Weekly Vulnerabilities Reports > November 26 to December 2, 2012

Overview

61 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 57 products from 46 vendors including Drupal, Libssh, David Alkire, Google, and EMC. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cryptographic Issues", "Permissions, Privileges, and Access Controls", "Resource Management Errors", and "Path Traversal".

  • 58 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 59 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-27 CVE-2012-6046 Phpenter Code Injection vulnerability in PHPenter PHP Enter

Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.

10.0
2012-11-26 CVE-2010-5286 Joobi
Joomla
Path Traversal vulnerability in Joobi COM Jstore

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

10.0
2012-11-29 CVE-2012-3271 HP Information Disclosure vulnerability in HP products

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.

9.3
2012-11-27 CVE-2012-4614 EMC Improper Authentication vulnerability in EMC IT Operations Intelligence 9.0

The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-30 CVE-2012-5174 Kyocera Denial of Service vulnerability in Multiple Kyocera Mobile Devices

The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format.

7.8
2012-11-30 CVE-2012-6063 Libssh Resource Management Errors vulnerability in Libssh

Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.

7.5
2012-11-30 CVE-2012-4562 Libssh Numeric Errors vulnerability in Libssh

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.

7.5
2012-11-30 CVE-2012-4560 Libssh Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libssh

Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.

7.5
2012-11-30 CVE-2012-4551 PS Project Management Team Resource Management Errors vulnerability in PS Project Management Team Libunity-Webapps

Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web site, related to "certain hash tables."

7.5
2012-11-30 CVE-2012-4479 David Alkire
Drupal
SQL Injection vulnerability in David Alkire Drag & Drop Gallery 6.X1.5

SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-11-30 CVE-2012-4470 Philip Ludlam
Drupal
Permissions, Privileges, and Access Controls vulnerability in Philip Ludlam Listhandler 6.X1.0

The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.

7.5
2012-11-28 CVE-2012-4964 Samsung Permissions, Privileges, and Access Controls vulnerability in Samsung Printer Firmware

The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request.

7.5
2012-11-26 CVE-2010-5280 Joomla CBE
Joomla
Path Traversal vulnerability in Joomla-Cbe COM CBE 1.4.10/1.4.8/1.4.9

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2012-11-26 CVE-2012-6039 Yabsoft SQL Injection vulnerability in Yabsoft Advanced Image Hosting Script 2.3

SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.

7.5
2012-11-26 CVE-2012-5520 Openvas Improper Input Validation vulnerability in Openvas Manager

The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.

7.5

41 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-30 CVE-2012-4559 Libssh Resource Management Errors vulnerability in Libssh

Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

6.8
2012-11-30 CVE-2012-4478 David Alkire
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in David Alkire Drag & Drop Gallery 6.X1.5

Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators.

6.8
2012-11-30 CVE-2012-4221 Google Numeric Errors vulnerability in Google Android

Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call.

6.8
2012-11-30 CVE-2012-4220 Google Unspecified vulnerability in Google Android

diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call.

6.8
2012-11-27 CVE-2012-6047 X7 Group Cross-Site Request Forgery (CSRF) vulnerability in X7 Group X7 Chat

Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.

6.8
2012-11-26 CVE-2010-5285 O DYN Cross-Site Request Forgery (CSRF) vulnerability in O-Dyn Collabtive 0.6.5

Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.

6.8
2012-11-26 CVE-2010-5283 Opentext Cross-Site Request Forgery (CSRF) vulnerability in Opentext Livelink ECM 9.7.1

Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.

6.8
2012-11-26 CVE-2010-5281 Net4Visions Path Traversal vulnerability in Net4Visions Ibrowser 1.4.1

Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

6.8
2012-11-26 CVE-2012-6041 Morequick Resource Management Errors vulnerability in Morequick Greenbrowser

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe.

6.8
2012-11-26 CVE-2012-6038 Razorcms Path Traversal vulnerability in Razorcms

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action.

6.5
2012-11-27 CVE-2012-6050 Mikrotik Configuration vulnerability in Mikrotik Routeros 5.15

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.

6.4
2012-11-30 CVE-2012-4472 David Alkire
Drupal
Unspecified vulnerability in David Alkire Drag & Drop Gallery 6.X1.5

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.

5.1
2012-11-30 CVE-2012-4561 Libssh Buffer Overflow and Denial of Service vulnerability in libssh

The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.

5.0
2012-11-30 CVE-2012-4477 David Alkire
Drupal
Permissions, Privileges, and Access Controls vulnerability in David Alkire Drag & Drop Gallery 6.X1.5

Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors.

5.0
2012-11-30 CVE-2012-4475 Security Questions Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Security Questions Project Security Questions

The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors.

5.0
2012-11-30 CVE-2012-4471 Dominique Clause
Drupal
Permissions, Privileges, and Access Controls vulnerability in Dominique Clause Search Autocomplete

The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.

5.0
2012-11-30 CVE-2012-5568 Apache
Opensuse
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5.0
2012-11-30 CVE-2012-4834 IBM Path Traversal vulnerability in IBM Websphere Portal 7.0.0.1/7.0.0.2/8.0.0.0

Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.

5.0
2012-11-29 CVE-2012-4841 IBM Resource Management Errors vulnerability in IBM Tivoli Endpoint Manager 8.2

Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors.

5.0
2012-11-28 CVE-2012-6051 Google Cryptographic Issues vulnerability in Google Cityhash

Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack.

5.0
2012-11-28 CVE-2012-5373 Oracle Cryptographic Issues vulnerability in Oracle Jdk, JRE and Openjdk

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.

5.0
2012-11-28 CVE-2012-5372 Rubinius Cryptographic Issues vulnerability in Rubinius

Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm.

5.0
2012-11-28 CVE-2012-5371 Ruby Lang Cryptographic Issues vulnerability in Ruby-Lang Ruby

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

5.0
2012-11-28 CVE-2012-5370 Jruby Cryptographic Issues vulnerability in Jruby

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.

5.0
2012-11-28 CVE-2012-2739 Oracle Cryptographic Issues vulnerability in Oracle Jdk, JRE and Openjdk

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

5.0
2012-11-27 CVE-2012-6049 Opensolution Information Exposure vulnerability in Opensolution Quick.Cart 5.0

Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.

5.0
2012-11-27 CVE-2012-6048 Guitar PRO Buffer Errors vulnerability in Guitar-Pro Guitar PRO 6.1.1

Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.

5.0
2012-11-26 CVE-2012-2438 Awcm CMS Resource Management Errors vulnerability in Awcm-Cms AR web Content Manager 2.2

ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consumption) via the coment parameter to (1) show_video.php or (2) topic.php.

5.0
2012-11-26 CVE-2012-2437 Awcm CMS Improper Authentication vulnerability in Awcm-Cms AR web Content Manager 2.2

cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.

5.0
2012-11-30 CVE-2012-4476 David Alkire
Drupal
Cross-Site Scripting vulnerability in David Alkire Drag & Drop Gallery 6.X1.5

Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-11-30 CVE-2012-4474 Colorbox Node
Drupal
Cross-Site Scripting vulnerability in Colorbox Node Dennis Blake 7.X2.0/7.X2.1

Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2012-11-30 CVE-2012-4468 Privatemsg Project
Drupal
Cross-Site Scripting vulnerability in Privatemsg Project Privatemsg

Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message.

4.3
2012-11-30 CVE-2012-4222 Google Improper Input Validation vulnerability in Google Android

drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call.

4.3
2012-11-27 CVE-2012-4611 EMC Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-11-27 CVE-2012-6045 Ramui Cross-Site Scripting vulnerability in Ramui Forum 1.0

Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2012-11-26 CVE-2010-5284 O DYN Cross-Site Scripting vulnerability in O-Dyn Collabtive 0.6.5

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

4.3
2012-11-26 CVE-2010-5282 Opentext Cross-Site Scripting vulnerability in Opentext Livelink ECM 9.7.1

Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html.

4.3
2012-11-26 CVE-2012-6044 Mjsware Improper Input Validation vulnerability in Mjsware M-Player 4.3

M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.

4.3
2012-11-26 CVE-2012-6043 PHP Fusion Cross-Site Scripting vulnerability in PHP-Fusion 7.02.04

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

4.3
2012-11-26 CVE-2012-6042 Geopainting Buffer Errors vulnerability in Geopainting Gpsmapedit 1.1.73.2

GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file.

4.3
2012-11-26 CVE-2012-6040 Convergine Cross-Site Scripting vulnerability in Convergine File King Advanced File Management 1.4

Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-30 CVE-2012-4473 Christian Johansson
Drupal
Permissions, Privileges, and Access Controls vulnerability in Christian Johansson Restrict Node Page View 7.X1.0/7.X1.1

The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request.

3.5
2012-11-30 CVE-2012-4469 Simon Rycroft
Drupal
Cross-Site Scripting vulnerability in Simon Rycroft Hashcash

Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module.

2.6
2012-11-30 CVE-2012-4571 Python Cryptographic Issues vulnerability in Python Keyring 0.9.1

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.

2.1
2012-11-29 CVE-2012-5530 SGI Permissions, Privileges, and Access Controls vulnerability in SGI Performance Co-Pilot

The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.

2.1
2012-11-27 CVE-2012-4615 EMC Cryptographic Issues vulnerability in EMC IT Operations Intelligence 9.0

EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.

2.1