Weekly Vulnerabilities Reports > January 21 to 27, 2013

Overview

93 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 110 products from 51 vendors including Moodle, Rockwellautomation, Cisco, Google, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Information Exposure".

  • 85 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 27 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 81 reported vulnerabilities are exploitable by an anonymous user.
  • Moodle has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-27 CVE-2013-0462 IBM Security Bypass vulnerability in IBM WebSphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.

10.0
2013-01-25 CVE-2012-3278 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Diagnostics Server

Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet.

10.0
2013-01-24 CVE-2013-0842 Google Security vulnerability in Google Chrome

Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.

10.0
2013-01-24 CVE-2013-0840 Google Security vulnerability in Google Chrome

Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.

10.0
2013-01-24 CVE-2012-6437 Rockwellautomation Improper Authentication vulnerability in Rockwellautomation products

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image.

10.0
2013-01-24 CVE-2012-6503 Ninjaforge
Joomla
Security vulnerability in Ninjaforge COM Ninjaxplorer 1.0.4/1.0.5/1.0.6

Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.

10.0
2013-01-21 CVE-2012-6069 3S Software Path Traversal vulnerability in 3S-Software Codesys Runtime System

Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a ..

10.0
2013-01-21 CVE-2012-6068 3S Software Permissions, Privileges, and Access Controls vulnerability in 3S-Software Codesys Runtime System

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.

10.0
2013-01-21 CVE-2013-0657 Schneider Electric Buffer Errors vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/9.0

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.

10.0
2013-01-27 CVE-2013-0654 GE Improper Input Validation vulnerability in GE products

CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet.

9.3
2013-01-26 CVE-2012-4914 Coolpdf Buffer Errors vulnerability in Coolpdf 3.0.2.256

Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.

9.3
2013-01-24 CVE-2012-6440 Rockwellautomation Improper Authentication vulnerability in Rockwellautomation products

The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic.

9.3
2013-01-21 CVE-2013-0928 EMC OS Command Injection vulnerability in EMC Alphastor 4.0

The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.

9.3
2013-01-21 CVE-2013-0655 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

9.3
2013-01-24 CVE-2013-1105 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653.

9.0
2013-01-24 CVE-2013-1104 Cisco Multiple Security vulnerability in Cisco Wireless LAN Controller

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.

9.0

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-24 CVE-2012-6439 Rockwellautomation Denial of Service vulnerability in Rockwell Automation ControlLogix

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters.

8.5
2013-01-27 CVE-2012-5484 Redhat Cryptographic Issues vulnerability in Redhat Freeipa

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

7.9
2013-01-24 CVE-2013-1103 Cisco Multiple Security vulnerability in Cisco Wireless LAN Controller

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.

7.8
2013-01-24 CVE-2013-1102 Cisco Multiple Security vulnerability in Cisco Wireless LAN Controller

The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743.

7.8
2013-01-24 CVE-2012-6442 Rockwellautomation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation products

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset.

7.8
2013-01-24 CVE-2012-6438 Rockwellautomation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation products

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet.

7.8
2013-01-24 CVE-2012-6436 Rockwellautomation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation products

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (CPU crash and communication outage) via a malformed CIP packet.

7.8
2013-01-24 CVE-2012-6435 Rockwellautomation Resource Management Errors vulnerability in Rockwellautomation products

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a logic-execution stop and fault.

7.8
2013-01-26 CVE-2013-0107 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit Advanced PDF Editor 3.0

Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security cookie.

7.6
2013-01-21 CVE-2013-0929 EMC USE of Externally-Controlled Format String vulnerability in EMC Alphastor 4.0

Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command.

7.6
2013-01-24 CVE-2013-0843 Google
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.

7.5
2013-01-24 CVE-2013-0841 Google Improper Input Validation vulnerability in Google Chrome

Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2013-01-24 CVE-2013-0839 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.

7.5
2013-01-24 CVE-2012-6520 Wikidforum SQL Injection vulnerability in Wikidforum 2.10

Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters.

7.5
2013-01-24 CVE-2012-6519 DIY CMS SQL Injection vulnerability in Diy-Cms 1.0

SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.

7.5
2013-01-24 CVE-2012-6516 Shawn Bradley SQL Injection vulnerability in Shawn Bradley PHP Ticket System 1.0

SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.

7.5
2013-01-24 CVE-2012-6509 Netartmedia Portal Arbitrary File Upload and HTML Injection vulnerability in Netartmedia CAR Portal 3.0

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.

7.5
2013-01-24 CVE-2012-6507 Jason Sexauer SQL Injection vulnerability in Jason Sexauer Churchcms 0.0.1

Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action.

7.5
2013-01-24 CVE-2012-6504 Shawn Bradley SQL Injection vulnerability in Shawn Bradley PHP Volunteer Management 1.0.2

SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2013-01-23 CVE-2013-0209 Sixapart Improper Authentication vulnerability in Sixapart Movable Type

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

7.5
2013-01-22 CVE-2012-6096 Nagios
Icinga
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

7.5
2013-01-21 CVE-2012-2291 EMC
Apple
HP
Permissions, Privileges, and Access Controls vulnerability in EMC Avamar and Avamar Plugin

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

7.2
2013-01-25 CVE-2012-5689 ISC
Redhat
Canonical
Improper Input Validation vulnerability in multiple products

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

7.1

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-22 CVE-2012-2137 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.

6.9
2013-01-27 CVE-2012-6103 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.

6.8
2013-01-27 CVE-2013-0460 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server

Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

6.8
2013-01-24 CVE-2012-6518 DIY CMS Cross-Site Request Forgery (CSRF) vulnerability in Diy-Cms 1.0

Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.

6.8
2013-01-24 CVE-2012-6508 Netartmedia Cross-Site Request Forgery (CSRF) vulnerability in Netartmedia CAR Portal 3.0

Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.

6.8
2013-01-24 CVE-2012-1922 Sitecom Cross-Site Request Forgery (CSRF) vulnerability in Sitecom Wlm-2501

Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.

6.8
2013-01-21 CVE-2013-0656 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Simatic Rf-Manager and Simatic Rf-Manager 2008

Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.

6.8
2013-01-22 CVE-2012-4414 Oracle
Mariadb
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.

6.5
2013-01-27 CVE-2012-6102 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.

6.4
2013-01-27 CVE-2012-6101 Moodle Improper Input Validation vulnerability in Moodle

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.

5.8
2013-01-26 CVE-2012-0435 Suse Hosts List Modification Information Disclosure vulnerability in Suse Webyast 1.2

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.

5.8
2013-01-24 CVE-2012-6085 Gnupg Improper Input Validation vulnerability in Gnupg

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

5.8
2013-01-22 CVE-2012-4918 Activision Improper Input Validation vulnerability in Activision Call of Duty Elite 2.0.1

Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack.

5.8
2013-01-27 CVE-2012-6106 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle 2.4.0

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.

5.5
2013-01-22 CVE-2012-2119 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.

5.2
2013-01-27 CVE-2012-6112 Tinymce
Moodle
Permissions, Privileges, and Access Controls vulnerability in multiple products

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

5.0
2013-01-27 CVE-2012-6105 Moodle Information Exposure vulnerability in Moodle

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.

5.0
2013-01-27 CVE-2012-6104 Moodle Information Exposure vulnerability in Moodle

blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.

5.0
2013-01-27 CVE-2013-0652 GE Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5

GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call.

5.0
2013-01-27 CVE-2013-0651 GE Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request.

5.0
2013-01-26 CVE-2012-4917 Tripadvisor Cryptographic Issues vulnerability in Tripadvisor 6.6

The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2013-01-24 CVE-2012-6441 Rockwellautomation Information Exposure vulnerability in Rockwellautomation products

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet.

5.0
2013-01-24 CVE-2012-6515 Efrontlearning Information Exposure vulnerability in Efrontlearning Efront 3.6.10/3.6.11

eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message.

5.0
2013-01-24 CVE-2012-6512 Organizer Project Information Exposure vulnerability in Organizer Project Organizer

The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php.

5.0
2013-01-22 CVE-2012-3364 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.

5.0
2013-01-22 CVE-2012-2372 Linux Local Denial of Service vulnerability in Linux Kernel Reliable Datagram Sockets (RDS)

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.

4.4
2013-01-27 CVE-2013-0653 GE Path Traversal vulnerability in GE products

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.

4.3
2013-01-27 CVE-2013-0461 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-01-27 CVE-2013-0459 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-01-27 CVE-2013-0458 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-01-26 CVE-2012-6276 TP Link Path Traversal vulnerability in Tp-Link Tl-Wr841N and Tl-Wr841N Firmware

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.

4.3
2013-01-25 CVE-2012-6272 Dell Cross-Site Scripting vulnerability in Dell Openmanage Server Administrator 6.5.0.1/7.0.0.1/7.1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/.

4.3
2013-01-24 CVE-2012-5670 Freetype Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.

4.3
2013-01-24 CVE-2012-5669 Freetype Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.

4.3
2013-01-24 CVE-2012-5668 Freetype Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype

FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.

4.3
2013-01-24 CVE-2012-6521 Elefantcms Cross-Site Scripting vulnerability in Elefantcms 1.2.0

Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions.

4.3
2013-01-24 CVE-2012-6517 DIY CMS Cross-Site Scripting vulnerability in Diy-Cms 1.0

Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php.

4.3
2013-01-24 CVE-2012-6514 Netshinesoftware
Joomla
Cross-Site Scripting vulnerability in Netshinesoftware COM Netinvoice 2.3.2

Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.

4.3
2013-01-24 CVE-2012-6513 Gpeasy Cross-Site Scripting vulnerability in Gpeasy CMS 2.3.3

Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter.

4.3
2013-01-24 CVE-2012-6511 Organizer Project Cross-Site Scripting vulnerability in Organizer Project Organizer

Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php.

4.3
2013-01-24 CVE-2012-6510 Netartmedia Cross-Site Scripting vulnerability in Netartmedia CAR Portal 3.0

Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile.

4.3
2013-01-24 CVE-2012-6506 Zingiri
Wordpress
Cross-Site Scripting vulnerability in Zingiri web Shop 2.4.0

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.

4.3
2013-01-24 CVE-2012-6505 Shawn Bradley Cross-Site Scripting vulnerability in Shawn Bradley PHP Volunteer Management 1.0.2

Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2013-01-24 CVE-2012-2099 Wikidforum Cross-Site Scripting vulnerability in Wikidforum 2.10

Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.

4.3
2013-01-24 CVE-2011-4618 Simplerealtytheme
Wordpress
Cross-Site Scripting vulnerability in Simplerealtytheme Advanced Text Widget Plugin 2.0.1

Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2013-01-27 CVE-2012-6100 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.

4.0
2013-01-27 CVE-2012-6099 Moodle Improper Input Validation vulnerability in Moodle

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.

4.0
2013-01-27 CVE-2012-6098 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.

4.0
2013-01-21 CVE-2013-1110 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Training Center

Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065.

4.0
2013-01-21 CVE-2013-1108 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Training Center

Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-22 CVE-2012-6502 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.

2.6
2013-01-22 CVE-2012-4461 Linux Local Denial of Service vulnerability in Linux Kernel KVM

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.

1.9
2013-01-22 CVE-2012-5616 Apache
Citrix
Credentials Management vulnerability in multiple products

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

1.5
2013-01-24 CVE-2012-6095 Proftpd Race Condition vulnerability in Proftpd

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

1.2