Weekly Vulnerabilities Reports > June 18 to 24, 2012
Overview
53 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 87 products from 31 vendors including IBM, Cisco, Rubyonrails, Dell, and Qemu. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Input Validation", "SQL Injection", and "Resource Management Errors".
- 44 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 49 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 17 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-22 | CVE-2012-0187 | IBM | Unspecified vulnerability in IBM Lotus Expeditor Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 9.3 |
2012-06-21 | CVE-2012-1616 | Argyllcms Color | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file. | 9.3 |
2012-06-20 | CVE-2012-2493 | Cisco Microsoft Apple Linux | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. | 9.3 |
2012-06-20 | CVE-2012-2175 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Inotes Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument. | 9.3 |
2012-06-20 | CVE-2012-2174 | IBM | Code Injection vulnerability in IBM Lotus Notes The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. | 9.3 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-22 | CVE-2012-2695 | Rubyonrails | SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. | 7.5 |
2012-06-21 | CVE-2012-3791 | CMS Center | SQL Injection vulnerability in Cms-Center Simple web Content Management System 1.1 Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php. | 7.5 |
2012-06-21 | CVE-2012-2718 | Drupal ID Drupal | SQL Injection vulnerability in Drupal-Id Counter Module 6.0 SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | 7.5 |
2012-06-19 | CVE-2009-0695 | Dell | Improper Authentication vulnerability in Dell Wyse Device Manager 4.7.0/4.7.1/4.7.2 hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. | 7.5 |
2012-06-19 | CVE-2009-0693 | Dell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dell Wyse Device Manager 4.7.0/4.7.1/4.7.2 Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. | 7.5 |
2012-06-18 | CVE-2011-3671 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. | 7.5 |
2012-06-20 | CVE-2012-3063 | Cisco | Race Condition vulnerability in Cisco Application Control Engine Software Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058. | 7.1 |
2012-06-19 | CVE-2012-3006 | Innominate | Cryptographic Issues vulnerability in Innominate Mguard Firmware The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value. | 7.1 |
35 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-22 | CVE-2012-2179 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.3/6.1/7.1 libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 6.9 |
2012-06-22 | CVE-2012-0304 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Liveupdate Administrator Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
2012-06-19 | CVE-2012-2753 | Checkpoint | Unspecified vulnerability in Checkpoint products Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 6.9 |
2012-06-21 | CVE-2012-2716 | David Stosik Drupal | Cross-Site Request Forgery (CSRF) vulnerability in David Stosik Comment Moderation 6.X1.0/6.X1.Xdev Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments. | 6.8 |
2012-06-20 | CVE-2012-2496 | Cisco | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client 3.0 A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. | 6.8 |
2012-06-22 | CVE-2012-2171 | IBM | SQL Injection vulnerability in IBM products SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. | 6.5 |
2012-06-22 | CVE-2012-2660 | Rubyonrails | Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails and Ruby ON Rails actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694. | 6.4 |
2012-06-21 | CVE-2012-0219 | Dest Unreach | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dest-Unreach Socat Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. | 6.2 |
2012-06-21 | CVE-2011-2709 | Umich | Permissions, Privileges, and Access Controls vulnerability in Umich Libgssapi and Libgssglue libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs. | 6.2 |
2012-06-20 | CVE-2012-2159 | IBM | Improper Input Validation vulnerability in IBM Security Appscan Source and Spss Data Collection Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2012-06-22 | CVE-2012-2661 | Rubyonrails | SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695. | 5.0 |
2012-06-22 | CVE-2012-0191 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Expeditor The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. | 5.0 |
2012-06-20 | CVE-2012-2173 | IBM | Credentials Management vulnerability in IBM Security Appscan Source The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2012-06-19 | CVE-2012-3588 | Wordpress | Path Traversal vulnerability in Wordpress Plugin Newsletter Plugin 1.5 Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2012-06-19 | CVE-2012-0950 | Canonical | Information Exposure vulnerability in Canonical Ubuntu Linux 11.04/11.10/12.04 The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. | 5.0 |
2012-06-20 | CVE-2012-2192 | IBM | Resource Management Errors vulnerability in IBM AIX and Vios The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | 4.9 |
2012-06-22 | CVE-2012-2694 | Rubyonrails | Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails and Ruby ON Rails actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660. | 4.3 |
2012-06-22 | CVE-2012-2172 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter. | 4.3 |
2012-06-22 | CVE-2012-0186 | IBM | Path Traversal vulnerability in IBM Lotus Expeditor Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL. | 4.3 |
2012-06-21 | CVE-2012-2654 | Openstack | Improper Input Validation vulnerability in Openstack Compute, Diablo and Essex The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions. | 4.3 |
2012-06-21 | CVE-2011-0011 | Qemu | Improper Authentication vulnerability in Qemu qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. | 4.3 |
2012-06-20 | CVE-2012-2495 | Cisco | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Desktop The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. | 4.3 |
2012-06-20 | CVE-2012-2494 | Cisco | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. | 4.3 |
2012-06-20 | CVE-2012-3790 | Adiscon | Cross-Site Scripting vulnerability in Adiscon Loganalyzer Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action. | 4.3 |
2012-06-20 | CVE-2012-2180 | IBM | Multiple Security vulnerability in IBM DB2 The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. | 4.3 |
2012-06-20 | CVE-2012-2170 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. | 4.3 |
2012-06-20 | CVE-2012-2161 | IBM | Cross-Site Scripting vulnerability in IBM Security Appscan Source and Spss Data Collection Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2012-06-20 | CVE-2012-0720 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2012-06-20 | CVE-2012-0716 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-06-19 | CVE-2012-2638 | Wap2 | Cross-Site Scripting vulnerability in Wap2 Smallpict Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-06-19 | CVE-2012-2637 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web web Patio 4.04 Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. | 4.3 |
2012-06-19 | CVE-2012-2636 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web web Patio Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-06-20 | CVE-2011-5095 | Openssl | Cryptographic Issues vulnerability in Openssl 0.9.8 The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923. | 4.0 |
2012-06-20 | CVE-2011-1923 | Polarssl | Cryptographic Issues vulnerability in Polarssl The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095. | 4.0 |
2012-06-19 | CVE-2012-3553 | Digium | SCCP Skinny Channel Driver Denial of Service vulnerability in Asterisk chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-20 | CVE-2012-0717 | IBM | Improper Authentication vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | 2.6 |
2012-06-19 | CVE-2012-3587 | Debian | Improper Input Validation vulnerability in Debian Advanced Package Tool APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. | 2.6 |
2012-06-19 | CVE-2012-0954 | Debian | Improper Input Validation vulnerability in Debian Advanced Package Tool APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. | 2.6 |
2012-06-21 | CVE-2012-2389 | W1 FI | Permissions, Privileges, and Access Controls vulnerability in W1.Fi Hostapd 0.7.3 hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. | 2.1 |
2012-06-21 | CVE-2011-2527 | Qemu | Permissions, Privileges, and Access Controls vulnerability in Qemu The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. | 2.1 |