Weekly Vulnerabilities Reports > July 9 to 15, 2012
Overview
53 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 34 vendors including Microsoft, Cisco, EMC, RSA, and Netsweeper. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "SQL Injection".
- 47 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 45 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-12 | CVE-2012-2653 | Lawrence Berkeley National Laboratory | Security Bypass vulnerability in Lawrence Berkeley National Laboratory Arpwatch 2.1A15 arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. | 10.0 |
2012-07-11 | CVE-2012-2020 | HP | Unspecified vulnerability in HP Operations Agent Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. | 10.0 |
2012-07-11 | CVE-2012-2019 | HP | Unspecified vulnerability in HP Operations Agent Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. | 10.0 |
2012-07-09 | CVE-2012-3859 | Netsweeper | Unspecified vulnerability in Netsweeper Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. | 10.0 |
2012-07-12 | CVE-2012-0911 | Tiki | Deserialization of Untrusted Data vulnerability in Tiki Tikiwiki Cms/Groupware TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. | 9.8 |
2012-07-12 | CVE-2012-3076 | Cisco | OS Command Injection vulnerability in Cisco Telepresence Recording Server The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | 9.0 |
2012-07-12 | CVE-2012-3075 | Cisco | OS Command Injection vulnerability in Cisco products The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | 9.0 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-12 | CVE-2012-3074 | Cisco | OS Command Injection vulnerability in Cisco products An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. | 8.3 |
2012-07-12 | CVE-2012-2486 | Cisco | Code Injection vulnerability in Cisco products The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. | 8.3 |
2012-07-12 | CVE-2012-3073 | Cisco | Unspecified vulnerability in Cisco products The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338. | 7.8 |
2012-07-09 | CVE-2012-2970 | Synel | Resource Management Errors vulnerability in Synel Sy-780/A Time & Attendance Terminal The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735. | 7.8 |
2012-07-09 | CVE-2012-1493 | F5 | Credentials Management vulnerability in F5 products F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | 7.8 |
2012-07-12 | CVE-2012-3998 | Sayakbanerjee | SQL Injection vulnerability in Sayakbanerjee Sticky Notes 0.2.27052012.4/0.2.27052012.5 Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php. | 7.5 |
2012-07-12 | CVE-2012-1162 | NIH | Buffer Errors vulnerability in NIH Libzip 0.10 Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." | 7.5 |
2012-07-12 | CVE-2012-3881 | Adrian Chadd | SQL Injection vulnerability in Adrian Chadd RTG and Rtg2 Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php. | 7.5 |
2012-07-12 | CVE-2012-3399 | Artis Imag | Improper Input Validation vulnerability in Artis.Imag Basilic 1.5.14 Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. | 7.5 |
2012-07-12 | CVE-2012-3376 | Apache | Cryptographic Issues vulnerability in Apache Hadoop 2.0.0 DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. | 7.5 |
2012-07-12 | CVE-2012-2763 | Gimp | Classic Buffer Overflow vulnerability in Gimp Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. | 7.5 |
33 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-10 | CVE-2012-1894 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Office 2011 Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." | 6.9 |
2012-07-10 | CVE-2012-1854 | Microsoft | Unspecified vulnerability in Microsoft products Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. | 6.9 |
2012-07-12 | CVE-2012-3350 | Valarsoft | SQL Injection vulnerability in Valarsoft Webmatic 3.1.1 SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | 6.8 |
2012-07-12 | CVE-2012-2614 | Lattice Semiconductor | Buffer Errors vulnerability in Lattice Semiconductor Lattice Diamond Programmer 1.4.2 Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file. | 6.8 |
2012-07-12 | CVE-2012-3362 | Extplorer | Cross-Site Request Forgery (CSRF) vulnerability in Extplorer 2.0.0/2.1.0 Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action. | 6.8 |
2012-07-12 | CVE-2012-1163 | NIH | Numeric Errors vulnerability in NIH Libzip 0.10 Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. | 6.8 |
2012-07-11 | CVE-2012-3890 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
2012-07-11 | CVE-2012-3889 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
2012-07-10 | CVE-2012-1862 | Microsoft | Improper Input Validation vulnerability in Microsoft Sharepoint Server 2007 Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." | 6.8 |
2012-07-09 | CVE-2012-2447 | Netsweeper | Cross-Site Request Forgery (CSRF) vulnerability in Netsweeper Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. | 6.8 |
2012-07-12 | CVE-2012-1037 | Glpi Project | Code Injection vulnerability in Glpi-Project Glpi PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. | 6.5 |
2012-07-13 | CVE-2012-2279 | EMC RSA | Improper Input Validation vulnerability in multiple products Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.4 |
2012-07-12 | CVE-2012-0215 | Tryton | Permissions, Privileges, and Access Controls vulnerability in Tryton Trytond model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. | 5.5 |
2012-07-10 | CVE-2012-1860 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Office web Apps and Sharepoint Server Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." | 5.5 |
2012-07-13 | CVE-2012-2280 | EMC RSA | EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." | 5.0 |
2012-07-12 | CVE-2012-2351 | Debian Mahara | Improper Access Control vulnerability in multiple products The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | 5.0 |
2012-07-12 | CVE-2012-3996 | Tiki | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | 5.0 |
2012-07-13 | CVE-2012-2278 | EMC RSA | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-13 | CVE-2012-0283 | Andreas Gohr | Cross-Site Scripting vulnerability in Andreas Gohr Dokuwiki Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. | 4.3 |
2012-07-12 | CVE-2012-4000 | Ckeditor | Cross-Site Scripting vulnerability in Ckeditor Fckeditor Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. | 4.3 |
2012-07-12 | CVE-2012-3999 | Sayakbanerjee | Cross-Site Scripting vulnerability in Sayakbanerjee Sticky Notes 0.2.27052012.4/0.2.27052012.5/0.3.09062012.4 Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2012-07-12 | CVE-2012-3997 | Sayakbanerjee | Cross-Site Scripting vulnerability in Sayakbanerjee Sticky Notes 0.2.27052012.5 Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b) show.php. | 4.3 |
2012-07-12 | CVE-2012-3382 | Mono | Cross-Site Scripting vulnerability in Mono Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. | 4.3 |
2012-07-12 | CVE-2012-3236 | Gimp | NULL Pointer Dereference vulnerability in Gimp fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. | 4.3 |
2012-07-12 | CVE-2012-3805 | Kajona | Cross-Site Scripting vulnerability in Kajona Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. | 4.3 |
2012-07-10 | CVE-2012-1863 | Microsoft | Cross-Site Scripting vulnerability in Microsoft products Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." | 4.3 |
2012-07-10 | CVE-2012-1861 | Microsoft | Cross-Site Scripting vulnerability in Microsoft products Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." | 4.3 |
2012-07-10 | CVE-2012-1859 | Microsoft | Cross-Site Scripting vulnerability in Microsoft products Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." | 4.3 |
2012-07-09 | CVE-2012-3238 | Astaro Sophos | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. | 4.3 |
2012-07-09 | CVE-2012-2446 | Netsweeper | Cross-Site Scripting vulnerability in Netsweeper Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. | 4.3 |
2012-07-11 | CVE-2011-4308 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | 4.0 |
2012-07-09 | CVE-2012-3812 | Digium | Resource Management Errors vulnerability in Digium Asterisk, Asteriske and Certified Asterisk Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. | 4.0 |
2012-07-09 | CVE-2012-3863 | Digium | Resource Management Errors vulnerability in Digium products channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-12 | CVE-2012-1620 | Suckless | Permissions, Privileges, and Access Controls vulnerability in Suckless Slock 0.9 slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows. | 3.6 |
2012-07-12 | CVE-2012-1174 | Linux | Race Condition vulnerability in Linux Systemd 43 The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." | 3.3 |