Energy.gov

Pidgin is prone to a stack-based buffer-overflow vulnerability.

Several vulnerabilities were reported in WordPress. A remote authenticated user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information.

A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system.

Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS).

Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password.

The 'public_html/lists/admin' pages do not properly validate user-supplied input in the 'sortby' parameter [CVE-2012-2740]. A remote authenticated administrative user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Users Gain Elevated Privileges

Some vulnerabilities have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.