrics -- ibacm ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. 2012-10-22 3.6 CVE-2012-4518
phpmyadmin -- phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. 2012-10-25 3.5 CVE-2012-5339
redhat -- rhncfg Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file. 2012-10-22 2.1 CVE-2012-2679

Back to top

Vulnerability Summary for the Week of December 10, 2007
Posted on Tuesday December 18, 2007

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
Aurora -- Aurora Framework SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
unknown
2007-12-13
7.5 CVE-2007-6345
OTHER-REF
SECUNIA
AVS Media -- AVSMJPEGFILE.DLL Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.
unknown
2007-12-13
7.5 CVE-2007-6327
MILW0RM
OTHER-REF
BID
XF
David Castro -- Apache_AuthCAS SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
unknown
2007-12-13
7.5 CVE-2007-6342
BUGTRAQ
BID
DOSBox -- DOSBox ** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem.
unknown
2007-12-13
7.2 CVE-2007-6328
BUGTRAQ
FRSIRT
XF
Falt4 CMS -- Falt4 Extreme RC4 SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
unknown
2007-12-11
7.5 CVE-2007-6311
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
GNU -- Emacs Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
unknown
2007-12-07
10.0 CVE-2007-6109
SUSE
OTHER-REF
GENTOO
SECUNIA
XF
HP -- OpenView Network Node Manager Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe.
unknown
2007-12-13
10.0 CVE-2007-6204
BUGTRAQ
OTHER-REF
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- Info Center Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.
unknown
2007-12-13
9.3 CVE-2007-6331
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- Info Center The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
unknown
2007-12-13
9.3 CVE-2007-6332
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Meridian Software -- Prolog Manager Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
unknown
2007-12-13
10.0 CVE-2007-6330
BUGTRAQ
BID
XF
Microsoft -- windows_media_format_runtime
Microsoft -- windows_media_services
Microsoft -- Media Format Runtime
Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
unknown
2007-12-11
9.3 CVE-2007-0064
MS
Microsoft -- Message Queuing MSMQ Buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via unspecified vectors. NOTE: remote vectors exist for Windows 2000 Professional SP4 and Windows XP SP2; they are only local for the other operating systems.
unknown
2007-12-11
9.0 CVE-2007-3039
MS
Microsoft -- DirectX Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
unknown
2007-12-11
9.3 CVE-2007-3895
MS
FRSIRT
SECUNIA
Microsoft -- DirectX Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted Synchronized Accessible Media Interchange (SAMI) file.
unknown
2007-12-11
10.0 CVE-2007-3901
MS
FRSIRT
SECUNIA
XF
Microsoft -- Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3903 and CVE-2007-5344, one variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
10.0 CVE-2007-3902
Microsoft -- windows-nt Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
unknown
2007-12-11
7.2 CVE-2007-5350
MS
scponly -- scponly scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, and (3) svn , as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
unknown
2007-12-14
8.5 CVE-2007-6350
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
Apache Software Foundation -- Apache HTTP Server Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3 CVE-2007-5000
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
SECUNIA
SECUNIA
City Writer -- CityWriter PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-12-13
6.8 CVE-2007-6324
MILW0RM
Drupal -- feature_module Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
unknown
2007-12-11
4.3 CVE-2007-6320
OTHER-REF
Ext2 Filesystems Utilities -- e2fsprogs Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
unknown
2007-12-07
5.8 CVE-2007-5497
SUSE
OTHER-REF
DEBIAN
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
XF
MANDRIVA
SECUNIA
Falt4 CMS -- Falt4 Extreme RC4 Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).
unknown
2007-12-11
4.3 CVE-2007-6310
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
Fastpublish -- Fastpublish CMS PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
unknown
2007-12-13
6.8 CVE-2007-6325
MILW0RM
FRSIRT
SECUNIA
GNOME -- Balsa Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
unknown
2007-12-12
6.8 CVE-2007-5007
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
GENTOO
SUSE
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
HP -- Info Center The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
unknown
2007-12-13
5.8 CVE-2007-6333
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- OpenView Network Node Manager Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3 CVE-2007-6343
HP
FRSIRT
SECTRACK
SECUNIA
HttpLogger -- HttpLogger Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-11
4.3 CVE-2007-6308
OTHER-REF
OTHER-REF
SECUNIA
IBM -- Hardware Management Console Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
unknown
2007-12-10
4.6 CVE-2007-6305
OTHER-REF
OTHER-REF
SECUNIA
JFree -- JFreeChart Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.
unknown
2007-12-11
4.3 CVE-2007-6306
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
JFree -- JFreeChart Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
unknown
2007-12-11
4.3 CVE-2007-6307
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Mcms -- Easy Web Make Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
unknown
2007-12-13
6.8 CVE-2007-6344
MILW0RM
BID
SECUNIA
XF
Microsoft -- Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
6.8 CVE-2007-3903
MS
Microsoft -- Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, a variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
6.8 CVE-2007-5344
Microsoft -- Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
unknown
2007-12-11
6.8 CVE-2007-5347
MS
Microsoft -- windows-nt Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
unknown
2007-12-11
6.4 CVE-2007-5351
MS
Microsoft -- Office Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
unknown
2007-12-13
6.4 CVE-2007-6329
BUGTRAQ
BID
MMS Gallery -- MMS Gallery PHP Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
unknown
2007-12-13
5.0 CVE-2007-6323
MILW0RM
MySQL -- MySQL MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
unknown
2007-12-10
5.8 CVE-2007-5970
OTHER-REF
OTHER-REF
MySQL -- MySQL The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, does not properly handle a response with a small number of columns, which allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
unknown
2007-12-10
5.0 CVE-2007-6304
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Novell -- NetMail Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CVE-162."
unknown
2007-12-10
6.8 CVE-2007-6302
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Rainboard -- Rainboard Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3 CVE-2007-6346
OTHER-REF
OTHER-REF
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.
unknown
2007-12-11
5.0 CVE-2007-6314
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference.
unknown
2007-12-11
4.0 CVE-2007-6315
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.
unknown
2007-12-11
4.3 CVE-2007-6316
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
unknown
2007-12-11
5.5 CVE-2007-6317
BUGTRAQ
OTHER-REF
BID
SECUNIA
Red Hat -- enterprise_linux The default configuration of autofs 5 in Red Hat Enterprise Linux (RHEL) 5 omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
unknown
2007-12-13
6.9 CVE-2007-5964
OTHER-REF
REDHAT
SECUNIA
Roundcube Webmail Project -- Roundcube Webmail Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
unknown
2007-12-11
4.3 CVE-2007-6321
BUGTRAQ
OTHER-REF
XF
S9Y -- Serendipity Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
unknown
2007-12-11
4.3 CVE-2007-6205
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Samba -- Samba Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
unknown
2007-12-13
6.8 CVE-2007-6015
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
REDHAT
BID
SECUNIA
Sergey Lyubka -- Simple HTTPD Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.
unknown
2007-12-13
5.0 CVE-2007-6326
MILW0RM
OTHER-REF
BID
XF
Skype Technologies -- Skype Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
unknown
2007-12-13
6.8 CVE-2007-5989
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
SquirrelMail -- SquirrelMail SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
unknown
2007-12-14
6.8 CVE-2007-6348
OTHER-REF
ViArt -- Helpdesk
ViArt -- Shop Evaluation
ViArt -- Shop Free
ViArt -- CMS
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-13
6.8 CVE-2007-6347
MILW0RM
BID
SECUNIA
Websense -- Web Security Suite
Websense -- Enterpise
Websense -- Reporting Tools
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
unknown
2007-12-11
4.3 CVE-2007-6312
BUGTRAQ
OTHER-REF
OTHER-REF
BID
webSPELL -- webSPELL Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
unknown
2007-12-11
4.3 CVE-2007-6309
BUGTRAQ
BID
WordPress -- WordPress SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
unknown
2007-12-11
6.8 CVE-2007-6318
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
FULLDISC
xml2owl -- xml2owl Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-12-13
5.0 CVE-2007-6322
MILW0RM

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
MySQL -- MySQL MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
unknown
2007-12-10
3.5 CVE-2007-6303
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF

Back to top
=

Vulnerability Summary for the Week of June 3, 2013
Posted on Tuesday June 11, 2013

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- mac_os_x Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. 2013-06-05 9.3 CVE-2013-0984
google -- chrome Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. 2013-06-04 7.5 CVE-2013-2854
google -- chrome Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. 2013-06-04 7.5 CVE-2013-2856
google -- chrome Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. 2013-06-04 7.5 CVE-2013-2857
google -- chrome Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2013-06-04 7.5 CVE-2013-2858
google -- chrome Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. 2013-06-04 7.5 CVE-2013-2859
google -- chrome Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. 2013-06-04 7.5 CVE-2013-2860
google -- chrome Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2013-06-04 7.5 CVE-2013-2861
google -- chrome Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2013-06-04 7.5 CVE-2013-2862
google -- chrome Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2013-06-04 10.0 CVE-2013-2863
google -- chrome Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2013-06-04 7.5 CVE-2013-2865
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629. 2013-06-06 10.0 CVE-2013-2324
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633. 2013-06-06 10.0 CVE-2013-2325
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634. 2013-06-06 10.0 CVE-2013-2326
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635. 2013-06-06 10.0 CVE-2013-2327
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636. 2013-06-06 10.0 CVE-2013-2328
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637. 2013-06-06 10.0 CVE-2013-2329
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638. 2013-06-06 10.0 CVE-2013-2330
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652. 2013-06-06 10.0 CVE-2013-2331
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654. 2013-06-06 10.0 CVE-2013-2332
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. 2013-06-06 10.0 CVE-2013-2333
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681. 2013-06-06 10.0 CVE-2013-2334
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733. 2013-06-06 10.0 CVE-2013-2335
ibm -- tivoli_netcool_application_service_monitors Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory. 2013-06-04 7.6 CVE-2013-0508
ibm -- tivoli_netcool_application_service_monitors Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder. 2013-06-04 7.6 CVE-2013-0509
ibm -- db2 Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors. 2013-06-04 7.2 CVE-2013-3475
isc -- bind resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone. 2013-06-06 7.8 CVE-2013-3919
linux -- linux_kernel Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. 2013-06-07 7.9 CVE-2013-2850
mutiny -- mutiny Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation. 2013-06-01 8.5 CVE-2013-0136

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
algisinfo -- aicontactsafe Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-05-31 4.3 CVE-2013-3719
apache -- tomcat Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. 2013-06-01 5.0 CVE-2012-3544
apache -- tomcat java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. 2013-06-01 6.8 CVE-2013-2067
apple -- mac_os_x Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. 2013-06-05 6.8 CVE-2013-0975
apple -- mac_os_x Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. 2013-06-05 6.8 CVE-2013-0983
apple -- mac_os_x SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. 2013-06-05 4.9 CVE-2013-0990
apple -- safari WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. 2013-06-05 6.8 CVE-2013-1009
apple -- safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. 2013-06-05 4.3 CVE-2013-1012
apple -- safari XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. 2013-06-05 4.3 CVE-2013-1013
apple -- safari WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. 2013-06-05 6.8 CVE-2013-1023
apple -- mac_os_x CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. 2013-06-05 6.8 CVE-2013-1024
apple -- iphone_os Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. 2013-06-05 4.3 CVE-2013-3948
apple -- iphone_os Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. 2013-06-05 5.0 CVE-2013-3950
apple -- iphone_os sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. 2013-06-05 4.6 CVE-2013-3951
apple -- mac_os_x The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. 2013-06-05 4.9 CVE-2013-3953
apple -- mac_os_x The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. 2013-06-05 5.4 CVE-2013-3954
cisco -- webex_meetings_server The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. 2013-06-06 4.3 CVE-2013-1205
cisco -- telepresence_system_software Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610. 2013-05-31 6.8 CVE-2013-1246
cisco -- prime_infrastructure Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356. 2013-05-31 4.3 CVE-2013-1247
feedweb -- feedweb Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. 2013-05-31 4.3 CVE-2013-3720
fenrir-inc -- sleipnir_mobile The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. 2013-06-03 5.8 CVE-2013-2317
google -- chrome The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2013-06-04 5.0 CVE-2013-2855
ibm -- eclipse_help_system Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. 2013-06-03 4.3 CVE-2013-0464
ibm -- websphere_portal Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2013-06-03 4.3 CVE-2013-0549
ibm -- qradar_security_information_and_event_manager Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors. 2013-06-03 6.5 CVE-2013-2970
linux -- linux_kernel The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet. 2013-06-07 6.8 CVE-2011-4604
linux -- linux_kernel Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. 2013-06-07 4.4 CVE-2013-1929
linux -- linux_kernel The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. 2013-06-07 4.9 CVE-2013-2128
linux -- linux_kernel arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. 2013-06-07 4.7 CVE-2013-2146
linux -- linux_kernel Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. 2013-06-07 6.0 CVE-2013-2851
linux -- linux_kernel Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. 2013-06-07 6.9 CVE-2013-2852
photogallerycreator -- flash-album-gallery Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. 2013-06-01 4.3 CVE-2013-3261
php -- php ** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id." 2013-05-31 5.0 CVE-2013-3735
tibco -- silver_mobile The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors. 2013-05-31 6.5 CVE-2013-3315
yahoo -- yahoo!_browser The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. 2013-06-03 5.8 CVE-2013-2316

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
N/A -- N/A The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. 2013-06-04 0.0 CVE-2013-2864
apache -- tomcat java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. 2013-06-01 2.6 CVE-2013-2071
apple -- mac_os_x The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. 2013-06-05 1.7 CVE-2013-0982
apple -- mac_os_x Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. 2013-06-05 2.1 CVE-2013-0985
apple -- mac_os_x The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. 2013-06-05 2.1 CVE-2013-3949
apple -- mac_os_x The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. 2013-06-05 2.1 CVE-2013-3952
apple -- iphone_os The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. 2013-06-05 3.7 CVE-2013-3955
ibm -- websphere_portal CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. 2013-06-03 3.5 CVE-2013-2950
jig -- movatwitouch The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application. 2013-06-06 2.6 CVE-2013-2318
linux -- linux_kernel The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. 2013-06-07 2.1 CVE-2013-2141
linux -- linux_kernel The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. 2013-06-07 2.1 CVE-2013-2147
linux -- linux_kernel The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. 2013-06-07 2.1 CVE-2013-2148

Back to top

 

Vulnerability Summary for the Week of July 21, 2008
Posted on Tuesday July 29, 2008

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
alphadmin -- alphadmin_cms AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-07-25
7.5 CVE-2008-3300
BID
AlstraSoft -- Affiliate Network Pro SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.
unknown
2008-07-21
7.5 CVE-2008-3240
MILW0RM
BID
aprox -- aprox_cms_engine
aprox -- aproxengine
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-07-24
7.5 CVE-2008-3291
MILW0RM
OTHER-REF
BID
XF
arctictracker -- arctic_issue_tracker SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
unknown
2008-07-21
7.5 CVE-2008-3250
MILW0RM
BID
Asterisk -- Asterisk Asterisk allows remote attackers to cause a denial of service (CPU consumption) by quickly sending a large number of IAX POKE requests.
unknown
2008-07-22
7.8 CVE-2008-3263
OTHER-REF
BID
XF
Asterisk -- AsteriskNOW
Asterisk -- Asterisk Business Edition
Asterisk -- Asterisk Appliance Developer Kit
Asterisk -- Open Source
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
unknown
2008-07-24
7.8 CVE-2008-3264
OTHER-REF
BID
cable-modems -- phphoo3 SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.
unknown
2008-07-21
7.5 CVE-2008-3245
MILW0RM
BID
XF
Drupal -- Drupal Session fixation vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
unknown
2008-07-18
7.5 CVE-2008-3222
MLIST
OTHER-REF
eSyndicat -- esyndicat eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-07-25
7.5 CVE-2008-3299
BID
Fedora -- newsx Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
unknown
2008-07-21
10.0 CVE-2008-3252
FEDORA
FEDORA
BID
XF
iamilkay -- yuhhu_pubs_black_cat SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter.
unknown
2008-07-18
7.5 CVE-2008-3206
BUGTRAQ
BID
XF
Linux -- Kernel The LDT implementation in the Linux kernel 2.6.25.x on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.
unknown
2008-07-24
7.2 CVE-2008-3247
OTHER-REF
MojoScripts -- mojojobs SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
unknown
2008-07-24
7.5 CVE-2008-3267
MILW0RM
XF
Oracle -- weblogic_server
BEA Systems -- WebLogic Server
BEA Systems -- apache_connector_in_weblogic_server
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. NOTE: it is possible that this overlaps CVE-2008-2579 or another issue disclosed in Oracle's CPUJul2008 advisory.
unknown
2008-07-22
10.0 CVE-2008-3257
MILW0RM
VIM
VIM
SECTRACK
XF
ppmate -- ppmedia_class Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.
unknown
2008-07-21
10.0 CVE-2008-3242
MILW0RM
BID
XF
pragyan -- praygan_cms PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
unknown
2008-07-18
9.3 CVE-2008-3207
MILW0RM
BID
XF
RIM -- blackberry_enterprise_server_for_exchange
RIM -- blackberry_enterprise_server_for_domino
Blackberry -- enterprise_server
RIM -- blackberry_enterprise_server_for_novell_groupwise
Blackberry -- unite
RIM -- Blackberry Enterprise Server
RIM -- blackberry_unite
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.
unknown
2008-07-21
9.3 CVE-2008-3246
OTHER-REF
OTHER-REF
CERT-VN
SECTRACK
SECUNIA
XF
XF
Siteframe -- siteframe_cms
Siteframe -- Siteframe Beaumont
SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-07-22
7.5 CVE-2008-3256
MILW0RM
BID
Social Engine -- Social Engine Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
unknown
2008-07-25
7.5 CVE-2008-3297
BUGTRAQ
BID
XF
Softacid -- hotel_reservation_system_multi SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2008-07-24
7.5 CVE-2008-3266
MILW0RM
BID
TPL Design -- tplsoccersite Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.
unknown
2008-07-21
7.5 CVE-2008-3251
MILW0RM
XF
ultrastats -- ultrastats SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-07-21
7.5 CVE-2008-3241
MILW0RM
OTHER-REF
BID
XOOPS -- Xoops Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-07-25
7.5 CVE-2008-3296
BID
XF
Zoph -- Zoph Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-22
7.5 CVE-2008-3258
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
alain_barbet -- filesys_smbclientparser The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
unknown
2008-07-24
6.8 CVE-2008-3285
BUGTRAQ
BID
XF
BrickHost -- phpScheduleIt Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information.
unknown
2008-07-24
6.8 CVE-2008-3268
OTHER-REF
BID
XF
Carlos Desseno -- youtube_blog Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
unknown
2008-07-25
4.3 CVE-2008-3305
MILW0RM
BID
XF
Citrix -- xenserver Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-07-22
4.3 CVE-2008-3253
OTHER-REF
BID
SECTRACK
XF
Clam Anti-Virus -- ClamAV libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
unknown
2008-07-18
5.0 CVE-2008-3215
MLIST
MLIST
OTHER-REF
OTHER-REF
Claroline -- Claroline Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
unknown
2008-07-22
4.3 CVE-2008-3260
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Claroline -- Claroline Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
unknown
2008-07-22
4.3 CVE-2008-3261
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Claroline -- Claroline Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
unknown
2008-07-22
5.8 CVE-2008-3262
BUGTRAQ
OTHER-REF
OTHER-REF
XF
Debian -- projectl The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.
unknown
2008-07-18
4.6 CVE-2008-3216
MLIST
OTHER-REF
Drupal -- Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.
unknown
2008-07-18
4.3 CVE-2008-3218
MLIST
OTHER-REF
Drupal -- Drupal The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.
unknown
2008-07-18
5.0 CVE-2008-3219
MLIST
EMC -- dantz_retrospect_backup_server The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.
unknown
2008-07-24
5.0 CVE-2008-3288
BUGTRAQ
OTHER-REF
EMC Dantz -- Retrospect Backup Client retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference.
unknown
2008-07-24
5.0 CVE-2008-3287
BUGTRAQ
BID
EMC Dantz -- Retrospect Backup Client EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.
unknown
2008-07-24
5.8 CVE-2008-3289
BUGTRAQ
OTHER-REF
EMC Dantz -- Retrospect Backup Client retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version.
unknown
2008-07-24
5.0 CVE-2008-3290
BUGTRAQ
BID
EZWebAlbum -- EZWebAlbum constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
unknown
2008-07-24
6.4 CVE-2008-3292
MILW0RM
BID
XF
EZWebAlbum -- EZWebAlbum Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
unknown
2008-07-24
5.0 CVE-2008-3293
MILW0RM
BID
XF
F-Prot -- F-Prot Antivirus
F-Prot -- scanning_engine
Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.
unknown
2008-07-21
4.3 CVE-2008-3243
OTHER-REF
BID
F-Prot -- F-Prot Antivirus
F-Prot -- scanning_engine
The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read.
unknown
2008-07-21
4.3 CVE-2008-3244
OTHER-REF
OTHER-REF
BID
SECTRACK
XF
Joomla -- com_dtregister SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
unknown
2008-07-24
6.8 CVE-2008-3265
MILW0RM
OTHER-REF
BID
XF
Lenovo -- thinkvantage_system_update The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
unknown
2008-07-21
5.1 CVE-2008-3249
OTHER-REF
ln-lab -- webproxy Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-07-22
4.3 CVE-2008-3255
OTHER-REF
OTHER-REF
BID
XF
opensuse -- libxcrypt libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
unknown
2008-07-22
6.2 CVE-2008-3188
precoc -- precms SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.
unknown
2008-07-22
6.8 CVE-2008-3254
MILW0RM
BID
XF
Sierra -- SWAT 4 SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.
unknown
2008-07-24
5.0 CVE-2008-3286
OTHER-REF
OTHER-REF
BID
XF
XF
Social Engine -- Social Engine SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
unknown
2008-07-25
6.0 CVE-2008-3298
BUGTRAQ
XF
tuxplanet -- bilboblog SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
unknown
2008-07-25
6.0 CVE-2008-3302
MILW0RM
XF
tuxplanet -- bilboblog admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
unknown
2008-07-25
6.8 CVE-2008-3303
MILW0RM
BID
XF
tuxplanet -- bilboblog BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
unknown
2008-07-25
5.0 CVE-2008-3304
MILW0RM
XF
VIM Development Group -- VIM src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by writing to this file during a time window associated with a race condition.
unknown
2008-07-24
4.6 CVE-2008-3294
FULLDISC
winsoftmagic -- winremotepc_full
winsoftmagic -- winremotepc_lite
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
unknown
2008-07-24
5.0 CVE-2008-3269
MILW0RM
BID
XOOPS -- Xoops Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-07-25
4.3 CVE-2008-3295
BID
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS Score Source & Patch Info
OpenBSD -- OpenSSH
OpenSSH -- OpenSSH
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
unknown
2008-07-22
1.2 CVE-2008-3259
OTHER-REF
OTHER-REF
BID
tuxplanet -- bilboblog Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information.
unknown
2008-07-25
3.5 CVE-2008-3301
MILW0RM
BID
XF

Back to top

Vulnerability Summary for the Week of December 30, 2013
Posted on Tuesday January 07, 2014

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
emc -- replication_manager Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. 2013-12-27 7.2 CVE-2013-6182
esri -- arcgis SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. 2013-12-29 7.5 CVE-2013-7232
hp -- application_information_optimizer Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666. 2013-12-28 10.0 CVE-2013-6189
ibm -- i The OSPF implementation in IBM i 6.1 and 7.1, and in z/OS on zSeries servers, does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. 2014-01-02 8.5 CVE-2013-5385
irfanview -- irfanview Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. 2013-12-27 7.6 CVE-2013-6932
microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161. 2013-12-28 9.3 CVE-2013-3846
op5 -- monitor license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. 2013-12-31 10.0 CVE-2012-0261
op5 -- monitor op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. 2013-12-31 10.0 CVE-2012-0262
op5 -- monitor op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. 2013-12-31 10.0 CVE-2012-0264
openx -- openx_source SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. 2013-12-27 7.5 CVE-2013-7149
realvnc -- realvnc RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. 2013-12-27 7.2 CVE-2013-6886
synology -- diskstation_manager Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. 2013-12-31 7.5 CVE-2013-6987

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adtran -- netvanta_7060 Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-12-29 4.3 CVE-2013-5210
barebones -- bbedit The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates. 2013-12-31 6.4 CVE-2013-3667
cisco -- ios_xe Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. 2013-12-27 5.4 CVE-2013-6981
cisco -- unified_presence_server SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. 2013-12-31 6.5 CVE-2013-6983
cloudbees -- jenkins Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. 2013-12-31 4.3 CVE-2013-5573
cybozu -- garoon Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. 2013-12-27 5.8 CVE-2013-6006
cybozu -- garoon SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. 2013-12-27 6.5 CVE-2013-6929
fatfreecrm -- fat_free_crm config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code. 2014-01-02 5.0 CVE-2013-7222
fatfreecrm -- fat_free_crm Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb. 2014-01-02 6.8 CVE-2013-7223
fatfreecrm -- fat_free_crm Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. 2014-01-02 5.0 CVE-2013-7224
fatfreecrm -- fat_free_crm Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature. 2014-01-02 6.5 CVE-2013-7225
fatfreecrm -- fat_free_crm Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224. 2014-01-02 5.0 CVE-2013-7249
hot -- hotbox_router The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. 2013-12-29 5.8 CVE-2013-5038
hot -- hotbox_router Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. 2013-12-29 5.4 CVE-2013-5039
hot -- hotbox_router goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. 2013-12-29 6.1 CVE-2013-5220
hp -- service_manager Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. 2013-12-28 5.2 CVE-2013-6197
hp -- service_manager Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-12-28 4.3 CVE-2013-6198
jforum -- jforum Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action. 2013-12-30 6.8 CVE-2013-7209
joomla -- joomla! Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 2013-12-28 4.3 CVE-2013-5583
matrix42 -- service_store Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string. 2013-12-28 4.3 CVE-2013-2504
microsoft -- windows_movie_maker Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. 2013-12-29 4.3 CVE-2013-4858
mislav_marohnic -- will_paginate Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. 2013-12-31 4.3 CVE-2013-6459
nextdc -- onedc The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2013-12-27 5.8 CVE-2013-6812
novell -- identity_manager_roles_based_provisioning_module Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. 2013-12-27 4.3 CVE-2013-1096
ntp -- ntp The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. 2014-01-02 5.0 CVE-2013-5211
op5 -- monitor monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config. 2013-12-31 4.0 CVE-2012-0263
openssl -- openssl The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. 2014-01-01 5.8 CVE-2013-6450
projectforge -- projectforge Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2) web/core/, (3) web/dialog/, (4) web/fibu/, (5) web/mobile/, (6) web/task/, or (7) web/wicket/. 2014-01-02 6.8 CVE-2013-7251
ubnt -- unifi Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. 2013-12-31 4.3 CVE-2013-3572
wordpress -- wordpress Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. 2013-12-29 6.8 CVE-2013-7233
zend -- zendto Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. 2013-12-27 4.3 CVE-2013-6808
zenphoto -- zenphoto Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI. 2013-12-31 4.3 CVE-2013-7241
zenphoto -- zenphoto SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter. 2013-12-31 6.5 CVE-2013-7242

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
emc -- watch4net EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. 2013-12-27 2.1 CVE-2013-6181
esri -- arcgis Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2013-12-29 3.5 CVE-2013-5222
esri -- arcgis Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. 2013-12-29 3.5 CVE-2013-7231
hot -- hotbox_router The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. 2013-12-29 3.3 CVE-2013-5037
hot -- hotbox_router Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. 2013-12-29 2.9 CVE-2013-5218
hot -- hotbox_router Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd. 2013-12-29 3.3 CVE-2013-5219
projectforge -- projectforge Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message. 2014-01-02 3.5 CVE-2011-5269
projectforge -- projectforge Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java. 2014-01-02 3.5 CVE-2013-7250

Back to top

 

Vulnerability Summary for the Week of October 24, 2022
Posted on Tuesday November 01, 2022

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
10web -- form_maker The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 2022-10-25 7.2 CVE-2022-3300
CONFIRM
adenion -- blog2social The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers 2022-10-25 8.8 CVE-2022-3246
CONFIRM
adobe -- illustrator
 
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-25 7.8 CVE-2022-38435
MISC
adobe-- illustrator
 
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-25 7.8 CVE-2022-38436
MISC
advantech -- r-seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. 2022-10-27 9.8 CVE-2022-3385
MISC
advantech -- r-seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. 2022-10-27 9.8 CVE-2022-3386
MISC
apache -- batik A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. 2022-10-25 7.5 CVE-2022-41704
MISC
MLIST
MLIST
DEBIAN
apache -- batik A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. 2022-10-25 7.5 CVE-2022-42890
MISC
MLIST
MLIST
DEBIAN
apache -- flume Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. 2022-10-26 9.8 CVE-2022-42468
CONFIRM
CONFIRM
CONFIRM
apache -- heron Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. 2022-10-24 9.8 CVE-2021-42010
MISC
MLIST
apache -- iotdb Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. 2022-10-26 7.5 CVE-2022-43766
CONFIRM
apache -- linkis In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0. 2022-10-26 8.8 CVE-2022-39944
CONFIRM
arm -- midguard_gpu_kernel_driver An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory. 2022-10-25 8.8 CVE-2022-38181
MISC
MISC
autodesk -- autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-41309
MISC
autodesk -- autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-41310
MISC
autodesk -- autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42933
MISC
autodesk -- autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42934
MISC
autodesk -- autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42935
MISC
autodesk -- autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42936
MISC
autodesk -- autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42937
MISC
autodesk -- autocad_plant_3d A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42938
MISC
autodesk -- autocad_plant_3d A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42939
MISC
autodesk -- autocad_plant_3d A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42940
MISC
autodesk -- autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42941
MISC
autodesk -- autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42942
MISC
autodesk -- autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42943
MISC
autodesk -- autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42944
MISC
automox -- automox The Automox Agent before 40 on Windows incorrectly sets permissions on key files. 2022-10-21 7.8 CVE-2022-36122
MISC
MISC
axiosys -- bento4 A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3662
MISC
MISC
MISC
axiosys -- bento4 A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004. 2022-10-26 7.8 CVE-2022-3664
MISC
MISC
MISC
axiosys -- bento4 A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3665
MISC
MISC
MISC
axiosys -- bento4 A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3666
MISC
MISC
MISC
axiosys -- bento4 A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3670
MISC
MISC
MISC
axiosys -- bento4 A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007. 2022-10-26 7.5 CVE-2022-3667
MISC
MISC
MISC
baramundi -- management_suite baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2. 2022-10-26 9.8 CVE-2022-43747
MISC
barangay_management_system_project -- barangay_management_system Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. 2022-10-28 7.2 CVE-2022-43228
MISC
bestwebsoft -- post_to_csv The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection 2022-10-25 9.8 CVE-2022-3393
CONFIRM
broadcom -- fabric_operating_system Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. 2022-10-25 8.8 CVE-2022-28169
MISC
broadcom -- fabric_operating_system A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. 2022-10-25 8.8 CVE-2022-33179
MISC
broadcom -- fabric_operating_system A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. 2022-10-25 8.8 CVE-2022-33183
MISC
broadcom -- fabric_operating_system A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. 2022-10-25 7.8 CVE-2022-33182
MISC
broadcom -- fabric_operating_system A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. 2022-10-25 7.8 CVE-2022-33184
MISC
broadcom -- fabric_operating_system Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. 2022-10-25 7.8 CVE-2022-33185
MISC
broadcom -- fabric_operating_system A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. 2022-10-25 7.2 CVE-2022-33178
MISC
canteen_management_system_project -- canteen_management_system Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-28 7.2 CVE-2022-43231
MISC
canteen_management_system_project -- canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. 2022-10-28 7.2 CVE-2022-43232
MISC
canteen_management_system_project -- canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. 2022-10-28 7.2 CVE-2022-43233
MISC
canteen_management_system_project -- canteen_management_system Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-28 7.2 CVE-2022-43275
MISC
canteen_management_system_project -- canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. 2022-10-28 7.2 CVE-2022-43276
MISC
cert -- vince A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed. 2022-10-26 8.8 CVE-2022-40238
MISC
cleantalk -- spam_protection\,_antispam\,_firewall The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin 2022-10-25 7.2 CVE-2022-3302
CONFIRM
dataease -- dataease Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue. 2022-10-25 9.8 CVE-2022-39312
MISC
MISC
MISC
CONFIRM
dell -- emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. 2022-10-21 7.5 CVE-2022-34439
CONFIRM
dell -- powerstoreos Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. 2022-10-21 9.8 CVE-2022-26870
CONFIRM
deltaww -- diaenergie The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. 2022-10-26 9.8 CVE-2022-43774
MISC
deltaww -- diaenergie The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. 2022-10-26 9.8 CVE-2022-43775
MISC
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 2022-10-27 8.8 CVE-2022-40967
MISC
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 2022-10-27 8.8 CVE-2022-41133
MISC
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 2022-10-27 8.8 CVE-2022-41773
MISC
discourse -- patreon Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. 2022-10-26 9.8 CVE-2022-39355
MISC
CONFIRM
dlink -- dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. 2022-10-26 9.8 CVE-2022-42998
MISC
MISC
dlink -- dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. 2022-10-26 9.8 CVE-2022-43000
MISC
MISC
dlink -- dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. 2022-10-26 9.8 CVE-2022-43001
MISC
MISC
dlink -- dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. 2022-10-26 9.8 CVE-2022-43002
MISC
MISC
dlink -- dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. 2022-10-26 9.8 CVE-2022-43003
MISC
MISC
dlink -- dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. 2022-10-26 7.5 CVE-2022-42999
MISC
MISC
elearning_system_project -- elearning_system A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. 2022-10-26 9.8 CVE-2022-3671
N/A
N/A
employee_record_management_system_project -- employee_record_management_system Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. 2022-10-28 9.8 CVE-2021-37782
MISC
MISC
evm_project -- evm SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds. 2022-10-25 7.5 CVE-2022-39354
MISC
CONFIRM
exiv2 -- exiv2 A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348. 2022-10-27 9.8 CVE-2022-3717
MISC
MISC
exiv2 -- exiv2 A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability. 2022-10-27 9.8 CVE-2022-3719
MISC
MISC
MISC
extended_keccak_code_package_project -- extended_keccak_code_package The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. 2022-10-21 9.8 CVE-2022-37454
MISC
MISC
MISC
MISC
f5 -- nginx A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability. 2022-10-21 7.5 CVE-2022-3638
N/A
N/A
N/A
featherjs -- feathers-sequelize Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. 2022-10-26 9.8 CVE-2022-2422
CONFIRM
CONFIRM
featherjs -- feathers-sequelize Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection 2022-10-26 9.8 CVE-2022-29822
CONFIRM
CONFIRM
featherjs -- feathers-sequelize Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. 2022-10-26 9.8 CVE-2022-29823
CONFIRM
CONFIRM
free5gc -- free5gc Free5gc v3.2.1 is vulnerable to Information disclosure. 2022-10-25 7.5 CVE-2022-38870
MISC
gin-vue-admin_project -- gin-vue-admin Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. 2022-10-24 9.8 CVE-2022-39305
MISC
CONFIRM
gin-vue-admin_project -- gin-vue-admin Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. 2022-10-25 7.5 CVE-2022-39345
CONFIRM
MISC
MISC
MISC
github -- runner GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered in versions prior to 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4 that allows an input to escape the environment variable and modify that docker command invocation directly. Jobs that use container actions, job containers, or service containers alongside untrusted user inputs in environment variables may be vulnerable. The Actions Runner has been patched, both on `github.com` and hotfixes for GHES and GHAE customers in versions 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. GHES and GHAE customers may want to patch their instance in order to have their runners automatically upgrade to these new runner versions. As a workaround, users may consider removing any container actions, job containers, or service containers from their jobs until they are able to upgrade their runner versions. 2022-10-25 9.9 CVE-2022-39321
MISC
MISC
CONFIRM
gnu -- libtasn1 GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. 2022-10-24 9.1 CVE-2021-46848
MISC
MISC
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z. 2022-10-25 10 CVE-2022-33192
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z. 2022-10-25 10 CVE-2022-33193
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`. 2022-10-25 10 CVE-2022-33194
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`. 2022-10-25 10 CVE-2022-33195
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33204
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33205
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33206
MISC
goabode -- iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33207
MISC
goabode -- iota_all-in-one_security_kit_firmware An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-27804
MISC
goabode -- iota_all-in-one_security_kit_firmware An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-27805
MISC
goabode -- iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29472
MISC
goabode -- iota_all-in-one_security_kit_firmware An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29477
MISC
goabode -- iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29520
MISC
goabode -- iota_all-in-one_security_kit_firmware A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29889
MISC
goabode -- iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-30541
MISC
goabode -- iota_all-in-one_security_kit_firmware A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-32454
MISC
goabode -- iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-32773
MISC
goabode -- iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-33189
MISC
goabode -- iota_all-in-one_security_kit_firmware A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-33938
MISC
goabode -- iota_all-in-one_security_kit_firmware A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-35244
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35874
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35875
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35876
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35877
MISC
goabode -- iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-10-25 8.8 CVE-2022-30603
MISC
goabode -- iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-10-25 8.8 CVE-2022-32586
MISC
goabode -- iota_all-in-one_security_kit_firmware An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-10-25 8.8 CVE-2022-32775
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. 2022-10-25 8.8 CVE-2022-35878
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. 2022-10-25 8.8 CVE-2022-35879
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. 2022-10-25 8.8 CVE-2022-35880
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. 2022-10-25 8.8 CVE-2022-35881
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35884
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35885
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35886
MISC
goabode -- iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35887
MISC
goabode -- iota_all-in-one_security_kit_firmware An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-10-25 8.1 CVE-2022-29475
MISC
goabode -- iota_all-in-one_security_kit_firmware A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 7.5 CVE-2022-32760
MISC
gradle -- enterprise A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. 2022-10-21 7.5 CVE-2022-41575
MISC
MISC
hospital_management_system_project -- hospital_management_system Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. 2022-10-28 8.8 CVE-2021-35387
MISC
MISC
iij -- iij_smartkey Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. 2022-10-24 7.5 CVE-2022-41986
MISC
MISC
jflyfox -- jfinal_cms JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list 2022-10-26 8.8 CVE-2022-37202
MISC
MISC
jupyter -- jupyter_core Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. 2022-10-26 8.8 CVE-2022-39286
MISC
CONFIRM
kadencewp -- kadence_woocommerce_email_designer The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 2022-10-25 7.2 CVE-2022-3335
CONFIRM
kartverket -- github-workflows kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the context of the workflow. Users should upgrade to at least version 2.7.5 to resolve the issue. As a workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build. 2022-10-25 8.8 CVE-2022-39326
CONFIRM
MISC
MISC
keystonejs -- keystone @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field. 2022-10-25 9.8 CVE-2022-39322
CONFIRM
MISC
lannerinc -- iac-ast2500_firmware Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. 2022-10-24 8.1 CVE-2021-4228
MISC
lannerinc -- iac-ast2500a_firmware Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26727
MISC
MISC
lannerinc -- iac-ast2500a_firmware Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26728
MISC
MISC
lannerinc -- iac-ast2500a_firmware Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26729
MISC
MISC
lannerinc -- iac-ast2500a_firmware A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26730
MISC
MISC
lannerinc -- iac-ast2500a_firmware Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26731
MISC
MISC
lannerinc -- iac-ast2500a_firmware Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-46279
MISC
MISC
lannerinc -- iac-ast2500a_firmware A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 7.5 CVE-2021-26733
MISC
MISC
lannerinc -- iac-ast2500a_firmware A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 7.5 CVE-2021-44467
MISC
MISC
lannerinc -- iac-ast2500a_firmware An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 7.5 CVE-2021-44769
MISC
MISC
libexpat_project -- libexpat In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. 2022-10-24 7.5 CVE-2022-43680
MISC
MISC
MISC
MLIST
DEBIAN
linux -- linux_kernel A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. 2022-10-21 9.8 CVE-2022-3649
N/A
N/A
linux -- linux_kernel A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. 2022-10-21 8.8 CVE-2022-3640
MISC
MISC
linux -- linux_kernel A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. 2022-10-21 7.8 CVE-2022-3625
N/A
N/A
linux -- linux_kernel A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935. 2022-10-21 7.8 CVE-2022-3636
N/A
N/A
linux -- linux_kernel drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. 2022-10-26 7.8 CVE-2022-43750
MISC
MISC
MISC
MISC
linux -- linux_kernel A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. 2022-10-21 7 CVE-2022-3635
N/A
N/A
litespeedtech -- openlitespeed Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. 2022-10-27 8.8 CVE-2022-0073
MISC
MISC
litespeedtech -- openlitespeed Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. 2022-10-27 8.8 CVE-2022-0074
MISC
metabase -- metabase Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries. 2022-10-26 8.8 CVE-2022-39361
CONFIRM
metabase -- metabase Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want. 2022-10-26 8.8 CVE-2022-39362
MISC
CONFIRM
microsoft -- azure_command-line_interface Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability. 2022-10-25 9.8 CVE-2022-39327
CONFIRM
MISC
MISC
mitel -- micollab A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. 2022-10-25 8.8 CVE-2022-36451
MISC
MISC
mitel -- micollab A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. 2022-10-25 8.8 CVE-2022-36453
MISC
MISC
octopus -- octopus_server In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. 2022-10-27 9.1 CVE-2022-2782
MISC
online_medicine_ordering_system_project -- online_medicine_ordering_system A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. 2022-10-27 9.8 CVE-2022-3714
MISC
online_pet_shop_we_app_project -- online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. 2022-10-27 7.2 CVE-2022-39977
MISC
online_pet_shop_we_app_project -- online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. 2022-10-27 7.2 CVE-2022-39978
MISC
open-xchange -- ox_app_suite documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. 2022-10-25 9.8 CVE-2022-29851
MISC
openfga -- openfga OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue. 2022-10-25 9.8 CVE-2022-39341
CONFIRM
MISC
MISC
openfga -- openfga OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other than a direct relationship (e.g. ‘as self’) are vulnerable. Version 0.2.4 contains a patch for this issue. 2022-10-25 9.8 CVE-2022-39342
CONFIRM
MISC
MISC
opensuse -- factory A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. 2022-10-26 7.8 CVE-2022-31256
CONFIRM
oxilab -- accordions Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. 2022-10-21 7.2 CVE-2022-38104
CONFIRM
CONFIRM
parseplatform -- parse-server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds. 2022-10-24 7.5 CVE-2022-39313
CONFIRM
pikepdf_project -- pikepdf pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing. 2022-10-24 9.8 CVE-2021-46849
MISC
MISC
redis -- redis A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. 2022-10-21 7.5 CVE-2022-3647
N/A
N/A
robustel -- r1510_firmware An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-32765
MISC
robustel -- r1510_firmware An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-33150
MISC
robustel -- r1510_firmware A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 9.1 CVE-2022-33897
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35261
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_xml_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35262
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35263
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_aaa_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35264
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_nodejs_app/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35265
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_firmware/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35266
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35267
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35268
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35269
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35270
MISC
robustel -- r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35271
MISC
robustel -- r1510_firmware An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 7.2 CVE-2022-34850
MISC
sanitization_management_system_project -- sanitization_management_system A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. 2022-10-26 9.8 CVE-2022-3674
N/A
school_activity_updates_with_sms_notification_project -- school_activity_updates_with_sms_notification School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. 2022-10-27 9.8 CVE-2022-39976
MISC
sem-cms -- semcms SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. 2022-10-28 9.8 CVE-2021-38217
MISC
sem-cms -- semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. 2022-10-28 9.8 CVE-2021-38729
MISC
MISC
sem-cms -- semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. 2022-10-28 9.8 CVE-2021-38730
MISC
MISC
sem-cms -- semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. 2022-10-28 9.8 CVE-2021-38731
MISC
MISC
sem-cms -- semcms SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. 2022-10-28 9.8 CVE-2021-38732
MISC
MISC
sem-cms -- semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. 2022-10-28 9.8 CVE-2021-38733
MISC
MISC
sem-cms -- semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. 2022-10-28 9.8 CVE-2021-38734
MISC
MISC
sem-cms -- semcms SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. 2022-10-28 9.8 CVE-2021-38736
MISC
MISC
sem-cms -- semcms SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. 2022-10-28 9.8 CVE-2021-38737
MISC
MISC
shescape_project -- shescape The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. 2022-10-27 7.5 CVE-2022-25918
MISC
MISC
MISC
MISC
siemens -- siveillance_video_mobile_server A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. 2022-10-21 9.8 CVE-2022-43400
MISC
simple_cold_storage_management_system_project -- simple_cold_storage_managment_system Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. 2022-10-28 7.2 CVE-2022-43229
MISC
simple_cold_storage_management_system_project -- simple_cold_storage_managment_system Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. 2022-10-28 7.2 CVE-2022-43230
MISC
socket -- socket.io-parser Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. 2022-10-26 9.8 CVE-2022-2421
CONFIRM
CONFIRM
soflyy -- wp_all_export The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well. 2022-10-25 8.8 CVE-2022-3395
CONFIRM
soflyy -- wp_all_export The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. 2022-10-25 7.2 CVE-2022-3394
CONFIRM
softmotions -- iowow IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch. 2022-10-21 7.5 CVE-2022-23462
CONFIRM
MISC
sony -- content_transfer Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2022-10-24 7.8 CVE-2022-41796
MISC
MISC
st -- stm32_mw_usb_host A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. 2022-10-21 9.8 CVE-2021-42553
CONFIRM
synology -- diskstation_manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. 2022-10-25 9.1 CVE-2022-27623
CONFIRM
synology -- presto_file_server Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. 2022-10-26 8.8 CVE-2022-43749
CONFIRM
synology -- presto_file_server Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. 2022-10-26 7.5 CVE-2022-43748
CONFIRM
tenda -- ax1803_firmware Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. 2022-10-27 7.5 CVE-2022-40874
MISC
tenda -- ax1803_firmware Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. 2022-10-27 7.5 CVE-2022-40875
MISC
uatech -- badaso Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. 2022-10-25 9.8 CVE-2022-41711
MISC
MISC
vestacp -- control_panel myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint. 2022-10-24 7.2 CVE-2021-46850
MISC
MISC
MISC
MISC
MISC
vim -- vim A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. 2022-10-26 7.5 CVE-2022-3705
MISC
MISC
webmin -- usermin Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. 2022-10-25 8.8 CVE-2022-35132
MISC
MISC
wintercms -- winter Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts. 2022-10-26 9.8 CVE-2022-39357
MISC
MISC
MISC
CONFIRM
MISC
yokogawa -- wtviewerefree Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. 2022-10-24 9.8 CVE-2022-40984
MISC
MISC
yordam -- library_automation_system Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. 2022-10-27 7.5 CVE-2021-45475
CONFIRM
zalando -- skipper Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). 2022-10-25 9.8 CVE-2022-38580
MISC
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adenion -- blog2social The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks 2022-10-25 6.5 CVE-2022-3247
CONFIRM
adminpad_project -- adminpad The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack 2022-10-25 6.5 CVE-2022-2762
MISC
advantech -- r-seenet Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. 2022-10-27 5.3 CVE-2022-3387
MISC
algosec -- fireflow AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user. 2022-10-25 5.4 CVE-2022-36783
MISC
alivecor -- kardia CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. 2022-10-26 6.1 CVE-2022-40703
MISC
apache -- geode Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. 2022-10-25 5.4 CVE-2022-34870
MISC
MLIST
axiosys -- bento4 A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003. 2022-10-26 5.5 CVE-2022-3663
MISC
MISC
MISC
axiosys -- bento4 A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008. 2022-10-26 5.5 CVE-2022-3668
MISC
MISC
MISC
axiosys -- bento4 A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. 2022-10-26 5.5 CVE-2022-3669
MISC
MISC
MISC
bookstackapp -- bookstack Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. 2022-10-24 5.4 CVE-2022-40690
MISC
MISC
MISC
bricksbuilder -- bricks The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. 2022-10-28 6.5 CVE-2022-3400
MISC
MISC
broadcom -- fabric_operating_system Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. 2022-10-25 6.5 CVE-2022-28170
MISC
broadcom -- fabric_operating_system A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. 2022-10-25 5.5 CVE-2022-33180
MISC
broadcom -- fabric_operating_system An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. 2022-10-25 5.5 CVE-2022-33181
MISC
cisco -- identity_services_engine A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2022-10-26 5.4 CVE-2022-20959
CISCO
dell -- emc_isilon_onefs The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. 2022-10-21 4.3 CVE-2020-5355
CONFIRM
dell -- emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. 2022-10-21 6.7 CVE-2022-34437
CONFIRM
dell -- emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. 2022-10-21 6.7 CVE-2022-34438
CONFIRM
dell -- emc_powerscale_onefs Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. 2022-10-21 4.4 CVE-2022-31239
CONFIRM
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. 2022-10-27 5.4 CVE-2022-40965
MISC
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. 2022-10-27 5.4 CVE-2022-41555
MISC
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. 2022-10-27 5.4 CVE-2022-41651
MISC
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. 2022-10-27 5.4 CVE-2022-41701
MISC
deltaww -- diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. 2022-10-27 5.4 CVE-2022-41702
MISC
eclipse -- openj9 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. 2022-10-24 6.5 CVE-2022-3676
CONFIRM
CONFIRM
CONFIRM
employee_record_management_system_project -- employee_record_management_system Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. 2022-10-28 5.4 CVE-2021-37781
MISC
MISC
esri -- arcgis_server There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. 2022-10-25 6.1 CVE-2022-38195
CONFIRM
esri -- arcgis_server There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. 2022-10-25 6.1 CVE-2022-38198
CONFIRM
esri -- arcgis_server A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet. 2022-10-25 6.1 CVE-2022-38199
CONFIRM
exiv2 -- exiv2 A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability. 2022-10-27 6.5 CVE-2022-3718
MISC
MISC
MISC
expresstech -- quiz_and_survey_master Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. 2022-10-28 5.4 CVE-2021-36863
CONFIRM
CONFIRM
fluxcd -- source-controller Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation. 2022-10-22 4.3 CVE-2022-39272
CONFIRM
MISC
free5gc -- free5gc In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. 2022-10-24 5.5 CVE-2022-43677
MISC
genivi -- diagnostic_log_and_trace An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. 2022-10-25 5.5 CVE-2022-39836
MISC
MISC
genivi -- diagnostic_log_and_trace An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, 2022-10-25 5.5 CVE-2022-39837
MISC
MISC
getkirby -- kirby Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. 2022-10-25 5.3 CVE-2022-39315
CONFIRM
MISC
MISC
MISC
MISC
gitlab -- gitlab An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. 2022-10-28 4.9 CVE-2022-3018
MISC
CONFIRM
gitlab -- gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. 2022-10-28 4.3 CVE-2022-2882
MISC
MISC
CONFIRM
goabode -- iota_all-in-one_security_kit_firmware A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-10-25 6.5 CVE-2022-32574
MISC
google -- bazel A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3. 2022-10-26 4.3 CVE-2022-3474
CONFIRM
hospital_management_system_project -- hospital_management_system Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. 2022-10-28 5.4 CVE-2021-35388
MISC
MISC
ipfire -- ipfire Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script. 2022-10-24 4.8 CVE-2022-36368
MISC
MISC
MISC
MISC
jadx_project -- jadx jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds. 2022-10-21 5.5 CVE-2022-39259
CONFIRM
joomla -- joomla\! An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. 2022-10-25 6.1 CVE-2022-27913
MISC
joomla -- joomla\! An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. 2022-10-25 5.3 CVE-2022-27912
MISC
juiker -- juiker Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it. 2022-10-24 6.1 CVE-2022-38117
MISC
lannerinc -- iac-ast2500a_firmware A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 5.3 CVE-2021-26732
MISC
MISC
lannerinc -- iac-ast2500a_firmware A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 5.3 CVE-2021-44776
MISC
MISC
lannerinc -- iac-ast2500a_firmware Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 5.3 CVE-2021-45925
MISC
MISC
laubrotel -- lbstopattack The LBStopAttack WordPress plugin through 1.1.2 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. 2022-10-25 6.5 CVE-2022-3097
MISC
lemon8_project -- lemon8 Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 2022-10-24 6.5 CVE-2022-41797
MISC
MISC
MISC
linux -- linux_kernel A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). 2022-10-25 5.5 CVE-2022-3344
MISC
MISC
linux -- linux_kernel A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931. 2022-10-21 5.5 CVE-2022-3630
N/A
N/A
linux -- linux_kernel A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959. 2022-10-21 5.5 CVE-2022-3642
MISC
MISC
linux -- linux_kernel A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. 2022-10-21 5.3 CVE-2022-3646
N/A
N/A
litespeedtech -- openlitespeed Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 2022-10-27 5.8 CVE-2022-0072
MISC
MISC
metabase -- metabase Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6. 2022-10-26 6.5 CVE-2022-39358
CONFIRM
metabase -- metabase Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default). 2022-10-26 6.5 CVE-2022-39359
CONFIRM
MISC
metabase -- metabase Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login. 2022-10-26 6.5 CVE-2022-39360
MISC
CONFIRM
metabase -- metabase The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. 2022-10-26 6.5 CVE-2022-43776
MISC
mitel -- micollab A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. 2022-10-25 6.5 CVE-2022-36454
MISC
MISC
octopus -- octopus_server In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. 2022-10-27 5.3 CVE-2022-2508
MISC
online_medicine_ordering_system_project -- online_medicine_ordering_system A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. 2022-10-27 5.4 CVE-2022-3716
MISC
open-xchange -- ox_app_suite OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. 2022-10-25 6.1 CVE-2022-31468
MISC
openfga -- openfga OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. 2022-10-25 5.3 CVE-2022-39340
CONFIRM
MISC
MISC
owasp -- dependency-track Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage. 2022-10-25 4.4 CVE-2022-39351
MISC
CONFIRM
MISC
owasp -- dependency-track_frontend @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown's output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability's page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1. 2022-10-25 5.4 CVE-2022-39350
CONFIRM
MISC
MISC
paessler -- prtg_network_monitor PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability. 2022-10-25 5.3 CVE-2022-35739
MISC
MISC
password_storage_application_project -- password_storage_application Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. 2022-10-27 5.4 CVE-2022-42993
MISC
MISC
MISC
pulpproject -- pulp_ansible The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. 2022-10-25 5.5 CVE-2022-3644
MISC
retain -- retain_live_chat The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-25 4.8 CVE-2022-3391
CONFIRM
rubyonrails -- rails A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. 2022-10-26 5.4 CVE-2022-3704
MISC
MISC
MISC
rukovoditel -- rukovoditel A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". 2022-10-28 5.4 CVE-2022-43164
MISC
rukovoditel -- rukovoditel A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". 2022-10-28 5.4 CVE-2022-43165
MISC
rukovoditel -- rukovoditel A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". 2022-10-28 5.4 CVE-2022-43166
MISC
sanitization_management_system_project -- sanitization_management_system A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015. 2022-10-26 6.1 CVE-2022-3672
N/A
sanitization_management_system_project -- sanitization_management_system A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016. 2022-10-26 6.1 CVE-2022-3673
N/A
sem-cms -- semcms SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. 2022-10-28 6.1 CVE-2021-38728
MISC
MISC
simple_online_public_access_catalog_project -- simple_online_public_access_catalog A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field. 2022-10-27 5.4 CVE-2022-42991
MISC
MISC
MISC
softr -- softr Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-10-27 6.1 CVE-2022-32407
MISC
MISC
synology -- diskstation_manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. 2022-10-25 4.3 CVE-2022-27622
CONFIRM
tasks -- tasks The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds. 2022-10-25 5.5 CVE-2022-39349
CONFIRM
MISC
tech-banker -- contact_bank The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-25 4.8 CVE-2022-3350
MISC
tenable -- nessus An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance. 2022-10-25 6.5 CVE-2022-33757
MISC
themepoints -- testimonials Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. 2022-10-28 4.8 CVE-2021-36858
CONFIRM
CONFIRM
train_scheduler_app_project -- train_scheduler_app Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. 2022-10-27 5.4 CVE-2022-42992
MISC
MISC
MISC
twistedmatrix -- twisted Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. 2022-10-26 5.4 CVE-2022-39348
MISC
CONFIRM
MISC
weseek -- growi Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users. 2022-10-24 6.5 CVE-2022-41799
MISC
MISC
wp_humans.txt_project -- wp_humans.txt The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-25 4.8 CVE-2022-3392
CONFIRM
yordam -- library_automation_system Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. 2022-10-27 6.1 CVE-2021-45476
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
getkirby -- kirby Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms. 2022-10-24 3.7 CVE-2022-39314
CONFIRM
linux -- linux_kernel A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928. 2022-10-21 3.3 CVE-2022-3624
N/A
N/A
linux -- linux_kernel A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. 2022-10-21 3.3 CVE-2022-3629
N/A
N/A
linux -- linux_kernel A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. 2022-10-21 3.3 CVE-2022-3633
MISC
MISC
robustel -- r1510_firmware A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 2.7 CVE-2022-34845
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alivecor -- kardiamobile The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves. 2022-10-27 not yet calculated CVE-2022-41627
MISC

ansible -- ansible

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. 2022-10-28 not yet calculated CVE-2022-3697
MISC
apache -- dolphinscheduler Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. 2022-10-28 not yet calculated CVE-2022-26884
MISC
MLIST
aruba -- edgeconnect_enterprise_orchestrator Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 2022-10-28 not yet calculated CVE-2022-37913
MISC
aruba -- edgeconnect_enterprise_orchestrator Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 2022-10-28 not yet calculated CVE-2022-37914
MISC
aruba -- edgeconnect_enterprise_orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. 2022-10-28 not yet calculated CVE-2022-37915
MISC
bosch -- videojet_multi_4000 An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. 2022-10-27 not yet calculated CVE-2022-40183
CONFIRM
bosch -- videojet_multi_4000 Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. 2022-10-27 not yet calculated CVE-2022-40184
CONFIRM

chatwoot -- chatwoot

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. 2022-10-28 not yet calculated CVE-2022-3741
CONFIRM
MISC
cisco -- anyconnect A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability. 2022-10-26 not yet calculated CVE-2022-20933
CISCO
cisco -- identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability. 2022-10-26 not yet calculated CVE-2022-20822
CISCO
cisco -- telepresence_and_roomos Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-10-26 not yet calculated CVE-2022-20776
CISCO

cisco -- telepresence_and_roomos

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-10-26 not yet calculated CVE-2022-20811
CISCO
cisco -- telepresence_and_roomos Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-10-26 not yet calculated CVE-2022-20953
CISCO
cisco -- telepresence_and_roomos Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-10-26 not yet calculated CVE-2022-20954
CISCO
cisco -- telepresence_and_roomos Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-10-26 not yet calculated CVE-2022-20955
CISCO

cloudflare -- octorpki

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. 2022-10-28 not yet calculated CVE-2022-3616
MISC

cloudflare -- warp_client

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint. 2022-10-28 not yet calculated CVE-2022-3512
MISC
cloudflare -- warp_mobile_client It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. 2022-10-28 not yet calculated CVE-2022-3337
MISC
cloudflare -- zero_trust_platform It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. 2022-10-28 not yet calculated CVE-2022-3320
MISC

cloudflare -- zero_trust_platform

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. 2022-10-28 not yet calculated CVE-2022-3321
MISC

cloudflare -- zero_trust_platform

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. 2022-10-28 not yet calculated CVE-2022-3322
MISC
curl -- curl curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. 2022-10-29 not yet calculated CVE-2022-42915
MISC
FEDORA
curl -- curl In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. 2022-10-29 not yet calculated CVE-2022-42916
MISC
FEDORA
datahub -- datahub DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. 2022-10-28 not yet calculated CVE-2022-39366
MISC
MISC
MISC
CONFIRM
MISC
dzzoffice -- dzzoffice A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. 2022-10-27 not yet calculated CVE-2022-43340
MISC
MISC
MISC

eaton -- foreseer_epms

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . 2022-10-28 not yet calculated CVE-2022-33859
MISC
esri -- arcgis_server Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. 2022-10-25 not yet calculated CVE-2022-38196
CONFIRM
esri -- arcgis_server Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. 2022-10-25 not yet calculated CVE-2022-38197
CONFIRM
esri -- arcgis_server A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser. 2022-10-25 not yet calculated CVE-2022-38200
CONFIRM
exiv2 -- exiv2 A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. 2022-10-29 not yet calculated CVE-2022-3755
MISC
MISC
MISC
exiv2 -- exiv2 A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. 2022-10-29 not yet calculated CVE-2022-3756
MISC
MISC
exiv2 -- exiv2 A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. 2022-10-29 not yet calculated CVE-2022-3757
MISC
MISC
MISC
forgerock -- access_management It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. 2022-10-27 not yet calculated CVE-2022-24669
MISC
MISC
forgerock -- access_management An attacker can use the unrestricted LDAP queries to determine configuration entries 2022-10-27 not yet calculated CVE-2022-24670
MISC
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO 2022-10-28 not yet calculated CVE-2022-2826
CONFIRM
MISC
MISC
gl-inet -- multiple_products gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. 2022-10-27 not yet calculated CVE-2022-31898
MISC
gl.inet_goodcloud_iot_device_management_system -- gl.inet_goodcloud_iot_device_management_system Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. 2022-10-27 not yet calculated CVE-2022-42054
MISC
gl.inet_goodcloud_iot_device_management_system -- gl.inet_goodcloud_iot_device_management_system Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. 2022-10-27 not yet calculated CVE-2022-42055
MISC

google -- multiple_products

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue. 2022-10-27 not yet calculated CVE-2022-3095
CONFIRM
haas -- haas_cnc_controller Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. 2022-10-28 not yet calculated CVE-2022-41636
MISC
haas_automation_inc -- haas_controller Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. 2022-10-28 not yet calculated CVE-2022-2474
MISC
haas_automation_inc -- haas_controller Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. 2022-10-28 not yet calculated CVE-2022-2475
MISC
heidenhain -- controller_tnc_640 The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. 2022-10-28 not yet calculated CVE-2022-41648
MISC

honeywell -- experion_pks

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. 2022-10-28 not yet calculated CVE-2021-38395
CONFIRM
CONFIRM

honeywell -- experion_pks

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. 2022-10-28 not yet calculated CVE-2021-38397
CONFIRM
CONFIRM

honeywell -- experion_pks

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. 2022-10-28 not yet calculated CVE-2021-38399
CONFIRM
CONFIRM

horner_automation -- cscape

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write. 2022-10-27 not yet calculated CVE-2022-3378
MISC
horner_automation -- cscape Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer. 2022-10-27 not yet calculated CVE-2022-3379
MISC

host_engineering -- h0-ecom100

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. 2022-10-28 not yet calculated CVE-2022-3228
MISC

iku-soft -- rdiffweb

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. 2022-10-26 not yet calculated CVE-2022-3363
CONFIRM
MISC
ip-com_ew9 -- ip-com_ew9 An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. 2022-10-27 not yet calculated CVE-2022-43364
MISC
ip-com_ew9 -- ip-com_ew9 IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 2022-10-27 not yet calculated CVE-2022-43365
MISC
ip-com_ew9 -- ip-com_ew9 IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. 2022-10-27 not yet calculated CVE-2022-43366
MISC
ip-com_ew9 -- ip-com_ew9 IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. 2022-10-27 not yet calculated CVE-2022-43367
MISC
johnson_controls -- cevas All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. 2022-10-28 not yet calculated CVE-2021-36206
CERT
CONFIRM
mitel -- micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. 2022-10-25 not yet calculated CVE-2022-36452
MISC
MISC
multipath-tools -- multipath-tools multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. 2022-10-29 not yet calculated CVE-2022-41973
MISC
MISC
MISC
FULLDISC
multipath-tools -- multipath-tools multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. 2022-10-29 not yet calculated CVE-2022-41974
MISC
MISC
MISC
FULLDISC
multiple_products -- multiple_products In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). 2022-10-27 not yet calculated CVE-2022-40876
MISC
MISC
nextcloud -- server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. 2022-10-27 not yet calculated CVE-2022-39329
MISC
CONFIRM
MISC
nextcloud -- server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app. 2022-10-27 not yet calculated CVE-2022-39330
MISC
CONFIRM
MISC
nextcloud -- server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. 2022-10-27 not yet calculated CVE-2022-39364
MISC
CONFIRM
MISC
MISC
nginx_njs -- nginx_njs Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. 2022-10-28 not yet calculated CVE-2022-43284
MISC
MISC
nginx_njs -- nginx_njs Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. 2022-10-28 not yet calculated CVE-2022-43285
MISC
nginx_njs -- nginx_njs Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. 2022-10-28 not yet calculated CVE-2022-43286
MISC
MISC
openbmc -- bmcweb A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. 2022-10-27 not yet calculated CVE-2022-2809
CONFIRM

openbmc -- openbmc

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. 2022-10-27 not yet calculated CVE-2022-3409
CONFIRM

opennebula -- opennebula

Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. 2022-10-28 not yet calculated CVE-2022-37424
MISC

opennebula -- opennebula

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. 2022-10-28 not yet calculated CVE-2022-37425
MISC

opennebula -- opennebula

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. 2022-10-28 not yet calculated CVE-2022-37426
MISC
packet_storm -- hashicorp_boundary Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. 2022-10-27 not yet calculated CVE-2022-36182
MISC
MISC

phpmyfaq -- phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 2022-10-29 not yet calculated CVE-2022-3754
MISC
CONFIRM

pimcore -- pimcore

Pimc