The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." TA12-010A 1026493 51296 MS12-001 47356 oval:org.mitre.oval:def:14758 openSUSE-SU-2012:0917 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-020 "By default, the Remote Desktop Protocol is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP." TA12-073A MS12-020 oval:org.mitre.oval:def:14623 Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." TA12-010A 1026492 51292 MS12-004 47485 oval:org.mitre.oval:def:14337 Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." TA12-010A 1026492 51295 MS12-004 47485 oval:org.mitre.oval:def:14832 The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." TA12-010A 1026495 51270 MS12-003 47479 oval:org.mitre.oval:def:14879 The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." TA12-073A MS12-017 oval:org.mitre.oval:def:15098 The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." TA12-010A 1026499 51291 MS12-007 47516 47483 oval:org.mitre.oval:def:14314 Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021 'An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.' 'The vulnerability could not be exploited remotely or by anonymous users.' TA12-073A MS12-021 oval:org.mitre.oval:def:15081 Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-002 'The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.' TA12-010A MS12-002 1026494 51297 45189 oval:org.mitre.oval:def:14393 Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." MS12-010 oval:org.mitre.oval:def:14835 Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." MS12-010 oval:org.mitre.oval:def:14310 Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." MS12-010 oval:org.mitre.oval:def:14870 Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." TA12-010A 1026497 51284 MS12-005 47480 oval:org.mitre.oval:def:14197 Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." MS12-016 oval:org.mitre.oval:def:13972 Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." MS12-016 oval:org.mitre.oval:def:14513 Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-022 'This is a remote code execution vulnerability.' TA12-073A MS12-022 oval:org.mitre.oval:def:14973 Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." MS12-011 oval:org.mitre.oval:def:14637 Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." TA12-129A 1027042 53328 MS12-031 49113 oval:org.mitre.oval:def:15606 81731 Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. MS12-015 oval:org.mitre.oval:def:14347 Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. MS12-015 oval:org.mitre.oval:def:14965 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. https://issues.apache.org/bugzilla/show_bug.cgi?id=52256 http://svn.apache.org/viewvc?view=revision&revision=1227292 https://bugzilla.redhat.com/show_bug.cgi?id=785065 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://support.apple.com/kb/HT5501 48551 APPLE-SA-2012-09-19-2 http://httpd.apache.org/security/vulnerabilities_22.html SSRT100877 HPSBMU02786 Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. apache-tomcat-parameter-dos(72425) 51447 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html DSA-2401 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-5.html 50863 48791 48790 48213 RHSA-2012:1331 RHSA-2012:0345 HPSBUX02741 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. http://www.videolan.org/security/sa1108.html http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06 vlcmediaplayer-getchunkheader-code-exec(71916) 77975 1026449 47325 MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. http://samiam.org/blog/20111229.html https://bugzilla.redhat.com/show_bug.cgi?id=771428 [oss-security] 20120103 CVE request: maradns hash table collision cpu dos [oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. libfpx-freeallmemory-code-exec(71892) http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=31&Itemid=31 77958 http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip 18256 47322 47246 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0287. Reason: This candidate is a duplicate of CVE-2012-0287. Notes: All CVE users should reference CVE-2012-0287 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. http://www.openssl.org/news/secadv_20120104.txt MDVSA-2012:007 78191 openSUSE-SU-2012:0083 SSRT100877 HPSBMU02786 The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process. https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784a7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8141c7f3e7aee618312fa1c15109e1219de784a7 https://bugzilla.redhat.com/show_bug.cgi?id=771764 [oss-security] 20120508 Re: CVE Request -- kernel: futex: clear robust_list on execve http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28 Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. https://bugzilla.redhat.com/show_bug.cgi?id=772075 qemu-processtxdesc-bo(72656) USN-1339-1 51642 RHSA-2012:0050 50913 48318 47992 47741 47740 RHSA-2012:0370 openSUSE-SU-2012:0207 SUSE-SU-2012:1320 FEDORA-2012-8604 Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. [openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030) https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 nova-security-bypass(72296) USN-1326-1 51370 47543 scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. https://bugzilla.redhat.com/show_bug.cgi?id=773744 51407 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ http://svn.apache.org/viewvc?view=revision&revision=1230065 http://support.apple.com/kb/HT5501 48551 47410 RHSA-2012:0128 HPSBOV02822 SSRT100966 openSUSE-SU-2012:0314 APPLE-SA-2012-09-19-2 SSRT100877 HPSBMU02786 The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. Per http://rhn.redhat.com/errata/RHSA-2013-0192.html "This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements." Per http://rhn.redhat.com/errata/RHSA-2013-0196.html "This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements." https://issues.jboss.org/browse/JBCACHE-1612 https://bugzilla.redhat.com/show_bug.cgi?id=772835 51392 78259 52054 51984 RHSA-2013:0221 RHSA-2013:0197 RHSA-2013:0196 RHSA-2013:0195 RHSA-2013:0193 RHSA-2013:0192 RHSA-2013:0191 RHSA-2012:1072 RHSA-2012:0108 Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' [oss-security] 20120109 CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability [emacs-devel] 20120109 Security flaw in EDE; new release plans USN-1586-1 [cedet-devel] 20120111 CEDET 1.0.1 available online [cedet-devel] 20120109 Security flaw in EDE 50801 47515 47311 [oss-security] 20110109 Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability FEDORA-2012-0494 FEDORA-2012-0462 curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. http://curl.haxx.se/curl-url-sanitize.patch https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238 https://bugzilla.redhat.com/show_bug.cgi?id=773457 http://support.apple.com/kb/HT5281 APPLE-SA-2012-05-09-1 SSRT100877 HPSBMU02786 http://curl.haxx.se/docs/adv_20120124.html Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 openoffice-xml-info-disclosure(74235) 1026837 52681 80307 [oss-security] 20120427 Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) MDVSA-2012:063 MDVSA-2012:062 MDVSA-2012:061 http://www.libreoffice.org/advisories/CVE-2012-0037/ DSA-2438 http://vsecurity.com/resources/advisory/20120324-1/ GLSA-201209-05 50692 48649 48542 48529 48526 48494 48493 48479 RHSA-2012:0411 RHSA-2012:0410 FEDORA-2012-4663 FEDORA-2012-4629 http://librdf.org/raptor/RELEASE.html#rel2_0_7 http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. https://github.com/torvalds/linux/commit/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce https://bugzilla.redhat.com/show_bug.cgi?id=773280 [oss-security] 20120110 Re: CVE request: kernel: xfs heap overflow http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. https://bugzilla.redhat.com/show_bug.cgi?id=772720 [oss-security] 20120110 glib2 hash dos oCert-2011-003 [gtk-devel-list] 20030529 Algorimic Complexity Attack on GLIB 2.2.1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044 Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. simplesamlphp-nocookie-logout-xss(72313) 51372 [oss-security] 20120120 Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting DSA-2387 47534 47491 78254 http://code.google.com/p/simplesamlphp/issues/detail?id=468 The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663 http://anonsvn.wireshark.org/viewvc?view=revision&revision=40164 http://www.wireshark.org/security/wnpa-sec-2012-01.html [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities 48947 RHSA-2013:0125 oval:org.mitre.oval:def:15297 Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634 http://anonsvn.wireshark.org/viewvc?view=revision&revision=40194 http://www.wireshark.org/security/wnpa-sec-2012-02.html 1026507 [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities 48947 RHSA-2013:0125 oval:org.mitre.oval:def:15368 Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391 http://anonsvn.wireshark.org/viewvc?view=revision&revision=40266 http://www.wireshark.org/security/wnpa-sec-2012-03.html 1026508 [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities oval:org.mitre.oval:def:15324 Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. https://github.com/torvalds/linux/commit/a5cd335165e31db9dbab636fd29895d41da55dd2 https://bugzilla.redhat.com/show_bug.cgi?id=772894 USN-1556-1 USN-1555-1 51371 [oss-security] 20120111 Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.5 RHSA-2012:0743 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cd335165e31db9dbab636fd29895d41da55dd2 The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file. https://github.com/torvalds/linux/commit/c2226fc9e87ba3da060e47333657cd6616652b84 https://bugzilla.redhat.com/show_bug.cgi?id=773370 [oss-security] 20120111 Re: CVE request -- kernel: kvm: syscall instruction induced guest panic http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.14 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c2226fc9e87ba3da060e47333657cd6616652b84 Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. apache-wicket-unspec-xss(74273) 1026839 http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html 80300 OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. http://vcs.openttd.org/svn/changeset/23764 http://www.tt-forums.net/viewtopic.php?f=33&t=58073&hilit=pause#p989303 [oss-security] 20120113 Re: CVE request for OpenTTD [oss-security] 20120107 CVE request for OpenTTD DSA-2524 http://security.openttd.org/en/CVE-2012-0049 50137 http://bugs.openttd.org/task/4955 OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. 1026548 51563 http://www.openssl.org/news/secadv_20120118.txt MDVSA-2012:011 DSA-2392 48528 47755 47677 47631 78320 HPSBOV02793 SSRT100891 SSRT100747 HPSBUX02737 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. http://svn.apache.org/viewvc?view=revision&revision=1235454 https://bugzilla.redhat.com/show_bug.cgi?id=785069 51706 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://support.apple.com/kb/HT5501 48551 RHSA-2012:0128 openSUSE-SU-2012:0314 APPLE-SA-2012-09-19-2 http://httpd.apache.org/security/vulnerabilities_22.html SSRT100877 HPSBMU02786 libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. 78472 [oss-security] 20120117 CVE-request: golismero symlink vulnerability [oss-security] 20120117 Re: CVE-request: golismero symlink vulnerability http://code.google.com/p/golismero/source/detail?r=2b3bb43d68676efd687361f7de29380189031ab8 The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. https://bugzilla.redhat.com/show_bug.cgi?id=782642 51625 RHSA-2012:0061 RHSA-2012:0052 [oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling [oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling [oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling [oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling USN-1336-1 47708 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc http://blog.zx2c4.com/749 PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. https://bugs.php.net/bug.php?id=54446 php-libxslt-security-bypass(72908) DSA-2399 48668 http://php.net/ChangeLog-5.php#5.3.9 [oss-security] 20120117 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? [oss-security] 20120113 CVE affected for PHP 5.3.9 ? [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? openSUSE-SU-2012:0426 SSRT100877 HPSBMU02786 The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management. https://github.com/torvalds/linux/commit/802f43594d6e4d2ac61086d239153c17873a0428 https://bugzilla.redhat.com/show_bug.cgi?id=782696 1027085 [oss-security] 20120117 Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. openSUSE-SU-2012:0589 openSUSE-SU-2012:0588 https://bugzilla.redhat.com/show_bug.cgi?id=744858 rpm-loadsigverify-code-execution(74582) USN-1695-1 1026882 52865 81010 49110 48716 48651 http://rpm.org/wiki/Releases/4.9.1.3 http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29 http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190 RHSA-2012:0531 RHSA-2012:0451 FEDORA-2012-5421 FEDORA-2012-5420 FEDORA-2012-5298 The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b openSUSE-SU-2012:0589 openSUSE-SU-2012:0588 https://bugzilla.redhat.com/show_bug.cgi?id=798585 rpm-headerload-code-execution(74583) USN-1695-1 1026882 52865 81010 49110 48716 48651 http://rpm.org/wiki/Releases/4.9.1.3 RHSA-2012:0531 RHSA-2012:0451 FEDORA-2012-5421 FEDORA-2012-5420 FEDORA-2012-5298 Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list. [oss-security] 20120119 CVE request: usbmuxd 1.0.7 http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6 https://bugs.gentoo.org/show_bug.cgi?id=399409 usbmuxd-libusbmuxd-bo(72546) 51573 MDVSA-2012:133 47545 [oss-security] 20120119 Re: CVE request: usbmuxd 1.0.7 Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities http://anonsvn.wireshark.org/viewvc?view=revision&revision=40166 http://anonsvn.wireshark.org/viewvc?view=revision&revision=40165 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 http://www.wireshark.org/security/wnpa-sec-2012-01.html [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities 48947 RHSA-2013:0125 oval:org.mitre.oval:def:15111 wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668 http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167 http://www.wireshark.org/security/wnpa-sec-2012-01.html [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities 48947 RHSA-2013:0125 oval:org.mitre.oval:def:15192 The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670 http://www.wireshark.org/security/wnpa-sec-2012-01.html [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities oval:org.mitre.oval:def:15379 http://anonsvn.wireshark.org/viewvc?view=revision&revision=40169 SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter. batavi-ajax-sql-injection(72449) 51547 [oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection [oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php http://voxel.dl.sourceforge.net/project/batavi/README.txt 47582 78362 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors. databaseserver-listener-dos(72469) 1026527 51458 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78419 Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors. ebusiness-forms-cve20120073(72478) 51473 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78439 Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales. peoplesoft-enterprisecrm-cve20120074(72482) 51472 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 47621 78441 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors. mysql-server-cve20120075(72539) 51526 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78374 SUSE-SU-2012:0984 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. peoplesoft-enthcm-info-disc(72484) 51474 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78395 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. fusionmiddleware-weblogic-cve20120077(72477) 51460 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78401 JVNDB-2012-000007 JVN#54779201 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV). ebusiness-aol-info-disc(72479) 51477 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 47628 78399 Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration. sun-opensso-cve20120079(72501) 1026536 51492 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 50084 46646 RHSA-2012:1232 78412 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management. peoplesoft-enterprisehcm-cve20120080(72481) 51466 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. sun-glassfishenterpriseserver-cve20120081(72503) 51485 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78415 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors. databaseserver-corerdbms-cve20120082(72468) 1026527 51453 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search. fusionmiddleware-webcenter-cve20120083(72470) 51451 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. fusionmiddleware-webcenter-cve20120084(72476) 51454 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server. fusionmiddleware-webcenter-cve20120085(72475) 51457 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102. mysql-serveruns-dos(72519) 51509 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78377 SUSE-SU-2012:0984 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Benefits Administration. peoplesoft-enterprisehcm-info-disc(72483) 51480 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78397 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. peoplesoft-enterhcm-info-disc(72485) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance. peoplesoft-eptools-cve20120091(72486) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78402 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. sun-solaris-dos(72495) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78420 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network. sun-solarisunspec-dos(72498) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78422 Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell. sun-solaris-info-disc(72509) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78426 Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel. sun-solarisunknown-dos(72510) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78427 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd. sun-solarisunsp-dos(72506) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78425 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos. sun-solaris-cve20120100(72496) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78421 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102. mysql-serveruns1-dos(72520) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78378 SUSE-SU-2012:0984 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101. mysql-serveruns2-dos(72521) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78379 SUSE-SU-2012:0984 Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel. sun-solarisunspecified-dos(72499) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78423 Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. sun-glassfishenterpriseserver-dos(72497) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78417 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. virtualization-vmvirtualbox-cve20120105(72511) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html GLSA-201204-01 50897 48755 78442 openSUSE-SU-2012:1323 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web. http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. sun-solaris-cve20120109(72504) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html 78424 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK. 51452 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html GLSA-201204-01 50897 48755 openSUSE-SU-2012:1323 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html SUSE-SU-2012:0984 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492. http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392. HPSBMU02746 SSRT100781 Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393. HPSBMU02746 SSRT100781 Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498. SSRT100781 HPSBMU02746 Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. SSRT100781 HPSBMU02746 Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. hpux-wbem-sec-bypass(74391) 52733 48593 HPSBUX02755 SSRT100667 Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125. hpux-wbem-security-bypass(74390) 52734 48593 HPSBUX02755 SSRT100667 Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors. HPSBMU02756 SSRT100596 80657 HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. hpoa-unspecified-open-redirect(74575) 1026889 52862 SSRT100817 HPSBMU02759 HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. hpoa-unspecified-unauth-access(74576) 1026889 52862 HPSBMU02759 SSRT100817 HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. hpoa-unspecified-info-disclosure(74577) 1026889 52862 HPSBMU02759 SSRT100817 Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. hpux-unspec-dce-dos(74800) 1026885 52860 48687 SSRT100774 HPSBUX02758 Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. hp-bac-unspec-xss(74640) 52880 HPSBMU02749 SSRT100793 48677 HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. hpprocurve-flashcards-weak-security(74819) 1026916 HPSBPV02754 SSRT100803 48738 Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors. 1026935 SSRT100828 HPSBOV02765 Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. hp-system-homepage-dos(74917) 1026925 SSRT100827 HPSBMU02764 Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. MS12-015 oval:org.mitre.oval:def:14924 Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. MS12-015 oval:org.mitre.oval:def:14602 Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. MS12-015 oval:org.mitre.oval:def:14811 Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability." TA12-129A MS12-030 1027041 53342 49112 oval:org.mitre.oval:def:15152 Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." TA12-129A 1027041 53373 MS12-030 49112 oval:org.mitre.oval:def:15543 Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." TA12-129A 1027041 53374 MS12-030 49112 oval:org.mitre.oval:def:15064 Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." MS12-011 oval:org.mitre.oval:def:14386 Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." MS12-011 oval:org.mitre.oval:def:14826 Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." MS12-026 ms-forefront-spoofing(74367) 1026909 52903 48787 oval:org.mitre.oval:def:15476 81131 Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." TA12-101A MS12-026 ms-forefront-uag-info-disclosure(74368) 1026909 52909 48787 oval:org.mitre.oval:def:15557 81132 afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-009 'This vulnerability is not exploitable on 32-bit editions of Microsoft Windows.' MS12-009 oval:org.mitre.oval:def:14852 afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." MS12-009 oval:org.mitre.oval:def:14958 Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." MS12-013 oval:org.mitre.oval:def:14631 The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." TA12-101A MS12-024 1026906 48581 oval:org.mitre.oval:def:15594 81135 The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." TA12-073A MS12-020 oval:org.mitre.oval:def:14626 Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." MS12-008 oval:org.mitre.oval:def:14928 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." MS12-010 oval:org.mitre.oval:def:14781 DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." MS12-019 oval:org.mitre.oval:def:14807 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." TA12-073A MS12-018 oval:org.mitre.oval:def:14217 The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." TA12-101A MS12-027 ms-activex-control-code-execution(74372) 1026905 1026904 1026903 1026902 1026900 1026899 52911 oval:org.mitre.oval:def:15462 Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." TA12-164A TA12-129A 1027039 53335 MS12-039 MS12-034 49122 49121 oval:org.mitre.oval:def:15667 oval:org.mitre.oval:def:15388 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." TA12-129A MS12-035 1027036 53356 49117 oval:org.mitre.oval:def:15554 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." TA12-129A 1027036 53357 MS12-035 49117 oval:org.mitre.oval:def:14951 Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." TA12-129A 53358 MS12-034 oval:org.mitre.oval:def:14655 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." TA12-101A MS12-025 ms-dotnet-parameter-code-exec(74377) 1026907 oval:org.mitre.oval:def:15495 Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." 53363 MS12-034 oval:org.mitre.oval:def:15580 GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." TA12-129A 1027038 53347 MS12-034 49121 oval:org.mitre.oval:def:15621 Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." TA12-129A 1027038 53351 MS12-034 49121 oval:org.mitre.oval:def:15628 Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." MS12-023 ie-html-page-code-exec(74379) 1026901 oval:org.mitre.oval:def:15577 81126 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." TA12-101A MS12-023 ms-ie-jscript9-code-exec(74380) 1026901 52902 oval:org.mitre.oval:def:15611 81127 Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." TA12-101A MS12-023 ms-ie-onreadystatechange-code-exec(74381) 1026901 oval:org.mitre.oval:def:15573 81128 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." TA12-101A MS12-023 ms-ie-selectall-code-exec(74382) 1026901 oval:org.mitre.oval:def:15313 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability." TA12-101A MS12-023 ms-ie-vml-code-exec(74383) 1026901 oval:org.mitre.oval:def:15550 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. TA12-164A MS12-036 oval:org.mitre.oval:def:15116 Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." Per http://technet.microsoft.com/en-us/security/bulletin/ms12-032 "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability." "In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. An attacker could then use another vulnerability to acquire information about the target system or execute code on the target system." TA12-129A 1027044 MS12-032 49114 oval:org.mitre.oval:def:15160 81730 The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." TA12-192A MS12-048 oval:org.mitre.oval:def:14897 Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." TA12-129A 1027040 53360 MS12-034 49122 oval:org.mitre.oval:def:15574 Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." TA12-101A MS12-028 1026911 1026910 52867 48723 oval:org.mitre.oval:def:15598 81134 Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." TA12-129A MS12-033 1027043 49115 oval:org.mitre.oval:def:15229 81735 Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." TA12-129A MS12-032 1027044 49114 oval:org.mitre.oval:def:14908 81729 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." TA12-129A 1027039 MS12-034 oval:org.mitre.oval:def:15466 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." TA12-129A MS12-034 1027039 oval:org.mitre.oval:def:15355 Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability." TA12-283A MS12-064 55780 Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." TA12-129A MS12-029 1027035 53344 49111 oval:org.mitre.oval:def:15327 Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." TA12-129A 1027041 53375 MS12-030 49112 oval:org.mitre.oval:def:14789 Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." TA12-129A 1027041 MS12-030 49112 oval:org.mitre.oval:def:14738 Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL. lotusexpeditor-ehelp-dir-traversal(72096) http://www.ibm.com/support/docview.wss?uid=swg21575642 Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' lotusexpeditor-dll-code-execution(72097) http://www.ibm.com/support/docview.wss?uid=swg21575642 Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. spss-mraboutb-activex-code-execution(72118) http://www-01.ibm.com/support/docview.wss?uid=swg21577956 47565 78329 Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document. spss-vsview6-activex-code-execution(72119) http://www.ibm.com/support/docview.wss?uid=swg21577951 47605 Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. spss-wxporthtml-activex-code-execution(72121) http://www-01.ibm.com/support/docview.wss?uid=swg21577956 47565 The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. lotusexpeditor-acm-security-bypass(72156) http://www.ibm.com/support/docview.wss?uid=swg21575642 Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. lotus-symphony-vclmi-bo(72424) 51591 http://www-01.ibm.com/support/docview.wss?uid=swg21578684 47245 78345 IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. http://www-01.ibm.com/support/docview.wss?uid=swg24031821 http://www-01.ibm.com/support/docview.wss?uid=swg21577532 PM53930 78321 The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets. http://aix.software.ibm.com/aix/efixes/security/large_send_advisory.asc aix-tcpstack-dos(72562) 51864 IV14211 IV14210 IV14209 IV13827 IV13820 IV13751 1026640 47865 Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. mam-sclc-xss(72612) http://www.ibm.com/support/docview.wss?uid=swg21584666 IV09198 Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file. tpme-isigisigctl1-bo(73033) http://www.zerodayinitiative.com/advisories/ZDI-12-040/ Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file. tpme-multiple-sql-injection(73034) http://www.zerodayinitiative.com/advisories/ZDI-12-040/ The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition. soliddb-redundant-where-dos(73126) http://www.ibm.com/support/docview.wss?uid=swg27021052 IC81244 Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file. pcom-pcspref-bo(73127) http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws 18539 http://www-01.ibm.com/support/docview.wss?uid=swg21586166 IC81539 http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data. cognos-tm1admsd-bo(73182) http://www-01.ibm.com/support/docview.wss?uid=swg24032166 http://www-01.ibm.com/support/docview.wss?uid=swg24032165 http://www-01.ibm.com/support/docview.wss?uid=swg24032164 http://www-01.ibm.com/support/docview.wss?uid=swg21590314 Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. infosphere-mw-xss(73254) http://www-01.ibm.com/support/docview.wss?uid=swg21623501 Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' Per: http://www-01.ibm.com/support/docview.wss?uid=swg21623501 "CVSS Base Score: 9.3 / CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) a malicious user who has access to a machine with the Import Export Manager installed could execute arbitrary commands in the context of any user who accesses the Import Export Manager application. " infosphere-is-dll-code-execution(73255) http://www-01.ibm.com/support/docview.wss?uid=swg21623501 InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. infosphere-mw-ts-security-bypass(73265) http://www-01.ibm.com/support/docview.wss?uid=swg21623501 common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. http://doc.powerdns.com/powerdns-advisory-2012-01.html https://bugzilla.redhat.com/show_bug.cgi?id=772570 http://doc.powerdns.com/changelog.html The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27 https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b https://bugzilla.redhat.com/show_bug.cgi?id=772867 [oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876 Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh. 1026950 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html DSA-2472 Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. https://bugzilla.redhat.com/show_bug.cgi?id=790877 [horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209) http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155 http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/ debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=797ddc961532eb0aeb46153e3f28c8e9ea0500d2 devscripts-dsc-code-execution(73215) 52029 79319 DSA-2409 USN-1366-1 48039 47955 debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f devscripts-commands-code-execution(73216) 52029 79320 DSA-2409 USN-1366-1 48039 47955 http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03 debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. devscripts-debdiff-code-execution(73217) USN-1593-1 52029 79322 DSA-2409 USN-1366-1 48039 47955 http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03 The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document. https://bugzilla.redhat.com/show_bug.cgi?id=799078 DSA-2468 50549 49040 RHSA-2012:1232 FEDORA-2012-10835 model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. http://hg.tryton.org/trytond/rev/8e64d52ecea4 https://bugs.tryton.org/issue2476 DSA-2444 http://news.tryton.org/2012/03/security-releases-for-all-supported.html The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server. gnulinux-apache2-xss(75211) DSA-2452 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-042 'This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. Systems with AMD or ARM-based CPUs are not affected by this vulnerability.' TA12-164A VU#649219 MS12-042 https://www.illumos.org/issues/2873 https://bugzilla.redhat.com/show_bug.cgi?id=813428 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html DSA-2508 DSA-2501 http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012 http://support.citrix.com/article/CTX133161 http://smartos.org/2012/06/15/smartos-news-3/ FreeBSD-SA-12:04 oval:org.mitre.oval:def:15596 [xen-devel] 20120619 Security vulnerability process, and CVE-2012-0217 [xen-announce] 20120612 Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation NetBSD-SA2012-003 http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/ http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/ Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. [Xen-announce] 20120612 Xen Security Advisory 8 (CVE-2012-0218) - syscall/enter guest DoS DSA-2501 Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. http://www.dest-unreach.org/socat/contrib/socat-secadv3.html 1027064 53510 81969 [oss-security] 20120514 socat security advisory openSUSE-SU-2012:0809 GLSA-201208-01 49746 49105 FEDORA-2012-8328 FEDORA-2012-8274 Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags. ikiwiki-unspecified-xss(75702) 53599 DSA-2474 http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f 49232 49199 81995 http://ikiwiki.info/news/version_3.20120516/ The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02A.pdf 'This vulnerability may be exploitable from a remote machine.' http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02A.pdf Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02.pdf 'This vulnerability may be exploitable from a remote machine' http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-01.pdf Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf wis-unspecified-xss(74549) 48603 80888 SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf wis-unspecified-sql-injection(74550) 48603 Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method. Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01A.pdf 'AFFECTED PRODUCTS All versions of OPC Sytems.NET prior to Version 5.0 are affected.' http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01A.pdf flexgrid-activex-bo(72604) 51601 http://dsecrg.com/pages/vul/show.php?id=406 Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf 48603 The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe. http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-01.pdf http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14767 PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299. http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766 PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401. http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766 Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-03.pdf 52439 http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768 Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf webaccess-stream-code-execution(73281) Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet. http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf http://www.zerodayinitiative.com/advisories/ZDI-12-033/ 52123 48090 20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf integraxor-activex-directory-traversal(74388) 80650 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 1027032 79003 GLSA-201203-09 DSA-2427 http://www.cert.fi/en/reports/2012/vulnerability595210.html USN-1435-1 49068 49063 49043 48259 48247 47926 RHSA-2012:0545 RHSA-2012:0544 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. 1027032 51957 79003 http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 GLSA-201203-09 DSA-2427 http://www.cert.fi/en/reports/2012/vulnerability595210.html USN-1435-1 49068 49063 49043 48259 48247 47926 RHSA-2012:0545 RHSA-2012:0544 Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. VU#551715 https://bugzilla.quagga.net/show_bug.cgi?id=705 48949 RHSA-2012:1259 RHSA-2012:1258 FEDORA-2012-5436 FEDORA-2012-5411 FEDORA-2012-5352 Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. VU#551715 48949 RHSA-2012:1259 RHSA-2012:1258 FEDORA-2012-5436 FEDORA-2012-5411 FEDORA-2012-5352 Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm. http://www.kb.cert.org/vuls/id/MAPG-8Q6JEG VU#400619 plucksitelife-multiple-xss(74805) 52968 48778 Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). VU#551715 48949 RHSA-2012:1259 FEDORA-2012-5436 FEDORA-2012-5411 FEDORA-2012-5352 Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. http://trafficserver.apache.org/downloads https://www.cert.fi/en/reports/2012/vulnerability612884.html 1026847 52696 20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite. http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf 48675 80891 Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the AddFile member. http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf 48675 80891 The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 imagemagick-jpegexif-dos(74657) 1027032 52898 81021 http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 DSA-2462 http://www.cert.fi/en/reports/2012/vulnerability635606.html USN-1435-1 49317 49063 49043 48974 48679 RHSA-2012:0544 openSUSE-SU-2012:0692 The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. 52898 imagemagick-jpegwarninghandler-dos(74658) 1027032 81022 http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 DSA-2462 http://www.cert.fi/en/reports/2012/vulnerability635606.html 49317 49068 49063 48974 RHSA-2012:0545 RHSA-2012:0544 openSUSE-SU-2012:0692 Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file. 1027065 53578 http://support.apple.com/kb/HT5261 APPLE-SA-2012-05-15-1 Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL. ntr-download-bo(72293) ntr-check-bo(72292) ntr-startmodule-bo(72291) 21841 http://secunia.com/secunia_research/2012-1/ 45166 78252 20120111 Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer. ntr-stopmodule-code-exec(72295) 21839 http://secunia.com/secunia_research/2012-2/ 45166 Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. 47041 Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, oreplug, Shuriken Pro4, Shuriken 2007 through 2010, Shuriken Pro4 Corporate Edition, Shuriken CE/2007 through CE/2009 Corporate Edition, Shuriken 2010 Corporate Edition, Rekishimail Sengokubusho no missho, and Bakumatsushishi no missho allows remote attackers to execute arbitrary code via a crafted image file. http://www.justsystems.com/jp/info/js12001.html JVNDB-2012-000035 JVN#09619876 Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. Per: http://www.novell.com/support/kb/doc.php?id=7010769 "Previous versions of GroupWise are likely also vulnerable but are no longer supported." https://bugzilla.novell.com/show_bug.cgi?id=746199 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61 http://www.novell.com/support/kb/doc.php?id=7010769 85426 Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter. https://bugzilla.novell.com/show_bug.cgi?id=740563 https://bugzilla.novell.com/show_bug.cgi?id=702785 1027615 http://www.novell.com/support/kb/doc.php?id=7010368 Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression. adobe-photoshop-unspec-bo(78185) 1027477 55372 http://www.adobe.com/support/security/bulletins/apsb12-20.html http://www.adobe.com/support/security/bulletins/apsb12-11.html http://secunia.com/secunia_research/2012-29/ Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL. http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=49 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=48 19338 19337 48666 http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=50 19336 48666 http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression. 53009 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=41&Itemid=41 48772 Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file. quest-toad-insecure-permissions(75192) 53276 http://secunia.com/secunia_research/2012-13/ 48663 Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=51 83086 19335 48666 http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. 54439 http://secunia.com/secunia_research/2012-24/ FEDORA-2012-16605 FEDORA-2012-16614 FEDORA-2012-16550 http://bugs.dokuwiki.org/index.php?do=details&task_id=2561 Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). http://secunia.com/secunia_research/2012-25/ Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://www.stone-ware.com/swql.jsp?kb=d1960 http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts. http://www.stone-ware.com/swql.jsp?kb=d1960 http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. https://wordpress.org/news/2012/01/wordpress-3-3-1/ 1026542 51237 http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 1027093 51795 Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session." pcanywhere-unauth-access(72996) http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00 51862 Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00 51965 The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00 52094 18493 Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00 52392 Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 1027093 53182 The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 1027093 53184 53183 Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 53396 The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 53444 The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 53442 The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 53443 Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 54136 Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 54135 Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 54134 Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 54133 Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00 1027182 53903 http://www.nessus.org/plugins/index.php?view=single&id=59193 Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_01 54594 Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121010_00 1027648 55748 Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. symantec-gateway-unspec-xss(78031) http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 55138 Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 55137 Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cogentdatahub-unspecified-xss(72305) http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf 51375 http://www.cogentdatahub.com/ReleaseNotes.html 47525 47496 JVNDB-2012-000001 JVN#12983784 CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. cogentdatahub-unspecified-header-injection(72306) http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf 51375 http://www.cogentdatahub.com/ReleaseNotes.html 47525 47496 JVNDB-2012-000002 JVN#63249231 Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://sourceforge.jp/forum/forum.php?forum_id=28119 JVNDB-2012-000004 JVN#36559450 Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://sourceforge.jp/forum/forum.php?forum_id=28119 JVNDB-2012-000005 JVN#64386898 Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed. JVNDB-2012-000008 JVN#65869891 http://glucose.jp/release/19 Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. 51782 47795 JVNDB-2012-000010 JVN#33021167 http://emobile.jp/topics/info20120201_01.html Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' http://www.altools.jp/download.aspx http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118 JVNDB-2012-000011 JVN#85695061 http://jvn.jp/en/jp/JVN85695061/995223/index.html The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. 52189 79643 JVNDB-2012-000014 JVN#25731073 http://cookpad.typepad.jp/help/2012/02/23oshirase.html Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script. http://www.movabletype.org/documentation/appendices/release-notes/513.html http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html 1026738 52138 JVNDB-2012-000015 JVN#70683217 Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262. http://www.movabletype.org/documentation/appendices/release-notes/513.html http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html 1026738 52138 JVNDB-2012-000016 JVN#49836527 The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue. http://www.movabletype.org/documentation/appendices/release-notes/513.html http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html 1026738 52138 JVNDB-2012-000017 JVN#92683325 Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script. http://www.movabletype.org/documentation/appendices/release-notes/513.html http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html 1026738 52138 JVNDB-2012-000018 JVN#20083397 Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application. http://www.kingsoft.jp/support/security/support_news/supportnews_20120229 JVNDB-2012-000019 JVN#31517714 The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. JVNDB-2012-000020 JVN#08871006 Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://squirrelmail.org/plugin_view.php?id=32 JVNDB-2012-000021 JVN#56653852 Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb JVNDB-2012-000022 JVN#14791558 Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb JVNDB-2012-000023 JVN#79950061 The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application. https://play.google.com/store/apps/details?id=jp.r246.twicca http://twicca.r246.jp/notice/ twicca-android-sec-bypass(73951) 52442 JVNDB-2012-000024 JVN#31860555 Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 52447 http://www.redmine.org/versions/42 JVNDB-2012-000025 JVN#93406632 Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. janetter-info-disclosure(74132) 52555 48480 80334 JVNDB-2012-000026 JVN#10745573 http://janetter.net/history.html http://blog.janetter.net/ Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. 1026541 20120118 Cisco Digital Media Manager Privilege Escalation Vulnerability Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs 'Vulnerable Products These vulnerabilities affect all three variants (Control, Expressway, and Starter Pack Express) of Cisco TelePresence Video Communication Server.' 20120229 Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs 'Vulnerable Products These vulnerabilities affect all three variants (Control, Expressway, and Starter Pack Express) of Cisco TelePresence Video Communication Server.' 20120229 Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. 1027012 http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. 1027008 53558 http://www.cisco.com/web/software/280775065/89203/ASA-843-Interim-Release-Notes.html 49139 SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/7_1/english/release_notes/mp71rn.html Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. https://supportforums.cisco.com/thread/2030226 1027005 http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXH_rebuilds.html Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. 1027005 http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/caveats_SXF_rebuilds.html Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. Additional information can be found at: http://www.secureworks.com/research/advisories/SWRX-2012-001/ http://www.secureworks.com/research/advisories/SWRX-2012-001/ http://tools.cisco.com/security/center/viewAlert.x?alertId=25045 Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991. 20120215 Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441. cisco-udp-dos(74029) 52484 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module 48423 80043 The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) allows remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger a shun event, aka Bug ID CSCtw35765. 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module 48423 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634. 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module 48423 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8), 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.2) and the Firewall Services Module (FWSM) 3.1 and 3.2 before 3.2(23) and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 series devices, when multicast routing is enabled, allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367. 20120314 Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module 48423 Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165. VU#339177 20120314 Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cius 'Vulnerable Products The following products are affected by the vulnerability detailed in this advisory: * Cius Wifi devices running Cius Software Version 9.2(1) SR1 and prior' 20120229 Cisco Cius Denial of Service Vulnerability The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. 1027013 http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. 1027005 [cisco-nsp] 20120202 Ambiguous ACL The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871. 20120223 Cisco Small Business SRP 500 Series Multiple Vulnerabilities Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. 20120223 Cisco Small Business SRP 500 Series Multiple Vulnerabilities Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. 20120223 Cisco Small Business SRP 500 Series Multiple Vulnerabilities Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. 20120229 Multiple Vulnerabilities in Cisco Unity Connection Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899. 20120229 Multiple Vulnerabilities in Cisco Unity Connection The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997. 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949. 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435. 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854. http://www.cisco.com/web/software/280775065/89203/ASA-843-Interim-Release-Notes.html The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429. ciscoios-ike-packet-dos(74427) 1026863 52757 20120328 Cisco IOS Internet Key Exchange Vulnerability 48607 48605 80700 The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857. ciscoios-msdp-dos(74431) 1026868 52759 20120328 Cisco IOS Software Multicast Source Discovery Protocol Vulnerability 48633 48630 80693 Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326. ciscoios-nat-feature-dos(74432) 1026864 52758 20120328 Cisco IOS Software Network Address Translation Vulnerability 48515 80701 Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. 1026860 52755 20120328 Cisco IOS Software Command Authorization Bypass 48614 80704 The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051. ciscoios-smartinstall-dos(74430) 1026867 52756 20120328 Cisco IOS Software Smart Install Denial of Service Vulnerability 80694 The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064. ciscoios-sshv2-dos(74404) 52752 20120328 Cisco IOS Software Reverse SSH Denial of Service Vulnerability 80695 Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153. ciscoios-inspectionengine-dos(74435) 20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities 80697 Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID CSCtq45553. ciscoios-h323messages-dos(74436) 20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 mailenable-forgottenpassword-xss(72380) 1026519 51401 http://www.nerv.fi/CVE-2012-0389.txt 18447 47562 47518 78242 20120112 ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389 The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. http://www.isg.rhul.ac.uk/~kp/dtls.pdf The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt https://issues.apache.org/jira/browse/WW-3668 18329 http://struts.apache.org/2.x/docs/version-notes-2311.html http://struts.apache.org/2.x/docs/s2-008.html 47393 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt [dailydave] 20120106 Apache Struts 18329 http://struts.apache.org/2.x/docs/version-notes-2311.html http://struts.apache.org/2.x/docs/s2-008.html 47393 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt 18329 http://struts.apache.org/2.x/docs/version-notes-2311.html http://struts.apache.org/2.x/docs/s2-008.html 47393 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt 18329 http://struts.apache.org/2.x/docs/version-notes-2311.html http://struts.apache.org/2.x/docs/s2-008.html 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. 20120126 ESA-2012-005: EMC NetWorker buffer overflow vulnerability EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. emc-documentum-info-disc(72994) 51863 1026639 47920 20120203 ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. 20120305 ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. 20120313 ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 52557 48484 80206 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. envision-weak-security(74140) 52557 48484 80207 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. envision-unspec-sql-injection(74137) 52557 48484 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. envision-default-account(74138) 52557 48484 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. envision-unspec-dir-traversal(74139) 52557 48484 80210 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 20120313 ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. 1026956 20120418 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities 18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. 1026956 20120418 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities 18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. 1027100 53682 20120522 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. https://bugzilla.novell.com/show_bug.cgi?id=712163 1027217 http://www.novell.com/support/kb/doc.php?id=7000708 Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. http://www.novell.com/support/kb/doc.php?id=7008708 Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. http://download.novell.com/Download?buildid=O5hTjIiMdMo~ https://bugzilla.novell.com/show_bug.cgi?id=740041 1027599 http://www.novell.com/support/kb/doc.php?id=7010770 Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. http://download.novell.com/Download?buildid=O5hTjIiMdMo~ https://bugzilla.novell.com/show_bug.cgi?id=752521 55729 http://www.novell.com/support/kb/doc.php?id=7010771 Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. http://download.novell.com/Download?buildid=O5hTjIiMdMo~ https://bugzilla.novell.com/show_bug.cgi?id=756924 https://bugzilla.novell.com/show_bug.cgi?id=756330 http://www.novell.com/support/kb/doc.php?id=7010772 20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419) 20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419) The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. https://bugzilla.novell.com/771335 SUSE-SU-2012:0958 Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. https://bugzilla.novell.com/show_bug.cgi?id=772899 1027911 http://www.novell.com/support/kb/doc.php?id=7011539 http://www.novell.com/support/kb/doc.php?id=3426981 dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. https://bugzilla.novell.com/show_bug.cgi?id=772895 1027912 http://www.novell.com/support/kb/doc.php?id=7011533 http://www.novell.com/support/kb/doc.php?id=3426981 Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. https://bugzilla.novell.com/show_bug.cgi?id=772898 1027910 http://www.novell.com/support/kb/doc.php?id=7011538 http://www.novell.com/support/kb/doc.php?id=3426981 Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. https://bugzilla.novell.com/show_bug.cgi?id=785272 http://www.novell.com/support/kb/doc.php?id=3426981 SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. VU#806908 https://bugzilla.novell.com/show_bug.cgi?id=792712 http://support.novell.com/security/cve/CVE-2012-0435.html SUSE-SU-2013:0053 An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. https://bugzilla.novell.com/show_bug.cgi?id=743674 https://bugzilla.novell.com/show_bug.cgi?id=712144 http://www.zerodayinitiative.com/advisories/ZDI-13-008/ http://www.novell.com/support/kb/doc.php?id=7011688 Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. https://bugzilla.mozilla.org/show_bug.cgi?id=718319 bugzilla-jsonrpc-csrf(72882) 1026623 http://www.bugzilla.org/security/3.4.13/ 47814 The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. https://bugzilla.mozilla.org/show_bug.cgi?id=715073 USN-1540-2 USN-1540-1 53798 http://www.mozilla.org/security/announce/2012/mfsa2012-39.html 50316