Weekly Vulnerabilities Reports > December 17 to 23, 2012

Overview

58 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 76 products from 34 vendors including IBM, Owncloud, Cisco, Apache, and Huawei. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Credentials Management", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".

  • 45 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 49 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-23 CVE-2012-6428 Carlosgavazzi Credentials Management vulnerability in Carlosgavazzi products

Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.

10.0
2012-12-21 CVE-2012-3002 Foscam
Wansview
Improper Authentication vulnerability in multiple products

The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.

10.0
2012-12-21 CVE-2012-1714 Oracle Unspecified vulnerability in Oracle Hyperion Financial Management 11.1.1.4/11.1.2.1.104

Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2012-12-21 CVE-2012-1712 Oracle Path Traversal vulnerability in Oracle Glassfish web Space Server10.0 Update7

Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors.

10.0
2012-12-20 CVE-2012-5955 IBM Unspecified vulnerability in IBM Http Server and Websphere Application Server

Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.

10.0
2012-12-20 CVE-2012-6271 Adobe Remote Code Execution vulnerability in Adobe Shockwave Player

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.

9.3
2012-12-20 CVE-2012-6270 Adobe Unspecified vulnerability in Adobe Shockwave Player

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack.

9.3
2012-12-19 CVE-2012-5691 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.

9.3
2012-12-19 CVE-2012-5690 Realnetworks Code Injection vulnerability in Realnetworks Realplayer and Realplayer SP

RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.

9.3
2012-12-18 CVE-2012-6422 Meizu
Samsung
Permissions, Privileges, and Access Controls vulnerability in multiple products

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.

9.3

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-20 CVE-2012-4856 IBM Credentials Management vulnerability in IBM Power 5 and Power 5 System Firmware

The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.

7.9
2012-12-23 CVE-2012-6427 Carlosgavazzi SQL Injection vulnerability in Carlosgavazzi products

Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.

7.5
2012-12-20 CVE-2012-5469 Phpmyadmin
Wordpress
Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.

7.5
2012-12-18 CVE-2012-5468 Bogofilter Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bogofilter Project Bogofilter

Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters.

7.5
2012-12-18 CVE-2012-5195 Perl Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Perl

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

7.5
2012-12-21 CVE-2012-4859 IBM Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management

Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors.

7.2
2012-12-18 CVE-2012-4350 Symantec Local Privilege Escalation vulnerability in Symantec Enterprise Security Manager/Agent

Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors.

7.2
2012-12-18 CVE-2012-4348 Symantec Improper Input Validation vulnerability in Symantec Endpoint Protection

The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

7.2

31 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-21 CVE-2012-3133 Oracle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors.

6.8
2012-12-19 CVE-2012-5992 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

6.8
2012-12-19 CVE-2012-5178 Welcart
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Welcart Plugin 0.5/0.9.1/1.2.1

Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase.

6.8
2012-12-19 CVE-2012-5967 Merethis SQL Injection vulnerability in Merethis Centreon

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.

6.5
2012-12-18 CVE-2012-5610 Owncloud Improper Input Validation vulnerability in Owncloud

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.

6.5
2012-12-18 CVE-2012-5609 Owncloud Unspecified vulnerability in Owncloud

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

6.5
2012-12-21 CVE-2012-5954 IBM Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management

Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors.

6.4
2012-12-19 CVE-2012-5991 Cisco Unspecified vulnerability in Cisco products

screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209.

6.3
2012-12-19 CVE-2012-5970 Huawei Unspecified vulnerability in Huawei E585 and E585U-82

The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software.

6.1
2012-12-18 CVE-2012-4898 Tropos Cryptographic Issues vulnerability in Tropos products

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

6.1
2012-12-21 CVE-2012-3482 Fetchmail Remote Denial of Service vulnerability in Fetchmail NTLM Authentication Debug Mode

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

5.8
2012-12-20 CVE-2012-5765 IBM Information Exposure vulnerability in IBM Rational Clearquest

The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.

5.0
2012-12-19 CVE-2012-5978 Vmware Path Traversal vulnerability in VMWare View

Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.

5.0
2012-12-18 CVE-2012-5607 Owncloud Credentials Management vulnerability in Owncloud

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."

5.0
2012-12-18 CVE-2012-5574 Sensiolabs Permissions, Privileges, and Access Controls vulnerability in Sensiolabs Symfony

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.

5.0
2012-12-19 CVE-2012-5969 Huawei Path Traversal vulnerability in Huawei E585 and E585U-82

Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a ..

4.8
2012-12-19 CVE-2012-5968 Huawei Improper Input Validation vulnerability in Huawei E585 and E585U-82

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.

4.8
2012-12-23 CVE-2012-4698 Siemens Information Exposure vulnerability in Siemens products

Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.

4.3
2012-12-21 CVE-2012-5181 Concrete5 Cross-Site Scripting vulnerability in Concrete5

Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-12-21 CVE-2011-2728 Perl Remote Code Execution vulnerability in Perl 'decode_xs()' and 'File::Glob::bsd_glob()'

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

4.3
2012-12-20 CVE-2012-4839 IBM Unspecified vulnerability in IBM Rational Clearquest

The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.

4.3
2012-12-20 CVE-2012-3428 Jboss Credentials Management vulnerability in Jboss Ironjacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

4.3
2012-12-19 CVE-2012-6007 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.

4.3
2012-12-19 CVE-2012-5177 Welcart
Wordpress
Cross-Site Scripting vulnerability in Welcart Plugin

Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-12-19 CVE-2012-4846 IBM Information Exposure vulnerability in IBM Lotus Notes

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.

4.3
2012-12-19 CVE-2012-4431 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

4.3
2012-12-19 CVE-2012-3546 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

4.3
2012-12-18 CVE-2012-5608 Owncloud Cross-Site Scripting vulnerability in Owncloud 4.5.0/4.5.1

Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.

4.3
2012-12-18 CVE-2012-5606 Owncloud Cross-Site Scripting vulnerability in Owncloud

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js.

4.3
2012-12-21 CVE-2012-6325 Vmware Information Exposure vulnerability in VMWare Vcenter Server Appliance 5.0

VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.

4.0
2012-12-21 CVE-2012-6324 Vmware Path Traversal vulnerability in VMWare Vcenter Server Appliance 5.0/5.1

Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-21 CVE-2012-1699 X
Xfree86
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.

3.6
2012-12-20 CVE-2012-5638 Ovirt Permissions, Privileges, and Access Controls vulnerability in Ovirt Sanlock

The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.

3.6
2012-12-19 CVE-2012-4848 IBM Cross-Site Scripting vulnerability in IBM Lotus Foundations Start

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field.

3.5
2012-12-18 CVE-2012-5571 Openstack Credentials Management vulnerability in Openstack Essex and Folsom

OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.

3.5
2012-12-19 CVE-2012-3329 IBM
Linux
Link Following vulnerability in IBM Advanced Settings Utility and Bootable Media Creator

IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.

3.3
2012-12-18 CVE-2012-4691 Siemens Resource Management Errors vulnerability in Siemens Automation License Manager 4.0/5.0/5.1

Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.

3.3
2012-12-19 CVE-2012-4534 Apache Resource Management Errors vulnerability in Apache Tomcat

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

2.6
2012-12-21 CVE-2010-2387 Gnome Credentials Management vulnerability in Gnome Display Manager

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

1.9
2012-12-18 CVE-2012-4693 Invensys
Siemens
Cryptographic Issues vulnerability in multiple products

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.

1.9