Weekly Vulnerabilities Reports > December 17 to 23, 2012
Overview
58 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 76 products from 34 vendors including IBM, Owncloud, Cisco, Apache, and Huawei. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Credentials Management", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".
- 45 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 49 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-23 | CVE-2012-6428 | Carlosgavazzi | Credentials Management vulnerability in Carlosgavazzi products Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862. | 10.0 |
2012-12-21 | CVE-2012-3002 | Foscam Wansview | Improper Authentication vulnerability in multiple products The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. | 10.0 |
2012-12-21 | CVE-2012-1714 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Management 11.1.1.4/11.1.2.1.104 Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2012-12-21 | CVE-2012-1712 | Oracle | Path Traversal vulnerability in Oracle Glassfish web Space Server10.0 Update7 Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors. | 10.0 |
2012-12-20 | CVE-2012-5955 | IBM | Unspecified vulnerability in IBM Http Server and Websphere Application Server Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. | 10.0 |
2012-12-20 | CVE-2012-6271 | Adobe | Remote Code Execution vulnerability in Adobe Shockwave Player Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra. | 9.3 |
2012-12-20 | CVE-2012-6270 | Adobe | Unspecified vulnerability in Adobe Shockwave Player Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack. | 9.3 |
2012-12-19 | CVE-2012-5691 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file. | 9.3 |
2012-12-19 | CVE-2012-5690 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer and Realplayer SP RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer. | 9.3 |
2012-12-18 | CVE-2012-6422 | Meizu Samsung | Permissions, Privileges, and Access Controls vulnerability in multiple products The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | 9.3 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-20 | CVE-2012-4856 | IBM | Credentials Management vulnerability in IBM Power 5 and Power 5 System Firmware The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | 7.9 |
2012-12-23 | CVE-2012-6427 | Carlosgavazzi | SQL Injection vulnerability in Carlosgavazzi products Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. | 7.5 |
2012-12-20 | CVE-2012-5469 | Phpmyadmin Wordpress | Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | 7.5 |
2012-12-18 | CVE-2012-5468 | Bogofilter Project | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bogofilter Project Bogofilter Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters. | 7.5 |
2012-12-18 | CVE-2012-5195 | Perl | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Perl Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. | 7.5 |
2012-12-21 | CVE-2012-4859 | IBM | Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. | 7.2 |
2012-12-18 | CVE-2012-4350 | Symantec | Local Privilege Escalation vulnerability in Symantec Enterprise Security Manager/Agent Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. | 7.2 |
2012-12-18 | CVE-2012-4348 | Symantec | Improper Input Validation vulnerability in Symantec Endpoint Protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.2 |
31 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-21 | CVE-2012-3133 | Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors. | 6.8 |
2012-12-19 | CVE-2012-5992 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. | 6.8 |
2012-12-19 | CVE-2012-5178 | Welcart Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Welcart Plugin 0.5/0.9.1/1.2.1 Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. | 6.8 |
2012-12-19 | CVE-2012-5967 | Merethis | SQL Injection vulnerability in Merethis Centreon SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | 6.5 |
2012-12-18 | CVE-2012-5610 | Owncloud | Improper Input Validation vulnerability in Owncloud Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name. | 6.5 |
2012-12-18 | CVE-2012-5609 | Owncloud | Unspecified vulnerability in Owncloud Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. | 6.5 |
2012-12-21 | CVE-2012-5954 | IBM | Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors. | 6.4 |
2012-12-19 | CVE-2012-5991 | Cisco | Unspecified vulnerability in Cisco products screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209. | 6.3 |
2012-12-19 | CVE-2012-5970 | Huawei | Unspecified vulnerability in Huawei E585 and E585U-82 The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software. | 6.1 |
2012-12-18 | CVE-2012-4898 | Tropos | Cryptographic Issues vulnerability in Tropos products Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | 6.1 |
2012-12-21 | CVE-2012-3482 | Fetchmail | Remote Denial of Service vulnerability in Fetchmail NTLM Authentication Debug Mode Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. | 5.8 |
2012-12-20 | CVE-2012-5765 | IBM | Information Exposure vulnerability in IBM Rational Clearquest The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. | 5.0 |
2012-12-19 | CVE-2012-5978 | Vmware | Path Traversal vulnerability in VMWare View Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2012-12-18 | CVE-2012-5607 | Owncloud | Credentials Management vulnerability in Owncloud The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack." | 5.0 |
2012-12-18 | CVE-2012-5574 | Sensiolabs | Permissions, Privileges, and Access Controls vulnerability in Sensiolabs Symfony lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | 5.0 |
2012-12-19 | CVE-2012-5969 | Huawei | Path Traversal vulnerability in Huawei E585 and E585U-82 Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. | 4.8 |
2012-12-19 | CVE-2012-5968 | Huawei | Improper Input Validation vulnerability in Huawei E585 and E585U-82 The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. | 4.8 |
2012-12-23 | CVE-2012-4698 | Siemens | Information Exposure vulnerability in Siemens products Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. | 4.3 |
2012-12-21 | CVE-2012-5181 | Concrete5 | Cross-Site Scripting vulnerability in Concrete5 Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-12-21 | CVE-2011-2728 | Perl | Remote Code Execution vulnerability in Perl 'decode_xs()' and 'File::Glob::bsd_glob()' The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. | 4.3 |
2012-12-20 | CVE-2012-4839 | IBM | Unspecified vulnerability in IBM Rational Clearquest The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. | 4.3 |
2012-12-20 | CVE-2012-3428 | Jboss | Credentials Management vulnerability in Jboss Ironjacamar The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt. | 4.3 |
2012-12-19 | CVE-2012-6007 | Cisco | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992. | 4.3 |
2012-12-19 | CVE-2012-5177 | Welcart Wordpress | Cross-Site Scripting vulnerability in Welcart Plugin Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-12-19 | CVE-2012-4846 | IBM | Information Exposure vulnerability in IBM Lotus Notes IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. | 4.3 |
2012-12-19 | CVE-2012-4431 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. | 4.3 |
2012-12-19 | CVE-2012-3546 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. | 4.3 |
2012-12-18 | CVE-2012-5608 | Owncloud | Cross-Site Scripting vulnerability in Owncloud 4.5.0/4.5.1 Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters. | 4.3 |
2012-12-18 | CVE-2012-5606 | Owncloud | Cross-Site Scripting vulnerability in Owncloud Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js. | 4.3 |
2012-12-21 | CVE-2012-6325 | Vmware | Information Exposure vulnerability in VMWare Vcenter Server Appliance 5.0 VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
2012-12-21 | CVE-2012-6324 | Vmware | Path Traversal vulnerability in VMWare Vcenter Server Appliance 5.0/5.1 Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-21 | CVE-2012-1699 | X Xfree86 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference. | 3.6 |
2012-12-20 | CVE-2012-5638 | Ovirt | Permissions, Privileges, and Access Controls vulnerability in Ovirt Sanlock The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations. | 3.6 |
2012-12-19 | CVE-2012-4848 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Foundations Start Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field. | 3.5 |
2012-12-18 | CVE-2012-5571 | Openstack | Credentials Management vulnerability in Openstack Essex and Folsom OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | 3.5 |
2012-12-19 | CVE-2012-3329 | IBM Linux | Link Following vulnerability in IBM Advanced Settings Utility and Bootable Media Creator IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file. | 3.3 |
2012-12-18 | CVE-2012-4691 | Siemens | Resource Management Errors vulnerability in Siemens Automation License Manager 4.0/5.0/5.1 Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. | 3.3 |
2012-12-19 | CVE-2012-4534 | Apache | Resource Management Errors vulnerability in Apache Tomcat org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. | 2.6 |
2012-12-21 | CVE-2010-2387 | Gnome | Credentials Management vulnerability in Gnome Display Manager vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | 1.9 |
2012-12-18 | CVE-2012-4693 | Invensys Siemens | Cryptographic Issues vulnerability in multiple products Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. | 1.9 |