Weekly Vulnerabilities Reports > April 18 to 24, 2011

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP.

Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.

The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.

EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.

The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to cause a denial of service (infinite loop) via a malformed search filter.

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality, integrity, and availability, related to Enterprise Infrastructure SEC.

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors.

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.

Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Warehouse Builder User Account.

Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB) and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Dimensional Data Modeling.

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality and integrity, related to Enterprise Infrastructure SEC.

Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.9 GA through 8.98.4.1, and OneWorld Tools through 24.1.3, allows remote attackers to affect integrity and availability, related to Enterprise Infrastructure SEC.

Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Update 2011-B and 9.1 Update 2011-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core.

Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Update 2011-B and 9.1 Update 2011-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - Spain.

Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America.

Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager.

Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Pension Administration.

Unspecified vulnerability in the InForm component in Oracle Industry Applications 4.5, 4.6, and 5.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core.

Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance.

Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance.

Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bundle #19 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Learning Mgmt.

Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bundle #41 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture.

Unspecified vulnerability in the Application Service Level Management component in Oracle Database Server 11.1.0.7 and Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Service Level Agreements.

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.

Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel.

The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation.

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0819.

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0823.

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC.

Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC.

Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors.

Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/SPARC.

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098.

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.

tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters.

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK.

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.

Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.

Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor.

Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive.

Unspecified vulnerability in the Agile Technology Platform component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Security.

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive.

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity, related to UIF Client.

Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13 allows remote attackers to affect integrity via unknown vectors related to Application Portal.

Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors.

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure.

Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export.

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors.

Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/.

Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects.

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search.

Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation.

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search.

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing.

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon crash or hang) via a paged search, as demonstrated by a certain idsldapsearch command, related to an improper ibm-slapdIdleTimeOut configuration setting.

The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID.

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested group that contains the Distinguished Name (DN) of its parent entry.

Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memory consumption) via an empty string argument.

Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consumption) by making many function calls.

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service (DB2 daemon deadlock) by making password changes that trigger updates to a DB2 password-history table.

Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cause a denial of service (memory consumption) by making many function calls.

Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that trigger recursive filter_free calls.

Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA through 8.49.30, 8.50 GA through 8.50.17, and 8.51 GA through 8.51.07 allows remote authenticated users to affect confidentiality via unknown vectors.

Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Authentication.

Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.49 GA through 8.49.30 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing.

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and availability, related to SYSDBA.

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.

Unspecified vulnerability in the PeopleSoft Enterprise component in Oracle PeopleSoft Products 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07 allows remote authenticated users to affect integrity via unknown vectors related to PeopleTools.

Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13, 8.9 Bundle #7, 9.0 Bundle #7, and 9.1 Bundle #4 allows remote authenticated users to affect integrity via unknown vectors related to Application Portal.

Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring.

The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.

The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log.

Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors.

Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.

Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors.

Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.