Bulletin (SB12-058)
Vulnerability Summary for the Week of February 20, 2012
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
High Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
7t -- termis |
Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224. | 2012-02-22 | 9.3 | CVE-2012-0223 |
7t -- aquis |
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223. | 2012-02-21 | 9.3 | CVE-2012-0224 |
advantech -- adam_opc_server |
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. | 2012-02-21 | 10.0 | CVE-2011-1914 |
advantech -- advantech_webaccess |
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. | 2012-02-21 | 7.5 | CVE-2011-4521 |
advantech -- advantech_webaccess |
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. | 2012-02-21 | 10.0 | CVE-2011-4524 |
advantech -- advantech_webaccess |
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. | 2012-02-21 | 10.0 | CVE-2011-4525 |
advantech -- advantech_webaccess |
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. | 2012-02-21 | 10.0 | CVE-2011-4526 |
advantech -- advantech_webaccess |
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. | 2012-02-21 | 7.5 | CVE-2012-0234 |
advantech -- advantech_webaccess |
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. | 2012-02-21 | 10.0 | CVE-2012-0238 |
advantech -- advantech_webaccess |
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | 2012-02-21 | 10.0 | CVE-2012-0240 |
advantech -- advantech_webaccess |
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | 2012-02-21 | 10.0 | CVE-2012-0242 |
advantech -- advantech_webaccess |
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. | 2012-02-21 | 10.0 | CVE-2012-0243 |
advantech -- advantech_webaccess |
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | 2012-02-21 | 7.5 | CVE-2012-0244 |
alanft -- relocate-upload |
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | 2012-02-24 | 7.5 | CVE-2012-1205 |
cisco -- small_business_srp520-u_series_firmware |
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871. | 2012-02-24 | 9.0 | CVE-2012-0363 |
cisco -- small_business_srp520-u_series_firmware |
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. | 2012-02-24 | 7.8 | CVE-2012-0364 |
cisco -- small_business_srp520-u_series_firmware |
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. | 2012-02-24 | 9.0 | CVE-2012-0365 |
contimex -- impulsio_cms |
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 2012-02-23 | 7.5 | CVE-2012-1294 |
dolibarr -- dolibarr |
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. | 2012-02-21 | 7.5 | CVE-2012-1225 |
dolibarr -- dolibarr |
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. | 2012-02-21 | 7.5 | CVE-2012-1226 |
estsoft -- alftp |
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file. | 2012-02-22 | 9.3 | CVE-2012-0315 |
freelancerkit -- freelancerkit |
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components. | 2012-02-21 | 7.5 | CVE-2012-1218 |
hancom -- hancom_office_2010_se |
Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow. | 2012-02-24 | 9.3 | CVE-2012-1206 |
lepton-cms -- lepton |
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. | 2012-02-24 | 7.5 | CVE-2012-0998 |
lepton-cms -- lepton |
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter. | 2012-02-24 | 7.5 | CVE-2012-0999 |
novell -- iprint |
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. | 2012-02-21 | 10.0 | CVE-2011-4185 |
novell -- iprint |
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. | 2012-02-21 | 9.3 | CVE-2011-4186 |
novell -- iprint |
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. | 2012-02-21 | 10.0 | CVE-2011-4187 |
powie -- pfile |
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2012-02-24 | 7.5 | CVE-2012-1210 |
rabidhamster -- r2/extreme |
Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. | 2012-02-21 | 8.5 | CVE-2012-1222 |
samba -- samba |
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion. | 2012-02-23 | 7.9 | CVE-2012-0870 |
utc -- utc_fire_&_security_ge-mc100-ntp/gps-zb_master_clock_device |
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. | 2012-02-23 | 10.0 | CVE-2012-1288 |
Back to top |
Medium Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
11in1 -- 11in1 |
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. | 2012-02-24 | 5.0 | CVE-2012-0996 |
11in1 -- 11in1 |
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action. | 2012-02-24 | 6.8 | CVE-2012-0997 |
advantech -- advantech_webaccess |
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2012-02-21 | 4.3 | CVE-2011-4522 |
advantech -- advantech_webaccess |
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2012-02-21 | 4.3 | CVE-2011-4523 |
advantech -- advantech_webaccess |
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | 2012-02-21 | 4.3 | CVE-2012-0233 |
advantech -- advantech_webaccess |
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2012-02-21 | 6.0 | CVE-2012-0235 |
advantech -- advantech_webaccess |
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." | 2012-02-21 | 5.0 | CVE-2012-0236 |
advantech -- advantech_webaccess |
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | 2012-02-21 | 6.4 | CVE-2012-0237 |
advantech -- advantech_webaccess |
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | 2012-02-21 | 5.0 | CVE-2012-0239 |
advantech -- advantech_webaccess |
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | 2012-02-21 | 5.0 | CVE-2012-0241 |
advantech -- advantech_webaccess |
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | 2012-02-21 | 6.5 | CVE-2012-1234 |
advantech -- advantech_webaccess |
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | 2012-02-21 | 6.0 | CVE-2012-1235 |
boonex -- dolphin |
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. | 2012-02-23 | 4.3 | CVE-2012-0873 |
contentlion -- contentlion_alpha |
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 2012-02-21 | 4.3 | CVE-2012-1224 |
cubecart -- cubecart |
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. | 2012-02-21 | 5.8 | CVE-2012-0865 |
devincentiis -- gazie |
Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password. | 2012-02-21 | 6.8 | CVE-2012-1220 |
easyvista -- easyvista |
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | 2012-02-22 | 5.0 | CVE-2012-1256 |
fork-cms -- fork_cms |
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php. | 2012-02-24 | 5.0 | CVE-2012-1207 |
fork-cms -- fork_cms |
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. | 2012-02-24 | 4.3 | CVE-2012-1208 |
fork-cms -- fork_cms |
Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | 2012-02-24 | 4.3 | CVE-2012-1209 |
freelancerkit -- freelancerkit |
Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title parameter to notes.php, or (3) task parameter to todo.php. NOTE: some of these details are obtained from third party information. | 2012-02-21 | 4.3 | CVE-2012-1219 |
ibm -- soliddb |
The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery. | 2012-02-21 | 4.0 | CVE-2011-4890 |
ibm -- soliddb |
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition. | 2012-02-21 | 4.0 | CVE-2012-0200 |
ibm -- websphere_application_server |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section. | 2012-02-23 | 4.3 | CVE-2012-0707 |
john_koleszar -- libvpx |
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks". | 2012-02-23 | 5.0 | CVE-2012-0823 |
lepton-cms -- lepton |
Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php. | 2012-02-24 | 4.3 | CVE-2012-1000 |
mozilla -- bugzilla |
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. | 2012-02-24 | 6.8 | CVE-2012-0453 |
pbboard -- pbboard |
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via an add action or (2) change the contents of a file via a dit action. | 2012-02-21 | 6.8 | CVE-2012-1216 |
pluck-cms -- pluck |
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. | 2012-02-21 | 6.8 | CVE-2012-1227 |
powie -- pfile |
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | 2012-02-24 | 4.3 | CVE-2012-1211 |
rabidhamster -- r2/ |
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command. | 2012-02-21 | 5.0 | CVE-2012-1221 |
rabidhamster -- r2/extreme |
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | 2012-02-21 | 5.0 | CVE-2012-1223 |
sap -- netweaver |
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. | 2012-02-23 | 4.0 | CVE-2012-1289 |
sap -- netweaver |
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. | 2012-02-23 | 4.3 | CVE-2012-1290 |
sap -- netweaver |
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | 2012-02-23 | 5.0 | CVE-2012-1291 |
sap -- netweaver |
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | 2012-02-23 | 5.0 | CVE-2012-1292 |
simhl -- sths_v2_web_portal |
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php. | 2012-02-21 | 4.3 | CVE-2012-1217 |
smwplus -- smw+ |
Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information. | 2012-02-24 | 4.3 | CVE-2012-1212 |
symantec -- altiris_client_management_suite_pcanywhere_solution |
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. | 2012-02-22 | 5.0 | CVE-2012-0291 |
yoono -- yoono_desktop |
Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. | 2012-02-21 | 4.3 | CVE-2012-1214 |
yoono -- yoono_for_firefox |
Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. | 2012-02-21 | 4.3 | CVE-2012-1215 |
zenphoto -- zenphoto |
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie. | 2012-02-21 | 6.8 | CVE-2012-0993 |
zenphoto -- zenphoto |
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter. | 2012-02-21 | 6.0 | CVE-2012-0994 |
zenphoto -- zenphoto |
Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php. | 2012-02-21 | 4.3 | CVE-2012-0995 |
zimbra -- zimbra |
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client allows remote attackers to inject arbitrary web script or HTML via the view parameter. | 2012-02-24 | 4.3 | CVE-2012-1213 |
Back to top |
There were no low vulnerabilities recorded this week.
This product is provided subject to this Notification and this Privacy & Use policy.