Weekly Vulnerabilities Reports > October 29 to November 4, 2012

Overview

102 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 124 products from 77 vendors including Drupal, Paypal, Cisco, Oscommerce, and Apache. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 98 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 91 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • GE has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-02 CVE-2012-5417 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Data Center Network Manager

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.

10.0
2012-11-01 CVE-2012-5409 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Sipass Integrated

AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.

10.0
2012-11-01 CVE-2012-3026 GE Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021.

10.0
2012-11-01 CVE-2012-3021 GE Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026.

10.0
2012-11-01 CVE-2012-3010 GE Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026.

10.0
2012-10-31 CVE-2012-5692 Invisionpower Unspecified vulnerability in Invisionpower Invision Power Board

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

10.0
2012-10-30 CVE-2012-0023 Videolan Resource Management Errors vulnerability in Videolan VLC Media Player

Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.

9.3
2012-10-29 CVE-2012-4661 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC packet, aka Bug IDs CSCtr21359 and CSCtr27522.

9.0

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-02 CVE-2012-5416 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Meetingplace

Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341.

7.8
2012-11-01 CVE-2012-5687 TP Link Path Traversal vulnerability in Tp-Link Tl-Wr841N and Tl-Wr841N Firmware

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a ..

7.8
2012-10-29 CVE-2012-4660 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6 before 8.6(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted SIP media-update packet, aka Bug ID CSCtr63728.

7.8
2012-11-02 CVE-2012-4498 Morbus IFF
Drupal
Permissions, Privileges, and Access Controls vulnerability in Morbus IFF Activism 6.X2.0/6.X2.X

The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.

7.5
2012-10-29 CVE-2012-4663 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21346 and CSCtr27521.

7.1
2012-10-29 CVE-2012-4662 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21376 and CSCtr27524.

7.1
2012-10-29 CVE-2012-4659 Cisco Improper Authentication vulnerability in Cisco products

The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote attackers to cause a denial of service (device reload) via a crafted authentication response, aka Bug ID CSCtz04566.

7.1
2012-10-29 CVE-2012-4643 Cisco Resource Management Errors vulnerability in Cisco products

The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56), 8.2 before 8.2(5.27), 8.3 before 8.3(2.31), 8.4 before 8.4(3.10), 8.5 before 8.5(1.9), and 8.6 before 8.6(1.5) does not properly allocate memory for DHCP packets, which allows remote attackers to cause a denial of service (device reload) via a series of crafted IPv4 packets, aka Bug ID CSCtw84068.

7.1

74 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-04 CVE-2012-4987 Realnetworks Buffer Errors vulnerability in Realnetworks Realplayer 15.0.5.109

Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature.

6.8
2012-11-02 CVE-2012-0025 Irfanview Resource Management Errors vulnerability in Irfanview Flashpix Plugin 4.2.2.0

Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.

6.8
2012-11-02 CVE-2012-4486 Boombatower
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Boombatower Subuser

Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.

6.8
2012-10-31 CVE-2012-5671 Exim Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Exim

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

6.8
2012-10-31 CVE-2012-4940 Gecad Path Traversal vulnerability in Gecad Axigen Free Mail Server

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a ..

6.4
2012-10-29 CVE-2012-4196 Mozilla
Opensuse
Suse
Canonical
Redhat
Injection vulnerability in multiple products

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.

6.4
2012-11-04 CVE-2012-5825 Tweepy Improper Input Validation vulnerability in Tweepy

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.

5.8
2012-11-04 CVE-2012-5824 Trillian Improper Input Validation vulnerability in Trillian 5.1.0.19

Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.

5.8
2012-11-04 CVE-2012-5823 Opensourceclassifieds Improper Input Validation vulnerability in Opensourceclassifieds

Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

5.8
2012-11-04 CVE-2012-5822 Mozilla Improper Input Validation vulnerability in Mozilla Zamboni

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library.

5.8
2012-11-04 CVE-2012-5821 Lynx Cryptographic Issues vulnerability in Lynx

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.

5.8
2012-11-04 CVE-2012-5820 Google Improper Input Validation vulnerability in Google Admob

The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5819 Filesanywhere Improper Input Validation vulnerability in Filesanywhere

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5818 Elephantdrive Improper Input Validation vulnerability in Elephantdrive

ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5817 Amazon
Codehaus
Improper Input Validation vulnerability in multiple products

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5816 AOL Improper Input Validation vulnerability in AOL AIM 1.0.1.2

AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5815 Rackspace Improper Input Validation vulnerability in Rackspace 2.1.5

The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5814 Github
Roderick Baier
Improper Input Validation vulnerability in multiple products

Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5813 Emorym Improper Input Validation vulnerability in Emorym Android Pusher

The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5812 Acra Improper Input Validation vulnerability in Acra Library

The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5811 Breezy Cryptographic Issues vulnerability in Breezy

The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5810 Jpmorganchase Cryptographic Issues vulnerability in Jpmorganchase Chase Mobile

The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default X509TrustManager.

5.8
2012-11-04 CVE-2012-5809 Groupon Cryptographic Issues vulnerability in Groupon Merchants

The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5808 Firstdata
ZEN Cart
Improper Input Validation vulnerability in multiple products

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5807 Lincolnloop
ZEN Cart
Improper Input Validation vulnerability in multiple products

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5806 Paypal
ZEN Cart
Improper Input Validation vulnerability in multiple products

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.

5.8
2012-11-04 CVE-2012-5805 Paypal
ZEN Cart
Improper Input Validation vulnerability in multiple products

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806.

5.8
2012-11-04 CVE-2012-5804 Cybersource Module Project
Ubercart
Improper Input Validation vulnerability in multiple products

The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5803 Irata
Ubercart
Improper Input Validation vulnerability in multiple products

The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5802 Paypal
Ubercart
Improper Input Validation vulnerability in multiple products

The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5801 Prestashop Improper Input Validation vulnerability in Prestashop Ebay and Prestashop

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

5.8
2012-11-04 CVE-2012-5800 Prestashop Improper Input Validation vulnerability in Prestashop Ebay Module and Prestashop

The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5799 Prestashop
Presto Changeo
Improper Input Validation vulnerability in multiple products

The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

5.8
2012-11-04 CVE-2012-5798 Oscommerce
Paypal
Improper Input Validation vulnerability in multiple products

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5797 Brian Burton
Oscommerce
Improper Input Validation vulnerability in multiple products

The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5796 Oscommerce
Paypal
Improper Input Validation vulnerability in multiple products

The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5795 Akunamachata
Oscommerce
Improper Input Validation vulnerability in multiple products

The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5794 Moneybookers
Oscommerce
Improper Input Validation vulnerability in multiple products

The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5793 Harald Ponce DE Leon
Oscommerce
Improper Input Validation vulnerability in multiple products

The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5792 Oscommerce
Sagepay
Improper Input Validation vulnerability in multiple products

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5791 Paypal Improper Input Validation vulnerability in Paypal Invoicing

PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5790 Paypal Improper Input Validation vulnerability in Paypal Payments Standard 20120427

PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain TRUE value.

5.8
2012-11-04 CVE-2012-5789 Paypal Improper Input Validation vulnerability in Paypal Payments Standard

PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value.

5.8
2012-11-04 CVE-2012-5788 Paypal Improper Input Validation vulnerability in Paypal IPN

The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

5.8
2012-11-04 CVE-2012-5787 Paypal Improper Input Validation vulnerability in Paypal Merchant SDK

The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5786 Apache Improper Input Validation vulnerability in Apache CXF

** DISPUTED ** The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5785 Apache Improper Input Validation vulnerability in Apache Axis2

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5784 Apache
Paypal
Improper Input Validation vulnerability in multiple products

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5783 Apache
Canonical
Improper Certificate Validation vulnerability in multiple products

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-5782 Amazon Improper Input Validation vulnerability in Amazon Flexible Payments Service

Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain "true" value.

5.8
2012-11-04 CVE-2012-5781 Amazon Improper Input Validation vulnerability in Amazon Elastic Load Balancing

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager.

5.8
2012-11-04 CVE-2012-5780 Amazon Improper Input Validation vulnerability in Amazon Merchant SDK

The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-04 CVE-2012-3446 Apache Improper Input Validation vulnerability in Apache Libcloud

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

5.8
2012-11-04 CVE-2012-5170 Simon Brown Improper Input Validation vulnerability in Simon Brown Pebble

Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2012-10-31 CVE-2012-4491 Earl Dunovant
Drupal
Permissions, Privileges, and Access Controls vulnerability in Earl Dunovant Monthly Archive BY Node Type 6.X1.0/6.X2.0/6.X3.0

The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors.

5.8
2012-10-31 CVE-2012-4489 Mark Burdett
Drupal
Improper Input Validation vulnerability in Mark Burdett Securelogin

Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter.

5.8
2012-11-03 CVE-2012-3748 Apple Race Condition vulnerability in Apple Iphone OS and Safari

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

5.1
2012-11-03 CVE-2012-3749 Apple Information Exposure vulnerability in Apple Iphone OS

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

5.0
2012-10-31 CVE-2012-4499 Matthias Hutterer
Drupal
Permissions, Privileges, and Access Controls vulnerability in Matthias Hutterer Email

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors.

5.0
2012-10-31 CVE-2012-4488 Location Module Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Location Module Project Location

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.

5.0
2012-10-31 CVE-2012-4483 Acquia
Drupal
Permissions, Privileges, and Access Controls vulnerability in Acquia Commons

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.

5.0
2012-10-31 CVE-2012-4482 Longwaveconsulting
Drupal
Improper Input Validation vulnerability in Longwaveconsulting Ubercart Securetrading Payment Method Module 6.X1.0

The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors.

5.0
2012-10-31 CVE-2012-4939 Solarwinds Cross-Site Scripting vulnerability in Solarwinds products

Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field.

4.3
2012-10-31 CVE-2012-4532 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

4.3
2012-10-31 CVE-2012-4531 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-10-31 CVE-2012-4494 Niif
Drupal
Permissions, Privileges, and Access Controls vulnerability in Niif Shibb Auth 7.X4.0

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

4.3
2012-10-31 CVE-2012-4490 Ricky Morse
Drupal
Cross-Site Scripting vulnerability in Ricky Morse Excluded Users 6.X1.0

Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or (2) email address.

4.3
2012-10-31 CVE-2012-4485 Manuel Garcia
Drupal
Cross-Site Scripting vulnerability in Manuel Garcia Galleryformatter

Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter.

4.3
2012-10-31 CVE-2012-4484 Trexart
Drupal
Cross-Site Scripting vulnerability in Trexart Campaignmonitor

Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-10-31 CVE-2012-4547 Laurent Destailleur Cross-Site Scripting vulnerability in Laurent Destailleur Awstats

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

4.3
2012-10-29 CVE-2012-4195 Mozilla
Opensuse
Suse
Canonical
Redhat
Cross-Site Scripting vulnerability in multiple products

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

4.3
2012-10-29 CVE-2012-4194 Mozilla
Opensuse
Suse
Canonical
Redhat
Cross-Site Scripting vulnerability in multiple products

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.

4.3
2012-11-02 CVE-2012-4487 Boombatower
Drupal
Permissions, Privileges, and Access Controls vulnerability in Boombatower Subuser

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created.

4.0
2012-10-31 CVE-2012-4495 Mime Mail Module Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Mime Mail Module Project Mimemail 6.X1.0/6.X1.X

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-03 CVE-2012-3750 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

3.6
2012-11-01 CVE-2012-5704 Justin Dodge
Drupal
Resource Management Errors vulnerability in Justin Dodge Hotblocks

The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself.

3.5
2012-10-31 CVE-2012-4500 Nancy Wichmann
Drupal
Permissions, Privileges, and Access Controls vulnerability in Nancy Wichmann Announcements

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.

3.5
2012-10-31 CVE-2012-4934 Tomatocart Permissions, Privileges, and Access Controls vulnerability in Tomatocart 1.1.7

TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.

3.5
2012-10-31 CVE-2012-4610 EMC Credentials Management vulnerability in EMC Avamar 6.1

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.

3.3
2012-10-31 CVE-2012-2625 XEN Improper Input Validation vulnerability in XEN and Xen-Unstable

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.

2.7
2012-11-02 CVE-2012-4497 Devsaran
Drupal
Cross-Site Scripting vulnerability in Devsaran Elegant Theme 7.X1.X

Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL.

2.1
2012-11-02 CVE-2012-4493 ROY Baxter
Drupal
Cross-Site Scripting vulnerability in ROY Baxter Better Revisions 7.X1.0/7.X1.X

Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors.

2.1
2012-11-01 CVE-2012-5705 Justin Dodge
Drupal
Cross-Site Scripting vulnerability in Justin Dodge Hotblocks

Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."

2.1
2012-10-31 CVE-2012-4544 XEN Improper Input Validation vulnerability in XEN

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

2.1
2012-10-31 CVE-2012-4496 Inclind
Drupal
Cross-Site Scripting vulnerability in Inclind Custom PUB

Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter.

2.1
2012-10-31 CVE-2012-4492 Isaac Sukin
Drupal
Cross-Site Scripting vulnerability in Isaac Sukin Shorten

Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page.

2.1