Weekly Vulnerabilities Reports > December 24 to 30, 2012
Overview
43 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 43 products from 30 vendors including Drupal, Microfocus, IBM, Openconstructor Project, and Openstack. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", "Improper Input Validation", and "SQL Injection".
- 38 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 34 reported vulnerabilities are exploitable by an anonymous user.
- Drupal has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Microfocus has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-25 | CVE-2012-0432 | Microfocus | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microfocus Edirectory 8.8.7.0/8.8.7.1 Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |
2012-12-24 | CVE-2012-5932 | Microfocus | Code Injection vulnerability in Microfocus Privileged User Manager 2.3.0/2.3.1 Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request. | 10.0 |
2012-12-24 | CVE-2012-0411 | Novell | Remote Code Execution vulnerability in Novell iPrint Client Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. | 10.0 |
2012-12-26 | CVE-2012-5161 | Citrix | Remote Code Execution vulnerability in Citrix Xenapp 6.5.0.0 The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-26 | CVE-2012-4816 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Automation Framework IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. | 7.5 |
2012-12-26 | CVE-2012-5590 | Scripthead Drupal | SQL Injection vulnerability in Scripthead Webmail Plus SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-12-26 | CVE-2012-5951 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. | 7.2 |
25 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-28 | CVE-2012-5445 | Cisco | Improper Input Validation vulnerability in Cisco products The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. | 6.8 |
2012-12-27 | CVE-2012-6432 | Sensiolabs | Permissions, Privileges, and Access Controls vulnerability in Sensiolabs Symfony Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. | 6.8 |
2012-12-28 | CVE-2012-3873 | Openconstructor Project | SQL Injection vulnerability in Openconstructor Project Openconstructor 3.12.0 Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. | 6.5 |
2012-12-27 | CVE-2012-6431 | Sensiolabs | Permissions, Privileges, and Access Controls vulnerability in Sensiolabs Symfony Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. | 6.4 |
2012-12-25 | CVE-2012-0430 | Microfocus | Unspecified vulnerability in Microfocus Edirectory Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. | 6.4 |
2012-12-24 | CVE-2012-5930 | Microfocus | Improper Authentication vulnerability in Microfocus Privileged User Manager 2.3.0/2.3.1 The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. | 6.4 |
2012-12-28 | CVE-2012-0741 | IBM | Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 |
2012-12-28 | CVE-2012-0738 | IBM | Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 |
2012-12-24 | CVE-2012-5931 | Microfocus | Path Traversal vulnerability in Microfocus Privileged User Manager 2.3.0/2.3.1 Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. | 5.5 |
2012-12-28 | CVE-2012-4528 | Trustwave Opensuse Fedoraproject | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. | 5.0 |
2012-12-26 | CVE-2012-6314 | Citrix | Local Security Bypass vulnerability in Citrix Xendesktop 5.6 Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. | 5.0 |
2012-12-26 | CVE-2012-4616 | EMC | Path Traversal vulnerability in EMC Data Protection Advisor 5.6/5.7/5.8 Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2012-12-28 | CVE-2012-6369 | 1Password | Cross-Site Scripting vulnerability in 1Password 3.9.9 Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action. | 4.3 |
2012-12-28 | CVE-2012-4932 | Simple Invoices | Cross-Site Scripting vulnerability in Simple Invoices Simple Invoices Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action. | 4.3 |
2012-12-28 | CVE-2012-3872 | Openconstructor Project | Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0 Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php. | 4.3 |
2012-12-26 | CVE-2012-5625 | Openstack | Information Exposure vulnerability in Openstack Folsom and Grizzly OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). | 4.3 |
2012-12-26 | CVE-2012-0962 | Sebastian Heinlein Canonical | Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. | 4.3 |
2012-12-26 | CVE-2012-0958 | PS Project Management Team | Information Disclosure vulnerability in PS Project Management Team Unity-Firefox-Extension 2.4.1 content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage. | 4.3 |
2012-12-26 | CVE-2012-5591 | Catalin Florian Radut Drupal | Cross-Site Scripting vulnerability in Catalin Florian Radut Zeropoint Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. | 4.3 |
2012-12-26 | CVE-2012-5587 | Epiqo Drupal | Cross-Site Scripting vulnerability in Epiqo Email Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. | 4.3 |
2012-12-26 | CVE-2012-5584 | M2Osw Drupal | Permissions, Privileges, and Access Controls vulnerability in M2Osw Tableofcontents The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | 4.3 |
2012-12-26 | CVE-2012-5182 | Naver | Information Exposure vulnerability in Naver Loctouch 3.4.6 The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. | 4.3 |
2012-12-26 | CVE-2012-5180 | Opera | Information Exposure vulnerability in Opera Mini and Opera Mobile The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | 4.3 |
2012-12-25 | CVE-2012-0428 | Microfocus | Cross-Site Scripting vulnerability in Microfocus Edirectory Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-12-25 | CVE-2012-0429 | Microfocus | Unspecified vulnerability in Microfocus Edirectory dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. | 4.0 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-12-28 | CVE-2012-3871 | Openconstructor Project | Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0 Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. | 3.5 |
2012-12-28 | CVE-2012-3870 | Openconstructor Project | Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0 Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter. | 3.5 |
2012-12-26 | CVE-2012-5589 | Netgenius Drupal | Information Exposure vulnerability in Netgenius Multilink The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. | 3.5 |
2012-12-27 | CVE-2012-5868 | Wordpress | Information Exposure vulnerability in Wordpress 3.4.2 WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. | 2.6 |
2012-12-26 | CVE-2012-5588 | Epiqo Drupal | Permissions, Privileges, and Access Controls vulnerability in Epiqo Email The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. | 2.6 |
2012-12-26 | CVE-2012-5183 | Naver | Information Exposure vulnerability in Naver Loctouch 3.4.6 The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | 2.6 |
2012-12-26 | CVE-2012-5483 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack Keystone 2012.1.3 tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. | 2.1 |
2012-12-26 | CVE-2012-0961 | Debian | Information Exposure vulnerability in Debian Advanced Package Tool and APT Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. | 2.1 |
2012-12-26 | CVE-2012-5586 | Marc Ingram Drupal | Permissions, Privileges, and Access Controls vulnerability in Marc Ingram Services The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | 2.1 |
2012-12-26 | CVE-2012-5585 | Mixpanel Project Drupal | Cross-Site Scripting vulnerability in Mixpanel Project Mixpanel 6.X1.0/6.X1.X Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. | 2.1 |
2012-12-26 | CVE-2012-5179 | Boatmob | Permissions, Privileges, and Access Controls vulnerability in Boatmob Boat Browser and Boat Browser Mini The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | 2.1 |