Monthly Archive: August 2012

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. Date published : 2012-08-26 http://telechargements.pluxml.org/changelog http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. Date published : 2012-08-26 http://code.google.com/p/tunnelblick/issues/detail?id=212 http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. Date published : 2012-08-26 http://code.google.com/p/tunnelblick/issues/detail?id=212 http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html

Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system...

Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges...

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. Date published : 2012-08-26 http://code.google.com/p/tunnelblick/issues/detail?id=212 http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html

Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the...

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter. Date published : 2012-08-26...

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. Date...

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. Date published : 2012-08-26 http://elixir.ematia.de/trac/ticket/119...

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files...

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Date published : 2012-08-26 http://www.securityfocus.com/bid/53031 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778

Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter. Date published : 2012-08-26...

Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body...