Weekly Vulnerabilities Reports > May 27 to June 2, 2013
Overview
34 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 50 products from 20 vendors including IBM, Cisco, Lockon, Redhat, and Wordpress. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Authentication", "Improper Input Validation", and "Cryptographic Issues".
- 31 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 27 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
5 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-01 | CVE-2013-0136 | Mutiny | Path Traversal vulnerability in Mutiny Mutiny, Mutiny Appliance and Mutiny Virtual Appliance Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation. | 8.5 |
2013-05-31 | CVE-2013-3721 | Psychostats | SQL Injection vulnerability in Psychostats 3.2.2B SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter. | 7.5 |
2013-05-27 | CVE-2013-2956 | IBM | SQL Injection vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-05-29 | CVE-2013-3666 | Google LG | Permissions, Privileges, and Access Controls vulnerability in multiple products The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. | 7.2 |
2013-05-29 | CVE-2013-2069 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Livecd-Tools Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges. | 7.2 |
25 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-05-31 | CVE-2013-1246 | Cisco | Resource Management Errors vulnerability in Cisco Telepresence System Software Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610. | 6.8 |
2013-05-28 | CVE-2013-2989 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect 3.8.00/4.0.00/4.1.0.0 The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product. | 6.8 |
2013-05-31 | CVE-2013-3315 | Tibco | Permissions, Privileges, and Access Controls vulnerability in Tibco Silver Mobile 1.1.0 The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors. | 6.5 |
2013-05-29 | CVE-2013-1212 | Cisco | Cryptographic Issues vulnerability in Cisco Nexus 1000V and Nx-Os The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. | 5.8 |
2013-05-29 | CVE-2013-1208 | Cisco | Cryptographic Issues vulnerability in Cisco Nx-Os The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691. | 5.8 |
2013-05-27 | CVE-2012-6399 | Cisco | Improper Input Validation vulnerability in Cisco Webex 4.1 Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176. | 5.8 |
2013-05-29 | CVE-2013-1210 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Nx-Os Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825. | 5.4 |
2013-05-29 | CVE-2013-2315 | Lockon | Improper Input Validation vulnerability in Lockon Ec-Cube data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request. | 5.0 |
2013-05-29 | CVE-2013-1213 | Cisco | Resource Management Errors vulnerability in Cisco Nexus 1000V and Nx-Os Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840. | 5.0 |
2013-05-29 | CVE-2013-1211 | Cisco | Improper Authentication vulnerability in Cisco Nx-Os Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. | 5.0 |
2013-05-29 | CVE-2013-1209 | Cisco | Improper Authentication vulnerability in Cisco Nx-Os The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. | 5.0 |
2013-05-29 | CVE-2002-2443 | MIT Opensuse Fedoraproject Redhat Debian Canonical | Improper Input Validation vulnerability in multiple products schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. | 5.0 |
2013-05-28 | CVE-2013-0599 | IBM | Information Exposure vulnerability in IBM Rational Directory Server IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code. | 5.0 |
2013-05-27 | CVE-2013-2959 | IBM | Credentials Management vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2013-05-27 | CVE-2013-2954 | IBM | Improper Authentication vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
2013-06-01 | CVE-2013-3261 | Photogallerycreator Wordpress | Cross-Site Scripting vulnerability in Photogallerycreator Flash-Album-Gallery Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. | 4.3 |
2013-05-31 | CVE-2013-1247 | Cisco | Cross-Site Scripting vulnerability in Cisco Prime Infrastructure Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356. | 4.3 |
2013-05-31 | CVE-2013-3719 | Algisinfo Joomla | Cross-Site Scripting vulnerability in Algisinfo Aicontactsafe Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-29 | CVE-2013-2314 | Lockon | Cross-Site Scripting vulnerability in Lockon Ec-Cube Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen. | 4.3 |
2013-05-29 | CVE-2013-2312 | Lockon | Cross-Site Scripting vulnerability in Lockon Ec-Cube Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2013-05-29 | CVE-2013-0482 | IBM | Security vulnerability in IBM products IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. | 4.3 |
2013-05-28 | CVE-2013-0499 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. | 4.3 |
2013-05-28 | CVE-2013-0576 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Monitoring Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-27 | CVE-2013-2953 | IBM | Cryptographic Issues vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | 4.3 |
2013-05-29 | CVE-2013-2313 | Lockon | Improper Authentication vulnerability in Lockon Ec-Cube Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-05-31 | CVE-2013-3720 | Feedweb Wordpress | Cross-Site Scripting vulnerability in Feedweb Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. | 3.5 |
2013-05-27 | CVE-2013-2957 | IBM | Cross-Site Scripting vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2013-05-27 | CVE-2013-2955 | IBM | Cross-Site Scripting vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue. | 3.5 |
2013-06-01 | CVE-2013-2071 | Apache | Information Exposure vulnerability in Apache Tomcat java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. | 2.6 |