CVE-2012-4457

OpenStack Keystone (Essex) before 2012.1.2 and (Folsom) before folsom-3 has a flaw in token authorization for disabled tenants, enabling remote authenticated users to obtain a token for a disabled tenant and access its resources. Root cause: improper handling of authorization tokens for disabled ...

CVE-2012-5316

Multiple cross-site scripting XSS vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via 1 Troubleshooting in the Trace route Device module or 2 LDAP Username in the LDAP Configuration modul...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action...

Design/Logic Flaw

Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users user 0 via unspecified vectors...

CVE-2012-0987

ImpressCMS vulnerability CVE-2012-0987 is a directory traversal flaw in edituser.php. Affected products: ImpressCMS 1.2.x prior to 1.2.7 Final and 1.3.x prior to 1.3.1 Final. Root cause: icmsConfigPlugins[sanitizer_plugins][] parameter can be manipulated to include arbitrary local files via direc...

CVE-2012-4065

Vulnerability summary (CVE-2012-4065): Eucalyptus

Cross site scripting

Cross-site scripting XSS vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors...

cumin: CSRF flaw

Multiple cross-site request forgery CSRF vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors...

cumin: allows for editing internal Condor job attributes

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...

cumin: DoS via large image requests

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...

CVE-2012-4401

Summary: CVE-2012-4401 affects Moodle core (Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2). The issue lets remote authenticated users bypass intended capability restrictions and modify topics by exploiting course-editing capabilities. What’s affected: Moodle course editing functionality; speci...

CVE-2012-4413

CVE-2012-4413 affects OpenStack Keystone before 2012.1.3. The vulnerability occurs because Keystone does not invalidate existing tokens when roles are granted or revoked, allowing remote authenticated users to retain privileges associated with revoked roles. The issue has been acknowledged in mul...

CVE-2012-3895

Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service device crash via an MVPNv6 update, aka Bug ID CSCty89224...

Code injection

Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service device crash via an MVPNv6 update, aka Bug ID CSCty89224...

CVE-2012-3924

Cisco IOS SSL VPN DTLS implementation (15.1/15.2) contains a DoS by mis-handling certain outbound ACL configurations, enabling an authenticated remote user to crash the device via a PPPoA session (Bug ID CSCty97961). Exploitation involves SSL VPN traffic terminating over PPPoA; Cisco has released...

module): XXE by applying XSL stylesheet to the document

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

PYSEC-2012-10

security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group...

CVE-2012-0727

SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to execute arbitrary S...

CVE-2012-1580

Cross-site request forgery CSRF vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files...