Weekly Vulnerabilities Reports > December 24 to 30, 2012

Overview

49 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 53 products from 34 vendors including Drupal, Microfocus, IBM, Openconstructor Project, and Linux. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", "Improper Input Validation", and "SQL Injection".

  • 41 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 40 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Microfocus has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-26 CVE-2012-6299 CA Unspecified vulnerability in CA Identityminder R12.5/R12.6

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.

10.0
2012-12-26 CVE-2012-6298 CA Unspecified vulnerability in CA Identityminder R12.5/R12.6

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.

10.0
2012-12-25 CVE-2012-0432 Microfocus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microfocus Edirectory 8.8.7.0/8.8.7.1

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.

10.0
2012-12-24 CVE-2012-5932 Microfocus Code Injection vulnerability in Microfocus Privileged User Manager 2.3.0/2.3.1

Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.

10.0
2012-12-24 CVE-2012-0411 Novell Remote Code Execution vulnerability in Novell iPrint Client

Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action.

10.0
2012-12-30 CVE-2012-4792 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7/8

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

9.3
2012-12-26 CVE-2012-5161 Citrix Remote Code Execution vulnerability in Citrix Xenapp 6.5.0.0

The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-26 CVE-2012-4816 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Rational Automation Framework

IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.

7.5
2012-12-26 CVE-2012-5590 Scripthead
Drupal
SQL Injection vulnerability in Scripthead Webmail Plus

SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-12-26 CVE-2012-5951 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview

Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.

7.2

26 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-28 CVE-2012-5445 Cisco Improper Input Validation vulnerability in Cisco products

The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.

6.8
2012-12-27 CVE-2012-6432 Sensiolabs Permissions, Privileges, and Access Controls vulnerability in Sensiolabs Symfony

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.

6.8
2012-12-28 CVE-2012-3873 Openconstructor Project SQL Injection vulnerability in Openconstructor Project Openconstructor 3.12.0

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.

6.5
2012-12-27 CVE-2012-6431 Sensiolabs Permissions, Privileges, and Access Controls vulnerability in Sensiolabs Symfony

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

6.4
2012-12-25 CVE-2012-0430 Microfocus Unspecified vulnerability in Microfocus Edirectory

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.

6.4
2012-12-24 CVE-2012-5930 Microfocus Improper Authentication vulnerability in Microfocus Privileged User Manager 2.3.0/2.3.1

The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.

6.4
2012-12-28 CVE-2012-0741 IBM Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

5.8
2012-12-28 CVE-2012-0738 IBM Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

5.8
2012-12-24 CVE-2012-5931 Microfocus Path Traversal vulnerability in Microfocus Privileged User Manager 2.3.0/2.3.1

Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.

5.5
2012-12-28 CVE-2012-4528 Trustwave
Opensuse
Fedoraproject
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5.0
2012-12-26 CVE-2012-6314 Citrix Local Security Bypass vulnerability in Citrix Xendesktop 5.6

Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.

5.0
2012-12-26 CVE-2012-4616 EMC Path Traversal vulnerability in EMC Data Protection Advisor 5.6/5.7/5.8

Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2012-12-27 CVE-2012-5532 Linux Denial of Service vulnerability in Linux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink Packet Processing

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message.

4.9
2012-12-28 CVE-2012-6369 1Password Cross-Site Scripting vulnerability in 1Password 3.9.9

Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action.

4.3
2012-12-28 CVE-2012-4932 Simple Invoices Cross-Site Scripting vulnerability in Simple Invoices Simple Invoices

Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action.

4.3
2012-12-28 CVE-2012-3872 Openconstructor Project Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0

Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.

4.3
2012-12-26 CVE-2012-5625 Openstack Information Exposure vulnerability in Openstack Folsom and Grizzly

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

4.3
2012-12-26 CVE-2012-0962 Sebastian Heinlein
Canonical
Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
4.3
2012-12-26 CVE-2012-0958 PS Project Management Team Information Disclosure vulnerability in PS Project Management Team Unity-Firefox-Extension 2.4.1

content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.

4.3
2012-12-26 CVE-2012-5591 Catalin Florian Radut
Drupal
Cross-Site Scripting vulnerability in Catalin Florian Radut Zeropoint

Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases.

4.3
2012-12-26 CVE-2012-5587 Epiqo
Drupal
Cross-Site Scripting vulnerability in Epiqo Email

Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.

4.3
2012-12-26 CVE-2012-5584 M2Osw
Drupal
Permissions, Privileges, and Access Controls vulnerability in M2Osw Tableofcontents

The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.

4.3
2012-12-26 CVE-2012-5182 Naver Information Exposure vulnerability in Naver Loctouch 3.4.6

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application.

4.3
2012-12-26 CVE-2012-5180 Opera Information Exposure vulnerability in Opera Mini and Opera Mobile

The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.

4.3
2012-12-25 CVE-2012-0428 Microfocus Cross-Site Scripting vulnerability in Microfocus Edirectory

Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-12-25 CVE-2012-0429 Microfocus Unspecified vulnerability in Microfocus Edirectory

dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-28 CVE-2012-3871 Openconstructor Project Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0

Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.

3.5
2012-12-28 CVE-2012-3870 Openconstructor Project Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0

Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter.

3.5
2012-12-26 CVE-2012-5589 Netgenius
Drupal
Information Exposure vulnerability in Netgenius Multilink

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.

3.5
2012-12-24 CVE-2012-4046 D Link Information Exposure vulnerability in D-Link Dcs-932L and Dcs-932L Firmware

The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.

3.3
2012-12-27 CVE-2012-5868 Wordpress Information Exposure vulnerability in Wordpress 3.4.2

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

2.6
2012-12-26 CVE-2012-5588 Epiqo
Drupal
Permissions, Privileges, and Access Controls vulnerability in Epiqo Email

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors.

2.6
2012-12-26 CVE-2012-5183 Naver Information Exposure vulnerability in Naver Loctouch 3.4.6

The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.

2.6
2012-12-27 CVE-2012-2669 Linux Improper Input Validation vulnerability in Linux Kernel

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.

2.1
2012-12-26 CVE-2012-5483 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Keystone 2012.1.3

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.

2.1
2012-12-26 CVE-2012-0961 Debian Information Exposure vulnerability in Debian Advanced Package Tool and APT

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.

2.1
2012-12-26 CVE-2012-5586 Marc Ingram
Drupal
Permissions, Privileges, and Access Controls vulnerability in Marc Ingram Services

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."

2.1
2012-12-26 CVE-2012-5585 Mixpanel Project
Drupal
Cross-Site Scripting vulnerability in Mixpanel Project Mixpanel 6.X1.0/6.X1.X

Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.

2.1
2012-12-26 CVE-2012-5179 Boatmob Permissions, Privileges, and Access Controls vulnerability in Boatmob Boat Browser and Boat Browser Mini

The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.

2.1