Weekly Vulnerabilities Reports > May 6 to 12, 2013

Overview

58 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 25 vendors including Gwos, Cisco, EMC, IBM, and Wordpress. Vulnerabilities are notably categorized as "SQL Injection", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Input Validation", and "Information Exposure".

  • 57 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 41 reported vulnerabilities are exploitable by an anonymous user.
  • Gwos has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Invensys has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-10 CVE-2012-6552 Phpvms Security vulnerability in PHPvms 2.1.934

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors.

10.0
2013-05-09 CVE-2013-1221 Cisco Configuration vulnerability in Cisco Unified Customer Voice Portal

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

10.0
2013-05-10 CVE-2013-0946 EMC Buffer Errors vulnerability in EMC Alphastor 4.0

Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.

9.3
2013-05-09 CVE-2013-0686 Invensys Improper Input Validation vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

9.3
2013-05-09 CVE-2013-0685 Invensys Permissions, Privileges, and Access Controls vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors.

9.3
2013-05-09 CVE-2013-0600 IBM Security vulnerability in IBM products

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors.

9.3

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-09 CVE-2013-1225 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Customer Voice Portal

Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.

7.8
2013-05-09 CVE-2013-1224 Cisco Path Traversal vulnerability in Cisco Unified Customer Voice Portal

Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.

7.8
2013-05-09 CVE-2013-1223 Cisco Improper Input Validation vulnerability in Cisco Unified Customer Voice Portal

The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372.

7.8
2013-05-09 CVE-2013-1222 Cisco Configuration vulnerability in Cisco Unified Customer Voice Portal

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.

7.8
2013-05-09 CVE-2013-1220 Cisco Remote Denial of Service vulnerability in Cisco Unified Customer Voice Portal

The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148.

7.8
2013-05-10 CVE-2013-3533 Virtualaccess SQL Injection vulnerability in Virtualaccess Virtual Access Monitor

Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-05-10 CVE-2013-3532 Webdorado
Wordpress
SQL Injection vulnerability in Webdorado Spider Video Player 2.1

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.

7.5
2013-05-10 CVE-2013-3531 Radiocms SQL Injection vulnerability in Radiocms 2.2

SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.

7.5
2013-05-10 CVE-2013-3530 Fabricio Zuardi
Wordpress
SQL Injection vulnerability in Fabricio Zuardi Xspf Player Plugin 0.1

SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.

7.5
2013-05-10 CVE-2013-3528 Vanillaforums PHP Code Injection vulnerability in Vanillaforums Vanilla

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."

7.5
2013-05-10 CVE-2013-3527 Vanillaforums SQL Injection vulnerability in Vanillaforums Vanilla

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

7.5
2013-05-10 CVE-2013-3524 Simpilotgroup SQL Injection vulnerability in Simpilotgroup POP UP News 2.0

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

7.5
2013-05-10 CVE-2013-3523 Gajennings SQL Injection vulnerability in Gajennings This

SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL.

7.5
2013-05-09 CVE-2013-0684 Invensys SQL Injection vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0

SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-05-08 CVE-2013-3506 Gwos Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.

7.5
2013-05-08 CVE-2013-3500 Gwos Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0

The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script.

7.5
2013-05-08 CVE-2013-3499 Gwos Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.

7.5

32 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-10 CVE-2013-2977 IBM
Microsoft
Linux
Numeric Errors vulnerability in IBM Lotus Notes

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.

6.8
2013-05-10 CVE-2013-2707 Netweblogic
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Netweblogic Login With Ajax

Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.

6.8
2013-05-08 CVE-2013-3513 Gwos Cross-Site Request Forgery (CSRF) vulnerability in Gwos Groundwork Monitor 6.7.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) store XSS sequences or (2) delete entries.

6.8
2013-05-10 CVE-2013-3522 Vbulletin SQL Injection vulnerability in Vbulletin 5.0.0

SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.

6.5
2013-05-08 CVE-2013-3512 Gwos Improper Input Validation vulnerability in Gwos Groundwork Monitor 6.7.0

The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspecified vectors, as demonstrated by reading credentials.

6.5
2013-05-08 CVE-2013-3510 Gwos SQL Injection vulnerability in Gwos Groundwork Monitor 6.7.0

Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component.

6.5
2013-05-08 CVE-2013-3509 Gwos Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0

html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu.

6.5
2013-05-08 CVE-2013-3508 Gwos Code Injection vulnerability in Gwos Groundwork Monitor 6.7.0

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.

6.5
2013-05-08 CVE-2013-3502 Gwos Credentials Management vulnerability in Gwos Groundwork Monitor 6.7.0

monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie.

6.5
2013-05-08 CVE-2013-1241 Cisco Improper Authentication vulnerability in Cisco products

The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025.

6.3
2013-05-10 CVE-2013-0939 EMC Improper Input Validation vulnerability in EMC products

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.

5.8
2013-05-10 CVE-2013-0937 EMC Improper Authentication vulnerability in EMC products

Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.

5.8
2013-05-08 CVE-2013-3511 Gwos Improper Input Validation vulnerability in Gwos Groundwork Monitor 6.7.0

Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2013-05-08 CVE-2013-3504 Gwos Path Traversal vulnerability in Gwos Groundwork Monitor 6.7.0

Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account.

5.5
2013-05-10 CVE-2013-1242 Cisco Resource Management Errors vulnerability in Cisco Unified Presence Server

Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.

5.0
2013-05-10 CVE-2013-0519 IBM Information Exposure vulnerability in IBM Sterling Secure Proxy

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string.

5.0
2013-05-09 CVE-2013-3336 Adobe Information Disclosure vulnerability in Adobe ColdFusion

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2013-05-08 CVE-2013-3497 Juniper Credentials Management vulnerability in Juniper products

Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.

4.7
2013-05-10 CVE-2013-3529 Smartypantsplugins
Wordpress
Cross-Site Scripting vulnerability in Smartypantsplugins Wp-Funeral-Press

Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.

4.3
2013-05-10 CVE-2013-3526 Wptrafficanalyzer
Wordpress
Cross-Site Scripting vulnerability in Wptrafficanalyzer Trafficanalyzer

Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.

4.3
2013-05-10 CVE-2013-3254 Wppa Opajaap
Wordpress
Cross-Site Scripting vulnerability in Wppa.Opajaap Wp-Photo-Album-Plus 5.0.0/5.0.1/5.0.2

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.

4.3
2013-05-10 CVE-2013-0938 EMC Cross-Site Scripting vulnerability in EMC products

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-10 CVE-2013-0518 IBM Improper Input Validation vulnerability in IBM Sterling Secure Proxy

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3
2013-05-09 CVE-2013-0688 Invensys Cross-Site Scripting vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0

Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-08 CVE-2013-3501 Gwos Cross-Site Scripting vulnerability in Gwos Groundwork Monitor 6.7.0

Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component.

4.3
2013-05-07 CVE-2013-0933 EMC Cross-Site Scripting vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-10 CVE-2013-0520 IBM Improper Input Validation vulnerability in IBM Sterling Secure Proxy

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

4.0
2013-05-09 CVE-2013-2308 Softbanktech Information Exposure vulnerability in Softbanktech Online Service Gate

The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors.

4.0
2013-05-08 CVE-2013-3507 Gwos Information Exposure vulnerability in Gwos Groundwork Monitor 6.7.0

The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context.

4.0
2013-05-08 CVE-2013-3505 Gwos Credentials Management vulnerability in Gwos Groundwork Monitor 6.7.0

The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a (1) log file or (2) configuration file.

4.0
2013-05-07 CVE-2013-0934 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite

EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.

4.0
2013-05-07 CVE-2013-0932 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite

EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-10 CVE-2013-0578 IBM Improper Authentication vulnerability in IBM products

The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.

3.5
2013-05-09 CVE-2013-1611 Symantec Cross-Site Scripting vulnerability in Symantec Brightmail Gateway 9.5/9.5.1

Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-05-08 CVE-2013-3503 Gwos Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0

The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

3.5