Monthly Archive: January 2013

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. Date...

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. Date published : 2013-01-02 http://www.opera.com/docs/changelogs/unified/1210/ http://www.opera.com/support/kb/view/1030/

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service. Date...

Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. Date published : 2013-01-02...

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. Date published :...

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file...

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name. Date...

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php. Date published : 2013-01-02...

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. Date published :...

The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. Date published...

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote...

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file...

Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. Date published : 2013-01-02 http://www.securityfocus.com/bid/56993 http://drupal.org/SA-CORE-2012-004

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. Date published : 2013-01-02 http://www.securityfocus.com/bid/56993 http://drupal.org/SA-CORE-2012-004