Weekly Vulnerabilities Reports > May 6 to 12, 2013
Overview
58 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 25 vendors including Gwos, Cisco, EMC, IBM, and Wordpress. Vulnerabilities are notably categorized as "SQL Injection", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Input Validation", and "Information Exposure".
- 57 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities have public exploit available.
- 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 41 reported vulnerabilities are exploitable by an anonymous user.
- Gwos has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Invensys has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-05-10 | CVE-2012-6552 | Phpvms | Security vulnerability in PHPvms 2.1.934 Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors. | 10.0 |
2013-05-09 | CVE-2013-1221 | Cisco | Configuration vulnerability in Cisco Unified Customer Voice Portal The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384. | 10.0 |
2013-05-10 | CVE-2013-0946 | EMC | Buffer Errors vulnerability in EMC Alphastor 4.0 Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. | 9.3 |
2013-05-09 | CVE-2013-0686 | Invensys | Improper Input Validation vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 9.3 |
2013-05-09 | CVE-2013-0685 | Invensys | Permissions, Privileges, and Access Controls vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors. | 9.3 |
2013-05-09 | CVE-2013-0600 | IBM | Security vulnerability in IBM products Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. | 9.3 |
17 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-05-09 | CVE-2013-1225 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Customer Voice Portal Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366. | 7.8 |
2013-05-09 | CVE-2013-1224 | Cisco | Path Traversal vulnerability in Cisco Unified Customer Voice Portal Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369. | 7.8 |
2013-05-09 | CVE-2013-1223 | Cisco | Improper Input Validation vulnerability in Cisco Unified Customer Voice Portal The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372. | 7.8 |
2013-05-09 | CVE-2013-1222 | Cisco | Configuration vulnerability in Cisco Unified Customer Voice Portal The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379. | 7.8 |
2013-05-09 | CVE-2013-1220 | Cisco | Remote Denial of Service vulnerability in Cisco Unified Customer Voice Portal The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148. | 7.8 |
2013-05-10 | CVE-2013-3533 | Virtualaccess | SQL Injection vulnerability in Virtualaccess Virtual Access Monitor Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-05-10 | CVE-2013-3532 | Webdorado Wordpress | SQL Injection vulnerability in Webdorado Spider Video Player 2.1 SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. | 7.5 |
2013-05-10 | CVE-2013-3531 | Radiocms | SQL Injection vulnerability in Radiocms 2.2 SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. | 7.5 |
2013-05-10 | CVE-2013-3530 | Fabricio Zuardi Wordpress | SQL Injection vulnerability in Fabricio Zuardi Xspf Player Plugin 0.1 SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. | 7.5 |
2013-05-10 | CVE-2013-3528 | Vanillaforums | PHP Code Injection vulnerability in Vanillaforums Vanilla Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection." | 7.5 |
2013-05-10 | CVE-2013-3527 | Vanillaforums | SQL Injection vulnerability in Vanillaforums Vanilla Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest. | 7.5 |
2013-05-10 | CVE-2013-3524 | Simpilotgroup | SQL Injection vulnerability in Simpilotgroup POP UP News 2.0 SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | 7.5 |
2013-05-10 | CVE-2013-3523 | Gajennings | SQL Injection vulnerability in Gajennings This SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. | 7.5 |
2013-05-09 | CVE-2013-0684 | Invensys | SQL Injection vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-05-08 | CVE-2013-3506 | Gwos | Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0 cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality. | 7.5 |
2013-05-08 | CVE-2013-3500 | Gwos | Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0 The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script. | 7.5 |
2013-05-08 | CVE-2013-3499 | Gwos | Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0 GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header. | 7.5 |
32 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-05-10 | CVE-2013-2977 | IBM Microsoft Linux | Numeric Errors vulnerability in IBM Lotus Notes Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. | 6.8 |
2013-05-10 | CVE-2013-2707 | Netweblogic Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Netweblogic Login With Ajax Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. | 6.8 |
2013-05-08 | CVE-2013-3513 | Gwos | Cross-Site Request Forgery (CSRF) vulnerability in Gwos Groundwork Monitor 6.7.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) store XSS sequences or (2) delete entries. | 6.8 |
2013-05-10 | CVE-2013-3522 | Vbulletin | SQL Injection vulnerability in Vbulletin 5.0.0 SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter. | 6.5 |
2013-05-08 | CVE-2013-3512 | Gwos | Improper Input Validation vulnerability in Gwos Groundwork Monitor 6.7.0 The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspecified vectors, as demonstrated by reading credentials. | 6.5 |
2013-05-08 | CVE-2013-3510 | Gwos | SQL Injection vulnerability in Gwos Groundwork Monitor 6.7.0 Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. | 6.5 |
2013-05-08 | CVE-2013-3509 | Gwos | Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0 html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu. | 6.5 |
2013-05-08 | CVE-2013-3508 | Gwos | Code Injection vulnerability in Gwos Groundwork Monitor 6.7.0 html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing. | 6.5 |
2013-05-08 | CVE-2013-3502 | Gwos | Credentials Management vulnerability in Gwos Groundwork Monitor 6.7.0 monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie. | 6.5 |
2013-05-08 | CVE-2013-1241 | Cisco | Improper Authentication vulnerability in Cisco products The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. | 6.3 |
2013-05-10 | CVE-2013-0939 | EMC | Improper Input Validation vulnerability in EMC products EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue. | 5.8 |
2013-05-10 | CVE-2013-0937 | EMC | Improper Authentication vulnerability in EMC products Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
2013-05-08 | CVE-2013-3511 | Gwos | Improper Input Validation vulnerability in Gwos Groundwork Monitor 6.7.0 Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2013-05-08 | CVE-2013-3504 | Gwos | Path Traversal vulnerability in Gwos Groundwork Monitor 6.7.0 Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account. | 5.5 |
2013-05-10 | CVE-2013-1242 | Cisco | Resource Management Errors vulnerability in Cisco Unified Presence Server Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. | 5.0 |
2013-05-10 | CVE-2013-0519 | IBM | Information Exposure vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string. | 5.0 |
2013-05-09 | CVE-2013-3336 | Adobe | Information Disclosure vulnerability in Adobe ColdFusion Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
2013-05-08 | CVE-2013-3497 | Juniper | Credentials Management vulnerability in Juniper products Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | 4.7 |
2013-05-10 | CVE-2013-3529 | Smartypantsplugins Wordpress | Cross-Site Scripting vulnerability in Smartypantsplugins Wp-Funeral-Press Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter. | 4.3 |
2013-05-10 | CVE-2013-3526 | Wptrafficanalyzer Wordpress | Cross-Site Scripting vulnerability in Wptrafficanalyzer Trafficanalyzer Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter. | 4.3 |
2013-05-10 | CVE-2013-3254 | Wppa Opajaap Wordpress | Cross-Site Scripting vulnerability in Wppa.Opajaap Wp-Photo-Album-Plus 5.0.0/5.0.1/5.0.2 Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action. | 4.3 |
2013-05-10 | CVE-2013-0938 | EMC | Cross-Site Scripting vulnerability in EMC products Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-10 | CVE-2013-0518 | IBM | Improper Input Validation vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
2013-05-09 | CVE-2013-0688 | Invensys | Cross-Site Scripting vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-08 | CVE-2013-3501 | Gwos | Cross-Site Scripting vulnerability in Gwos Groundwork Monitor 6.7.0 Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component. | 4.3 |
2013-05-07 | CVE-2013-0933 | EMC | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-10 | CVE-2013-0520 | IBM | Improper Input Validation vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data. | 4.0 |
2013-05-09 | CVE-2013-2308 | Softbanktech | Information Exposure vulnerability in Softbanktech Online Service Gate The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors. | 4.0 |
2013-05-08 | CVE-2013-3507 | Gwos | Information Exposure vulnerability in Gwos Groundwork Monitor 6.7.0 The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context. | 4.0 |
2013-05-08 | CVE-2013-3505 | Gwos | Credentials Management vulnerability in Gwos Groundwork Monitor 6.7.0 The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a (1) log file or (2) configuration file. | 4.0 |
2013-05-07 | CVE-2013-0934 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors. | 4.0 |
2013-05-07 | CVE-2013-0932 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-05-10 | CVE-2013-0578 | IBM | Improper Authentication vulnerability in IBM products The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. | 3.5 |
2013-05-09 | CVE-2013-1611 | Symantec | Cross-Site Scripting vulnerability in Symantec Brightmail Gateway 9.5/9.5.1 Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-05-08 | CVE-2013-3503 | Gwos | Permissions, Privileges, and Access Controls vulnerability in Gwos Groundwork Monitor 6.7.0 The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 3.5 |