Weekly Vulnerabilities Reports > November 26 to December 2, 2012
Overview
61 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 57 products from 46 vendors including Drupal, Libssh, David Alkire, Google, and EMC. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cryptographic Issues", "Permissions, Privileges, and Access Controls", "Resource Management Errors", and "Path Traversal".
- 58 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 59 reported vulnerabilities are exploitable by an anonymous user.
- Drupal has the most reported vulnerabilities, with 12 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-27 | CVE-2012-6046 | Phpenter | Code Injection vulnerability in PHPenter PHP Enter Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter. | 10.0 |
2012-11-26 | CVE-2010-5286 | Joobi Joomla | Path Traversal vulnerability in Joobi COM Jstore Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 10.0 |
2012-11-29 | CVE-2012-3271 | HP | Information Disclosure vulnerability in HP products Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors. | 9.3 |
2012-11-27 | CVE-2012-4614 | EMC | Improper Authentication vulnerability in EMC IT Operations Intelligence 9.0 The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | 9.3 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-30 | CVE-2012-5174 | Kyocera | Denial of Service vulnerability in Multiple Kyocera Mobile Devices The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format. | 7.8 |
2012-11-30 | CVE-2012-6063 | Libssh | Resource Management Errors vulnerability in Libssh Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559. | 7.5 |
2012-11-30 | CVE-2012-4562 | Libssh | Numeric Errors vulnerability in Libssh Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities. | 7.5 |
2012-11-30 | CVE-2012-4560 | Libssh | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libssh Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. | 7.5 |
2012-11-30 | CVE-2012-4551 | PS Project Management Team | Resource Management Errors vulnerability in PS Project Management Team Libunity-Webapps Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web site, related to "certain hash tables." | 7.5 |
2012-11-30 | CVE-2012-4479 | David Alkire Drupal | SQL Injection vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-11-30 | CVE-2012-4470 | Philip Ludlam Drupal | Permissions, Privileges, and Access Controls vulnerability in Philip Ludlam Listhandler 6.X1.0 The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact. | 7.5 |
2012-11-28 | CVE-2012-4964 | Samsung | Permissions, Privileges, and Access Controls vulnerability in Samsung Printer Firmware The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | 7.5 |
2012-11-26 | CVE-2010-5280 | Joomla CBE Joomla | Path Traversal vulnerability in Joomla-Cbe COM CBE 1.4.10/1.4.8/1.4.9 Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2012-11-26 | CVE-2012-6039 | Yabsoft | SQL Injection vulnerability in Yabsoft Advanced Image Hosting Script 2.3 SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | 7.5 |
2012-11-26 | CVE-2012-5520 | Openvas | Improper Input Validation vulnerability in Openvas Manager The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request. | 7.5 |
41 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-30 | CVE-2012-4559 | Libssh | Resource Management Errors vulnerability in Libssh Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 6.8 |
2012-11-30 | CVE-2012-4478 | David Alkire Drupal | Cross-Site Request Forgery (CSRF) vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | 6.8 |
2012-11-30 | CVE-2012-4221 | Numeric Errors vulnerability in Google Android Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call. | 6.8 | |
2012-11-30 | CVE-2012-4220 | Unspecified vulnerability in Google Android diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call. | 6.8 | |
2012-11-27 | CVE-2012-6047 | X7 Group | Cross-Site Request Forgery (CSRF) vulnerability in X7 Group X7 Chat Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php. | 6.8 |
2012-11-26 | CVE-2010-5285 | O DYN | Cross-Site Request Forgery (CSRF) vulnerability in O-Dyn Collabtive 0.6.5 Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action. | 6.8 |
2012-11-26 | CVE-2010-5283 | Opentext | Cross-Site Request Forgery (CSRF) vulnerability in Opentext Livelink ECM 9.7.1 Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | 6.8 |
2012-11-26 | CVE-2010-5281 | Net4Visions | Path Traversal vulnerability in Net4Visions Ibrowser 1.4.1 Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 6.8 |
2012-11-26 | CVE-2012-6041 | Morequick | Resource Management Errors vulnerability in Morequick Greenbrowser Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe. | 6.8 |
2012-11-26 | CVE-2012-6038 | Razorcms | Path Traversal vulnerability in Razorcms admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. | 6.5 |
2012-11-27 | CVE-2012-6050 | Mikrotik | Configuration vulnerability in Mikrotik Routeros 5.15 The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | 6.4 |
2012-11-30 | CVE-2012-4472 | David Alkire Drupal | Unspecified vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter. | 5.1 |
2012-11-30 | CVE-2012-4561 | Libssh | Buffer Overflow and Denial of Service vulnerability in libssh The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors. | 5.0 |
2012-11-30 | CVE-2012-4477 | David Alkire Drupal | Permissions, Privileges, and Access Controls vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | 5.0 |
2012-11-30 | CVE-2012-4475 | Security Questions Project Drupal | Permissions, Privileges, and Access Controls vulnerability in Security Questions Project Security Questions The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors. | 5.0 |
2012-11-30 | CVE-2012-4471 | Dominique Clause Drupal | Permissions, Privileges, and Access Controls vulnerability in Dominique Clause Search Autocomplete The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors. | 5.0 |
2012-11-30 | CVE-2012-5568 | Apache Opensuse | Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | 5.0 |
2012-11-30 | CVE-2012-4834 | IBM | Path Traversal vulnerability in IBM Websphere Portal 7.0.0.1/7.0.0.2/8.0.0.0 Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. | 5.0 |
2012-11-29 | CVE-2012-4841 | IBM | Resource Management Errors vulnerability in IBM Tivoli Endpoint Manager 8.2 Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors. | 5.0 |
2012-11-28 | CVE-2012-6051 | Cryptographic Issues vulnerability in Google Cityhash Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack. | 5.0 | |
2012-11-28 | CVE-2012-5373 | Oracle | Cryptographic Issues vulnerability in Oracle Jdk, JRE and Openjdk Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. | 5.0 |
2012-11-28 | CVE-2012-5372 | Rubinius | Cryptographic Issues vulnerability in Rubinius Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm. | 5.0 |
2012-11-28 | CVE-2012-5371 | Ruby Lang | Cryptographic Issues vulnerability in Ruby-Lang Ruby Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815. | 5.0 |
2012-11-28 | CVE-2012-5370 | Jruby | Cryptographic Issues vulnerability in Jruby JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838. | 5.0 |
2012-11-28 | CVE-2012-2739 | Oracle | Cryptographic Issues vulnerability in Oracle Jdk, JRE and Openjdk Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 5.0 |
2012-11-27 | CVE-2012-6049 | Opensolution | Information Exposure vulnerability in Opensolution Quick.Cart 5.0 Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message. | 5.0 |
2012-11-27 | CVE-2012-6048 | Guitar PRO | Buffer Errors vulnerability in Guitar-Pro Guitar PRO 6.1.1 Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file. | 5.0 |
2012-11-26 | CVE-2012-2438 | Awcm CMS | Resource Management Errors vulnerability in Awcm-Cms AR web Content Manager 2.2 ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consumption) via the coment parameter to (1) show_video.php or (2) topic.php. | 5.0 |
2012-11-26 | CVE-2012-2437 | Awcm CMS | Improper Authentication vulnerability in Awcm-Cms AR web Content Manager 2.2 cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter. | 5.0 |
2012-11-30 | CVE-2012-4476 | David Alkire Drupal | Cross-Site Scripting vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-11-30 | CVE-2012-4474 | Colorbox Node Drupal | Cross-Site Scripting vulnerability in Colorbox Node Dennis Blake 7.X2.0/7.X2.1 Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2012-11-30 | CVE-2012-4468 | Privatemsg Project Drupal | Cross-Site Scripting vulnerability in Privatemsg Project Privatemsg Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. | 4.3 |
2012-11-30 | CVE-2012-4222 | Improper Input Validation vulnerability in Google Android drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. | 4.3 | |
2012-11-27 | CVE-2012-4611 | EMC | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-11-27 | CVE-2012-6045 | Ramui | Cross-Site Scripting vulnerability in Ramui Forum 1.0 Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2012-11-26 | CVE-2010-5284 | O DYN | Cross-Site Scripting vulnerability in O-Dyn Collabtive 0.6.5 Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php. | 4.3 |
2012-11-26 | CVE-2010-5282 | Opentext | Cross-Site Scripting vulnerability in Opentext Livelink ECM 9.7.1 Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. | 4.3 |
2012-11-26 | CVE-2012-6044 | Mjsware | Improper Input Validation vulnerability in Mjsware M-Player 4.3 M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file. | 4.3 |
2012-11-26 | CVE-2012-6043 | PHP Fusion | Cross-Site Scripting vulnerability in PHP-Fusion 7.02.04 Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | 4.3 |
2012-11-26 | CVE-2012-6042 | Geopainting | Buffer Errors vulnerability in Geopainting Gpsmapedit 1.1.73.2 GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file. | 4.3 |
2012-11-26 | CVE-2012-6040 | Convergine | Cross-Site Scripting vulnerability in Convergine File King Advanced File Management 1.4 Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-30 | CVE-2012-4473 | Christian Johansson Drupal | Permissions, Privileges, and Access Controls vulnerability in Christian Johansson Restrict Node Page View 7.X1.0/7.X1.1 The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request. | 3.5 |
2012-11-30 | CVE-2012-4469 | Simon Rycroft Drupal | Cross-Site Scripting vulnerability in Simon Rycroft Hashcash Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module. | 2.6 |
2012-11-30 | CVE-2012-4571 | Python | Cryptographic Issues vulnerability in Python Keyring 0.9.1 Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. | 2.1 |
2012-11-29 | CVE-2012-5530 | SGI | Permissions, Privileges, and Access Controls vulnerability in SGI Performance Co-Pilot The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. | 2.1 |
2012-11-27 | CVE-2012-4615 | EMC | Cryptographic Issues vulnerability in EMC IT Operations Intelligence 9.0 EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |