Weekly Vulnerabilities Reports > March 21 to 27, 2011
Overview
52 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 41 products from 24 vendors including Apple, IBM, Google, Microsoft, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Numeric Errors", "SQL Injection", and "Resource Management Errors".
- 46 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 44 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 23 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-25 | CVE-2011-1519 | IBM | Improper Authentication vulnerability in IBM Lotus Domino The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. | 10.0 |
2011-03-23 | CVE-2010-4773 | Hitachi Microsoft Linux IBM | Remote Security vulnerability in Hitachi products Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
2011-03-22 | CVE-2011-1505 | IBM | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2. | 10.0 |
2011-03-22 | CVE-2011-0331 | Honeywell | Resource Management Errors vulnerability in Honeywell Scanserver Activex Control 780.0.20.5 Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
2011-03-22 | CVE-2010-4228 | Novell | Buffer Errors vulnerability in Novell Netware 5.1/6.0/6.5 Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. | 9.0 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-25 | CVE-2011-1296 | Google Apple | Improper Input Validation vulnerability in Google Chrome Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 7.5 |
2011-03-25 | CVE-2011-1295 | Apple | Improper Input Validation vulnerability in Google Chrome WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. | 7.5 |
2011-03-25 | CVE-2011-1294 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 7.5 | |
2011-03-25 | CVE-2011-1293 | Google Debian Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 |
2011-03-25 | CVE-2011-1292 | Google Debian | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 |
2011-03-25 | CVE-2011-1291 | Classic Buffer Overflow vulnerability in Google Chrome Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error." | 7.5 | |
2011-03-23 | CVE-2010-4776 | Preprojects | SQL Injection vulnerability in Preprojects PRE Online Tests Generator SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter. | 7.5 |
2011-03-23 | CVE-2010-4774 | Auracms | SQL Injection vulnerability in Auracms 1.62 SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171. | 7.5 |
2011-03-23 | CVE-2010-4771 | Matteoiammarrone | SQL Injection vulnerability in Matteoiammarrone S-Cms 2.5 SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2011-03-23 | CVE-2010-4770 | Commodityrentals | SQL Injection vulnerability in Commodityrentals DVD Rentals Script SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | 7.5 |
2011-03-23 | CVE-2010-4769 | Janguo Joomla | Path Traversal vulnerability in Janguo COM Jimtawl 1.0.2 Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
2011-03-25 | CVE-2011-1520 | IBM | Improper Authentication vulnerability in IBM Lotus Domino The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | 7.2 |
2011-03-23 | CVE-2011-0182 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. | 7.2 |
24 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-23 | CVE-2011-0194 | Apple | Numeric Errors vulnerability in Apple Imageio, mac OS X and mac OS X Server Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. | 6.8 |
2011-03-23 | CVE-2011-0193 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | 6.8 |
2011-03-23 | CVE-2011-0188 | Ruby Lang Apple | Numeric Errors vulnerability in Ruby-Lang Ruby The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." Per: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html 'This issue only affects 64-bit Ruby processes'. | 6.8 |
2011-03-23 | CVE-2011-0186 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. | 6.8 |
2011-03-23 | CVE-2011-0184 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes. | 6.8 |
2011-03-23 | CVE-2011-0181 | Apple | Numeric Errors vulnerability in Apple Imageio, mac OS X and mac OS X Server Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image. | 6.8 |
2011-03-23 | CVE-2011-0179 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font. | 6.8 |
2011-03-23 | CVE-2011-0177 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. | 6.8 |
2011-03-23 | CVE-2011-0176 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. | 6.8 |
2011-03-23 | CVE-2011-0175 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font. | 6.8 |
2011-03-23 | CVE-2011-0174 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. | 6.8 |
2011-03-23 | CVE-2011-0173 | Apple | USE of Externally-Controlled Format String vulnerability in Apple Applescript, mac OS X and mac OS X Server Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. | 6.8 |
2011-03-22 | CVE-2011-1506 | Kerio | Improper Input Validation vulnerability in Kerio Connect and Kerio Mailserver The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
2011-03-22 | CVE-2011-0759 | Blaenkdenum Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Blaenkdenum Wp-Recaptcha 2.9.8.2 Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter. | 6.8 |
2011-03-25 | CVE-2011-0890 | HP Microsoft | Information Exposure vulnerability in HP Discovery&Dependency Mapping Inventory HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. | 5.0 |
2011-03-23 | CVE-2010-4775 | Nicholas Thompson Drupal | Improper Input Validation vulnerability in Nicholas Thompson Relevant Content The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships. | 5.0 |
2011-03-23 | CVE-2011-0189 | Apple | Configuration vulnerability in Apple mac OS X, mac OS X Server and Terminal The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. | 5.0 |
2011-03-23 | CVE-2011-0183 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." | 5.0 |
2011-03-22 | CVE-2008-7285 | IBM | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25. | 5.0 |
2011-03-23 | CVE-2011-0172 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162. | 4.9 |
2011-03-23 | CVE-2010-4772 | Matteoiammarrone | Cross-Site Scripting vulnerability in Matteoiammarrone S-Cms 2.5 Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php. | 4.3 |
2011-03-23 | CVE-2011-0190 | Apple | Improper Input Validation vulnerability in Apple Installer, mac OS X and mac OS X Server Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. | 4.3 |
2011-03-23 | CVE-2011-0187 | Apple | Information Exposure vulnerability in Apple mac OS X, mac OS X Server and Quicktime The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. | 4.3 |
2011-03-22 | CVE-2011-1414 | Tibco | Cross-Site Scripting vulnerability in Tibco Tibbr and Tibbr Service Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-22 | CVE-2009-5062 | IBM | Resource Management Errors vulnerability in IBM Lotus Quickr 8.1 IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. | 3.5 |
2011-03-22 | CVE-2009-5060 | IBM | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX. | 3.5 |
2011-03-22 | CVE-2009-5059 | IBM | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J. | 3.5 |
2011-03-22 | CVE-2009-5058 | IBM | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR. | 3.5 |
2011-03-22 | CVE-2008-7286 | IBM | Improper Input Validation vulnerability in IBM Lotus Quickr 8.1 IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX. | 3.5 |
2011-03-22 | CVE-2008-7284 | IBM | Resource Management Errors vulnerability in IBM Lotus Quickr 8.1 IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8. | 3.5 |
2011-03-23 | CVE-2011-0180 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. | 2.1 |
2011-03-23 | CVE-2011-0178 | Apple | Information Exposure vulnerability in Apple Carboncore, mac OS X and mac OS X Server The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. | 2.1 |
2011-03-22 | CVE-2011-1022 | Balbir Singh | Permissions, Privileges, and Access Controls vulnerability in Balbir Singh Libcgroup The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. | 2.1 |
2011-03-22 | CVE-2009-5061 | IBM | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N. | 2.1 |