Weekly Vulnerabilities Reports > January 21 to 27, 2013
Overview
79 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 43 vendors including Moodle, Rockwellautomation, Cisco, IBM, and GE. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", and "Improper Input Validation".
- 76 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 71 reported vulnerabilities are exploitable by an anonymous user.
- Moodle has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Rockwellautomation has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-01-27 | CVE-2013-0462 | IBM | Security Bypass vulnerability in IBM WebSphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. | 10.0 |
2013-01-25 | CVE-2012-3278 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Diagnostics Server Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet. | 10.0 |
2013-01-24 | CVE-2012-6437 | Rockwellautomation | Improper Authentication vulnerability in Rockwellautomation products Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image. | 10.0 |
2013-01-24 | CVE-2012-6503 | Ninjaforge Joomla | Security vulnerability in Ninjaforge COM Ninjaxplorer 1.0.4/1.0.5/1.0.6 Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. | 10.0 |
2013-01-21 | CVE-2012-6069 | 3S Software | Path Traversal vulnerability in 3S-Software Codesys Runtime System Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. | 10.0 |
2013-01-21 | CVE-2012-6068 | 3S Software | Permissions, Privileges, and Access Controls vulnerability in 3S-Software Codesys Runtime System The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service. | 10.0 |
2013-01-21 | CVE-2013-0657 | Schneider Electric | Buffer Errors vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/9.0 Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. | 10.0 |
2013-01-27 | CVE-2013-0654 | GE | Improper Input Validation vulnerability in GE products CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. | 9.3 |
2013-01-26 | CVE-2012-4914 | Coolpdf | Buffer Errors vulnerability in Coolpdf 3.0.2.256 Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream. | 9.3 |
2013-01-24 | CVE-2012-6440 | Rockwellautomation | Improper Authentication vulnerability in Rockwellautomation products The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic. | 9.3 |
2013-01-21 | CVE-2013-0928 | EMC | OS Command Injection vulnerability in EMC Alphastor 4.0 The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | 9.3 |
2013-01-21 | CVE-2013-0655 | Schneider Electric | Improper Input Validation vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1 The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. | 9.3 |
2013-01-24 | CVE-2013-1105 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. | 9.0 |
2013-01-24 | CVE-2013-1104 | Cisco | Multiple Security vulnerability in Cisco Wireless LAN Controller The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. | 9.0 |
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-01-24 | CVE-2012-6439 | Rockwellautomation | Denial of Service vulnerability in Rockwell Automation ControlLogix Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters. | 8.5 |
2013-01-27 | CVE-2012-5484 | Redhat | Cryptographic Issues vulnerability in Redhat Freeipa The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. | 7.9 |
2013-01-24 | CVE-2013-1103 | Cisco | Multiple Security vulnerability in Cisco Wireless LAN Controller Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. | 7.8 |
2013-01-24 | CVE-2013-1102 | Cisco | Multiple Security vulnerability in Cisco Wireless LAN Controller The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743. | 7.8 |
2013-01-24 | CVE-2012-6442 | Rockwellautomation | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation products Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset. | 7.8 |
2013-01-24 | CVE-2012-6438 | Rockwellautomation | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation products Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet. | 7.8 |
2013-01-24 | CVE-2012-6436 | Rockwellautomation | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation products Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (CPU crash and communication outage) via a malformed CIP packet. | 7.8 |
2013-01-24 | CVE-2012-6435 | Rockwellautomation | Resource Management Errors vulnerability in Rockwellautomation products Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a logic-execution stop and fault. | 7.8 |
2013-01-26 | CVE-2013-0107 | Foxitsoftware | Buffer Errors vulnerability in Foxitsoftware Foxit Advanced PDF Editor 3.0 Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security cookie. | 7.6 |
2013-01-21 | CVE-2013-0929 | EMC | USE of Externally-Controlled Format String vulnerability in EMC Alphastor 4.0 Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. | 7.6 |
2013-01-24 | CVE-2012-6520 | Wikidforum | SQL Injection vulnerability in Wikidforum 2.10 Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. | 7.5 |
2013-01-24 | CVE-2012-6519 | DIY CMS | SQL Injection vulnerability in Diy-Cms 1.0 SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. | 7.5 |
2013-01-24 | CVE-2012-6516 | Shawn Bradley | SQL Injection vulnerability in Shawn Bradley PHP Ticket System 1.0 SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. | 7.5 |
2013-01-24 | CVE-2012-6509 | Netartmedia | Portal Arbitrary File Upload and HTML Injection vulnerability in Netartmedia CAR Portal 3.0 Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. | 7.5 |
2013-01-24 | CVE-2012-6507 | Jason Sexauer | SQL Injection vulnerability in Jason Sexauer Churchcms 0.0.1 Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. | 7.5 |
2013-01-24 | CVE-2012-6504 | Shawn Bradley | SQL Injection vulnerability in Shawn Bradley PHP Volunteer Management 1.0.2 SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2013-01-23 | CVE-2013-0209 | Sixapart | Improper Authentication vulnerability in Sixapart Movable Type lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. | 7.5 |
2013-01-22 | CVE-2012-6096 | Nagios Icinga | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. | 7.5 |
2013-01-21 | CVE-2012-2291 | EMC Apple HP | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar and Avamar Plugin EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. | 7.2 |
2013-01-25 | CVE-2012-5689 | ISC Redhat Canonical | Improper Input Validation vulnerability in multiple products ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. | 7.1 |
43 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-01-27 | CVE-2012-6103 | Moodle | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. | 6.8 |
2013-01-27 | CVE-2013-0460 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. | 6.8 |
2013-01-24 | CVE-2012-6518 | DIY CMS | Cross-Site Request Forgery (CSRF) vulnerability in Diy-Cms 1.0 Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module. | 6.8 |
2013-01-24 | CVE-2012-6508 | Netartmedia | Cross-Site Request Forgery (CSRF) vulnerability in Netartmedia CAR Portal 3.0 Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php. | 6.8 |
2013-01-24 | CVE-2012-1922 | Sitecom | Cross-Site Request Forgery (CSRF) vulnerability in Sitecom Wlm-2501 Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921. | 6.8 |
2013-01-21 | CVE-2013-0656 | Siemens | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Simatic Rf-Manager and Simatic Rf-Manager 2008 Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
2013-01-27 | CVE-2012-6102 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | 6.4 |
2013-01-27 | CVE-2012-6101 | Moodle | Improper Input Validation vulnerability in Moodle Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. | 5.8 |
2013-01-26 | CVE-2012-0435 | Suse | Hosts List Modification Information Disclosure vulnerability in Suse Webyast 1.2 SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. | 5.8 |
2013-01-22 | CVE-2012-4918 | Activision | Improper Input Validation vulnerability in Activision Call of Duty Elite 2.0.1 Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | 5.8 |
2013-01-27 | CVE-2012-6106 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle 2.4.0 calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object. | 5.5 |
2013-01-27 | CVE-2012-6112 | Tinymce Moodle | Permissions, Privileges, and Access Controls vulnerability in multiple products classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. | 5.0 |
2013-01-27 | CVE-2012-6105 | Moodle | Information Exposure vulnerability in Moodle blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. | 5.0 |
2013-01-27 | CVE-2012-6104 | Moodle | Information Exposure vulnerability in Moodle blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. | 5.0 |
2013-01-27 | CVE-2013-0652 | GE | Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. | 5.0 |
2013-01-27 | CVE-2013-0651 | GE | Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. | 5.0 |
2013-01-26 | CVE-2012-4917 | Tripadvisor | Cryptographic Issues vulnerability in Tripadvisor 6.6 The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2013-01-24 | CVE-2012-6441 | Rockwellautomation | Information Exposure vulnerability in Rockwellautomation products Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet. | 5.0 |
2013-01-24 | CVE-2012-6515 | Efrontlearning | Information Exposure vulnerability in Efrontlearning Efront 3.6.10/3.6.11 eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message. | 5.0 |
2013-01-24 | CVE-2012-6512 | Organizer Project | Information Exposure vulnerability in Organizer Project Organizer The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php. | 5.0 |
2013-01-27 | CVE-2013-0653 | GE | Path Traversal vulnerability in GE products Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. | 4.3 |
2013-01-27 | CVE-2013-0461 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-01-27 | CVE-2013-0459 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-01-27 | CVE-2013-0458 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-01-26 | CVE-2012-6276 | TP Link | Path Traversal vulnerability in Tp-Link Tl-Wr841N and Tl-Wr841N Firmware Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. | 4.3 |
2013-01-25 | CVE-2012-6272 | Dell | Cross-Site Scripting vulnerability in Dell Openmanage Server Administrator 6.5.0.1/7.0.0.1/7.1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/. | 4.3 |
2013-01-24 | CVE-2012-5670 | Freetype | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. | 4.3 |
2013-01-24 | CVE-2012-5669 | Freetype | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. | 4.3 |
2013-01-24 | CVE-2012-5668 | Freetype | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. | 4.3 |
2013-01-24 | CVE-2012-6521 | Elefantcms | Cross-Site Scripting vulnerability in Elefantcms 1.2.0 Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. | 4.3 |
2013-01-24 | CVE-2012-6517 | DIY CMS | Cross-Site Scripting vulnerability in Diy-Cms 1.0 Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php. | 4.3 |
2013-01-24 | CVE-2012-6514 | Netshinesoftware Joomla | Cross-Site Scripting vulnerability in Netshinesoftware COM Netinvoice 2.3.2 Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php. | 4.3 |
2013-01-24 | CVE-2012-6513 | Gpeasy | Cross-Site Scripting vulnerability in Gpeasy CMS 2.3.3 Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. | 4.3 |
2013-01-24 | CVE-2012-6511 | Organizer Project | Cross-Site Scripting vulnerability in Organizer Project Organizer Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php. | 4.3 |
2013-01-24 | CVE-2012-6510 | Netartmedia | Cross-Site Scripting vulnerability in Netartmedia CAR Portal 3.0 Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile. | 4.3 |
2013-01-24 | CVE-2012-6506 | Zingiri Wordpress | Cross-Site Scripting vulnerability in Zingiri web Shop 2.4.0 Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. | 4.3 |
2013-01-24 | CVE-2012-6505 | Shawn Bradley | Cross-Site Scripting vulnerability in Shawn Bradley PHP Volunteer Management 1.0.2 Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2013-01-24 | CVE-2012-2099 | Wikidforum | Cross-Site Scripting vulnerability in Wikidforum 2.10 Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search. | 4.3 |
2013-01-27 | CVE-2012-6100 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | 4.0 |
2013-01-27 | CVE-2012-6099 | Moodle | Improper Input Validation vulnerability in Moodle The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. | 4.0 |
2013-01-27 | CVE-2012-6098 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | 4.0 |
2013-01-21 | CVE-2013-1110 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Training Center Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. | 4.0 |
2013-01-21 | CVE-2013-1108 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Training Center Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-01-22 | CVE-2012-6502 | Microsoft | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. | 2.6 |
2013-01-24 | CVE-2012-6095 | Proftpd | Race Condition vulnerability in Proftpd ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. | 1.2 |