Weekly Vulnerabilities Reports > December 3 to 9, 2012

Overview

80 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 68 products from 47 vendors including Drupal, Wireshark, IBM, Oracle, and Mariadb. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Numeric Errors", "Information Exposure", and "Improper Input Validation".

  • 73 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 65 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-06 CVE-2012-3275 HP Remote Unspecified Unauthorized Access vulnerability in HP Network Node Manager I 9.10/9.20

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2012-12-06 CVE-2012-3274 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Intelligent Management Center 5.0/5.1

Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.

10.0
2012-12-04 CVE-2012-6067 Freeftpd Improper Authentication vulnerability in Freeftpd

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

10.0
2012-12-04 CVE-2012-5138 Google
Opensuse
Multiple Security vulnerability in Google Chrome

Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.

10.0
2012-12-04 CVE-2012-5137 Google
Opensuse
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.

10.0
2012-12-04 CVE-2012-6066 Freesshd Improper Authentication vulnerability in Freesshd 1.2.1/1.2.2/1.2.6

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

9.3
2012-12-04 CVE-2012-5975 SSH
Linux
Improper Authentication vulnerability in SSH Tectia Server

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

9.3
2012-12-08 CVE-2012-4857 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server

Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.

9.0

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-06 CVE-2012-5688 ISC
Canonical
Improper Input Validation vulnerability in multiple products

ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

7.8
2012-12-08 CVE-2012-4687 Postoaktraffic Cryptographic Issues vulnerability in Postoaktraffic Awam Bluetooth Reader

Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.

7.6
2012-12-05 CVE-2011-2730 Springsource Configuration vulnerability in Springsource Spring Framework

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730

7.5
2012-12-04 CVE-2012-5129 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome and Chrome OS

Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors.

7.5
2012-12-03 CVE-2012-5550 Carlos Carvalhar
Drupal
SQL Injection vulnerability in Carlos Carvalhar Time Spent 6.X2.X/7.X2.X

SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-12-03 CVE-2012-5534 Flashtux Improper Input Validation vulnerability in Flashtux Weechat

The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."

7.5
2012-12-03 CVE-2012-1598 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."

7.5
2012-12-08 CVE-2012-4690 Rockwellautomation Configuration vulnerability in Rockwellautomation products

Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits.

7.1

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-05 CVE-2012-3317 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Message Broker

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.

6.9
2012-12-05 CVE-2012-4608 EMC Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Netwitness Informer

Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2012-12-03 CVE-2012-5556 Restful WEB Services Project
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Restful web Services Project Restful web Services

Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

6.8
2012-12-03 CVE-2012-5549 Carlos Carvalhar
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Carlos Carvalhar Time Spent 6.X2.X/7.X2.X

Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2012-12-03 CVE-2012-5547 Thomas Seidl
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Seidl Search API

Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action.

6.8
2012-12-03 CVE-2012-5542 Pedro Cambra
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Pedro Cambra Commerce Extra Panes 7.X1.0/7.X1.X

Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items."

6.8
2012-12-03 CVE-2012-5450 Cmsmadesimple Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple

Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.

6.8
2012-12-03 CVE-2012-5612 Mariadb
Oracle
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

6.5
2012-12-03 CVE-2012-5611 Mariadb
Oracle
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

6.5
2012-12-03 CVE-2012-5537 Simplenews Scheduler Project
Drupal
Code Injection vulnerability in Simplenews Scheduler Project Simplenews Scheduler

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

6.0
2012-12-03 CVE-2012-5367 Orangehrm SQL Injection vulnerability in Orangehrm 2.7.1

Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.

6.0
2012-12-03 CVE-2012-5613 Mariadb
Oracle
Linux
Configuration vulnerability in multiple products

** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator.

6.0
2012-12-05 CVE-2012-4982 Forescout Improper Input Validation vulnerability in Forescout Counteract 6.3.4.10

Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.

5.8
2012-12-05 CVE-2011-2731 Vmware Race Condition vulnerability in VMWare Springsource Spring Security

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

5.1
2012-12-06 CVE-2012-3273 HP Unspecified vulnerability in HP Laserjet PRO MFP M401 and Laserjet PRO MFP M425

Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors.

5.0
2012-12-05 CVE-2012-5055 Vmware Information Exposure vulnerability in VMWare Springsource Spring Security

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

5.0
2012-12-05 CVE-2012-6062 Wireshark Improper Input Validation vulnerability in Wireshark

The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

5.0
2012-12-05 CVE-2012-6061 Wireshark Numeric Errors vulnerability in Wireshark

The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet.

5.0
2012-12-05 CVE-2012-6060 Wireshark Numeric Errors vulnerability in Wireshark

Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

5.0
2012-12-05 CVE-2012-6059 Wireshark Improper Input Validation vulnerability in Wireshark

The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2012-12-05 CVE-2012-6058 Wireshark Numeric Errors vulnerability in Wireshark

Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value.

5.0
2012-12-05 CVE-2012-6057 Wireshark Numeric Errors vulnerability in Wireshark

The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet.

5.0
2012-12-05 CVE-2012-6056 Wireshark Numeric Errors vulnerability in Wireshark

Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.

5.0
2012-12-05 CVE-2012-6055 Wireshark Numeric Errors vulnerability in Wireshark

epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field.

5.0
2012-12-05 CVE-2012-6054 Wireshark Numeric Errors vulnerability in Wireshark

The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.

5.0
2012-12-05 CVE-2012-6053 Wireshark Numeric Errors vulnerability in Wireshark

epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field.

5.0
2012-12-05 CVE-2012-6052 Wireshark Information Exposure vulnerability in Wireshark

Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files.

5.0
2012-12-05 CVE-2012-4347 Symantec Path Traversal vulnerability in Symantec Messaging Gateway

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a ..

5.0
2012-12-03 CVE-2012-5859 Samsung Denial of Service and Security Bypass vulnerability in Samsung Kies AIR 2.1.207051/2.1.210161

Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php.

5.0
2012-12-03 CVE-2012-5554 Coleman Watts
Drupal
Information Exposure vulnerability in Coleman Watts Webform Civicrm 7.X3.0/7.X3.1/7.X3.X

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.

5.0
2012-12-03 CVE-2012-5552 Erikwebb
Drupal
Information Exposure vulnerability in Erikwebb Password Policy

The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."

5.0
2012-12-03 CVE-2012-1599 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!

Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors.

5.0
2012-12-03 CVE-2012-5615 Mariadb
Oracle
Information Exposure vulnerability in multiple products

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

5.0
2012-12-03 CVE-2012-6065 Daniel Honrade
Drupal
Arbitrary PHP Code Execution vulnerability in Drupal OM Maximenu Module

The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553.

4.6
2012-12-08 CVE-2012-3297 IBM Cross-Site Scripting vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3

Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

4.3
2012-12-06 CVE-2012-5176 Kent WEB Cross-Site Scripting vulnerability in Kent-Web Access Report

Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to tag embedding.

4.3
2012-12-06 CVE-2012-5175 Kent WEB Cross-Site Scripting vulnerability in Kent-Web Access Report

Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data.

4.3
2012-12-06 CVE-2012-3272 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-12-05 CVE-2011-2732 Vmware Code Injection vulnerability in VMWare Springsource Spring Security

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

4.3
2012-12-05 CVE-2012-4985 Forescout Permissions, Privileges, and Access Controls vulnerability in Forescout Counteract 6.3.4.10

The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets.

4.3
2012-12-05 CVE-2012-4983 Forescout Cross-Site Scripting vulnerability in Forescout Counteract 6.3.4.10

Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.

4.3
2012-12-05 CVE-2012-4609 EMC Improper Input Validation vulnerability in EMC RSA Netwitness Informer

The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3
2012-12-03 CVE-2012-5858 Samsung Improper Authentication vulnerability in Samsung Kies AIR 2.1.207051/2.1.210161

Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.

4.3
2012-12-03 CVE-2012-5569 Basic Webmail Project
Jason Flatt
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.

4.3
2012-12-03 CVE-2012-5551 Thinkshout
Drupal
Cross-Site Scripting vulnerability in Thinkshout Mailchimp

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests."

4.3
2012-12-03 CVE-2012-5548 Carlos Carvalhar
Drupal
Cross-Site Scripting vulnerability in Carlos Carvalhar Time Spent 6.X2.X/7.X2.X

Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-12-03 CVE-2012-5543 Feeds Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Feeds Project Feeds 7.X2.0/7.X2.X

The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.

4.3
2012-12-03 CVE-2012-5541 Twitter Pull Project
Drupal
Cross-Site Scripting vulnerability in Twitter Pull Project Twitter Pull

Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."

4.3
2012-12-03 CVE-2012-5540 Tekritisoftware
Drupal
Cross-Site Scripting vulnerability in Tekritisoftware Hostip

Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-12-03 CVE-2012-5544 Thinkshout
Drupal
Information Exposure vulnerability in Thinkshout Mandrill 7.X1.0/7.X1.1/7.X1.X

The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.

4.0
2012-12-03 CVE-2012-5614 Mariadb
Oracle
Improper Input Validation vulnerability in multiple products

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-03 CVE-2012-5557 User Read Only Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in User Read-Only Project User Readonly

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.

3.6
2012-12-03 CVE-2012-6064 Cmsmadesimple Path Traversal vulnerability in Cmsmadesimple CMS Made Simple

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a ..

3.5
2012-12-03 CVE-2012-5539 Organic Groups Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Organic Groups Project Organic Groups

The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.

3.5
2012-12-03 CVE-2012-5559 Chaos Tool Suite Project Cross-Site Scripting vulnerability in Chaos Tool Suite Project Ctools

Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title.

2.6
2012-12-05 CVE-2009-2899 Vmware Information Exposure vulnerability in VMWare Hyperic HQ 4.2

The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments.

2.1
2012-12-05 CVE-2012-4862 IBM Credentials Management vulnerability in IBM Rational Developer for System Z

The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2012-12-03 CVE-2012-5553 Daniel Honrade
Drupal
Cross-Site Scripting vulnerability in Daniel Honrade OM Maximenu

Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names.

2.1
2012-12-03 CVE-2012-5545 ROB Loach
Drupal
Cross-Site Scripting vulnerability in ROB Loach Sharethis

Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings."

2.1
2012-12-03 CVE-2012-5538 Nathan Haug
Drupal
Cross-Site Scripting vulnerability in Nathan Haug Filefield Sources

Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.

2.1
2012-12-08 CVE-2012-4838 IBM Unspecified vulnerability in IBM products

IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity.

1.9
2012-12-03 CVE-2012-3432 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.

1.9
2012-12-03 CVE-2012-2934 XEN Local Denial of Service vulnerability in Xen 64-bit PV Guests

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.

1.9
2012-12-03 CVE-2012-0218 XEN Unspecified vulnerability in XEN 3.4.0/4.0.0/4.1.0

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.

1.9