Weekly Vulnerabilities Reports > July 1 to 7, 2013

Overview

52 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 49 products from 19 vendors including IBM, Typo3, Cisco, HP, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 48 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 25 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-06 CVE-2013-2340 HP Security vulnerability in Multiple HP Products

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.

10.0
2013-07-02 CVE-2013-2343 HP Remote Arbitrary Code Execution vulnerability in HP products

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.

10.0
2013-07-02 CVE-2013-3003 IBM Local Arbitrary Command Execution vulnerability in IBM IMS Enterprise Suite 1.1/2.1/2.2

Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors.

9.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-06 CVE-2013-3005 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios

The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.

8.5
2013-07-04 CVE-2013-3563 Lianja Buffer Errors vulnerability in Lianja SQL Server 1.0

Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.

7.5
2013-07-01 CVE-2013-4748 Georg Ringer
Typo3
SQL Injection vulnerability in Georg Ringer News

SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-07-01 CVE-2013-4745 Kurt Gusbeth
Typo3
SQL Injection vulnerability in Kurt Gusbeth Myquizpoll

SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-07-06 CVE-2013-2341 HP Security vulnerability in Multiple HP Products

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.

7.1
2013-07-02 CVE-2013-3581 Choice Wireless Improper Authentication vulnerability in Choice Wireless Wixfmr-111

ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to obtain sensitive information via an Ajax (1) wmxState or (2) netState request.

7.1

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-02 CVE-2013-2171 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 9.0/9.1

The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.

6.9
2013-07-02 CVE-2013-3395 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.

6.8
2013-07-01 CVE-2013-2158 Services Project
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Services Project Services

Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2013-07-02 CVE-2013-3399 Cisco Buffer Errors vulnerability in Cisco Desktop Collaboration Experience Dx650

Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vectors that leverage incorrect memory allocation, aka Bug IDs CSCuf93957, CSCug22352, and CSCug22462.

6.6
2013-07-04 CVE-2013-4650 Mongodb Permissions, Privileges, and Access Controls vulnerability in Mongodb

MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.

6.5
2013-07-03 CVE-2013-2984 IBM Path Traversal vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors.

6.5
2013-07-03 CVE-2013-2982 IBM Arbitrary File Upload vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors.

6.5
2013-07-03 CVE-2013-0560 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2012-5766.

6.5
2013-07-03 CVE-2012-5766 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560.

6.5
2013-07-01 CVE-2012-6144 Typo3 SQL Injection vulnerability in Typo3

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.

6.5
2013-07-03 CVE-2013-0476 IBM Command Injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors.

6.4
2013-07-04 CVE-2013-4729 Phpmyadmin Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.

5.5
2013-07-03 CVE-2013-2144 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager

Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.

5.0
2013-07-03 CVE-2013-0558 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application implementation via unspecified vectors.

5.0
2013-07-03 CVE-2013-0539 IBM Credentials Management vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijack sessions, and consequently obtain sensitive information, via a brute-force attack.

5.0
2013-07-03 CVE-2013-0481 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggering (1) an error or (2) an exception.

5.0
2013-07-03 CVE-2012-5936 IBM Cryptographic Issues vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2013-07-02 CVE-2013-3028 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ

Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.

4.6
2013-07-06 CVE-2013-3299 Realnetworks Improper Input Validation vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.

4.3
2013-07-04 CVE-2013-3413 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software

Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.

4.3
2013-07-02 CVE-2013-0455 IBM Cross-Site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-07-02 CVE-2013-3401 Cisco Security Bypass vulnerability in Cisco TelePresence TC Software

The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080.

4.3
2013-07-01 CVE-2013-4749 Usertask Center Messaging Project
Typo3
Cross-Site Scripting vulnerability in Usertask Center Messaging Project Usertask Center Messaging

Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-07-01 CVE-2013-4747 Kasper Skarhoj
Typo3
Cross-Site Scripting vulnerability in Kasper Skarhoj Accessible IS Browse Results 1.2.1

Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-07-01 CVE-2013-4746 Kurt Gusbeth
Typo3
Cross-Site Scripting vulnerability in Kurt Gusbeth Myquizpoll

Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-07-01 CVE-2013-4744 Phpunit Project Cross-Site Scripting vulnerability in PHPunit Project PHPunit

Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-07-03 CVE-2013-3020 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

4.0
2013-07-03 CVE-2013-2987 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

4.0
2013-07-03 CVE-2013-2985 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

4.0
2013-07-03 CVE-2013-0568 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0475, and CVE-2013-0567.

4.0
2013-07-03 CVE-2013-0567 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0475.

4.0
2013-07-03 CVE-2013-0479 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access restrictions via a crafted filename.

4.0
2013-07-03 CVE-2013-0475 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0567.

4.0
2013-07-03 CVE-2013-0463 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

4.0
2013-07-03 CVE-2013-0456 IBM Unspecified vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-06 CVE-2013-0581 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager

Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) ProcessPortal/jsp/socialPortal/dashboard.jsp, (2) teamworks/executeServiceByName, (3) portal/jsp/viewAdHocReportWizard.do, or (4) rest/bpm/wle/v1/process.

3.5
2013-07-04 CVE-2013-3742 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 4.0.0/4.0.1/4.0.2

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.

3.5
2013-07-03 CVE-2013-0468 IBM Cross-Site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983.

3.5
2013-07-02 CVE-2013-2983 IBM Cross-Site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2013-0468.

3.5
2013-07-01 CVE-2012-6148 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-07-01 CVE-2012-6147 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-07-01 CVE-2012-6145 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-07-04 CVE-2013-2164 Linux
Redhat
Information Exposure vulnerability in multiple products

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

2.1