Monthly Archive: October 2012

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element’s menu active, which allows remote attackers to spoof...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause...

The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. Date published : 2012-10-10 http://www.securityfocus.com/bid/55756 https://bugzilla.redhat.com/show_bug.cgi?id=849256

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Date published : 2012-10-10...

Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. Date published : 2012-10-10 http://www.securityfocus.com/bid/55842 http://archives.neohapsis.com/archives/bugtraq/2012-10/0036.html

Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the theme parameter. Date published : 2012-10-09 http://www.limny.org/releases/limny-3.0.2.7z http://www.autosectools.com/Advisories/Limny.3.0.0_Local.File.Inclusion_99.html

Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter. Date published : 2012-10-09 http://www.securityfocus.com/bid/51258 http://packetstormsecurity.org/files/108145/graphicclone-xss.txt

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." Date published : 2012-10-09 http://status.openathens.net/adv.php...

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." Date published : 2012-10-09...

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418. Date published : 2012-10-09...

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. Date...

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl...

SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. Date published : 2012-10-09 http://www.securityfocus.com/bid/51314 http://www.exploit-db.com/exploits/18335