Weekly Vulnerabilities Reports > April 25 to May 1, 2011
Overview
34 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 27 products from 23 vendors including HP, Mediawiki, Wireshark, Joomla, and Digium. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Information Exposure", and "Improper Input Validation".
- 33 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 29 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 7 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-29 | CVE-2011-1541 | HP | Remote Unauthorized Access vulnerability in HP System Management Homepage (CVE-2011-1541) Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors. | 10.0 |
2011-04-29 | CVE-2011-1591 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. | 9.3 |
2011-04-29 | CVE-2011-1540 | HP | Remote Code Execution vulnerability in HP System Management Homepage (CVE-2011-1540) Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
2011-04-27 | CVE-2011-1599 | Digium | Improper Input Validation vulnerability in Digium Asterisk manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. | 9.0 |
7 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-27 | CVE-2010-4800 | Baconmap | SQL Injection vulnerability in Baconmap 1.0 SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. | 7.5 |
2011-04-27 | CVE-2010-4797 | Truworthit | SQL Injection vulnerability in Truworthit Flex Timesheet Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | 7.5 |
2011-04-27 | CVE-2010-4796 | Phpyun | SQL Injection vulnerability in PHPyun 1.1.6 Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php. | 7.5 |
2011-04-27 | CVE-2010-4795 | Joomlaseller Joomla | SQL Injection vulnerability in Joomlaseller COM Jscalendar 1.5.1/1.5.4 SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. | 7.5 |
2011-04-27 | CVE-2010-4793 | Site2Nite | SQL Injection vulnerability in Site2Nite Auto E-Manager SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2011-04-27 | CVE-2010-4791 | Marcusg PHP Fusion | SQL Injection vulnerability in Marcusg MG User Fotoalbum Panel 1.0.1 SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter. | 7.5 |
2011-04-29 | CVE-2011-0729 | Ubuntu | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Language-Selector dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. | 7.2 |
20 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-27 | CVE-2010-4799 | Chipmunk Scripts | SQL Injection vulnerability in Chipmunk-Scripts Pwngame 1.0 Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. | 6.8 |
2011-04-27 | CVE-2010-4798 | Orangehrm | Path Traversal vulnerability in Orangehrm 2.6.0.1 Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter. | 6.8 |
2011-04-27 | CVE-2010-2789 | Mediawiki | Code Injection vulnerability in Mediawiki 1.16 PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 6.8 |
2011-04-27 | CVE-2010-3260 | Orbeon | Permissions, Privileges, and Access Controls vulnerability in Orbeon Forms oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue. | 6.4 |
2011-04-29 | CVE-2011-1535 | HP | Privilege Escalation vulnerability in HP Insight Control for Linux (CVE-2011-1535) Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | 6.0 |
2011-04-27 | CVE-2010-4801 | Baconmap | Path Traversal vulnerability in Baconmap 1.0 Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. | 6.0 |
2011-04-27 | CVE-2011-1579 | Mediawiki | Improper Input Validation vulnerability in Mediawiki The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments. | 5.8 |
2011-04-27 | CVE-2010-4790 | IN Mediakg | Path Traversal vulnerability in In-Mediakg Filterftp 2.0.3/2.0.5 Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 5.8 |
2011-04-29 | CVE-2011-1589 | Mojolicious | Path Traversal vulnerability in Mojolicious Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI. | 5.0 |
2011-04-29 | CVE-2011-1536 | HP | Unspecified vulnerability in HP Performance Insight Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. | 5.0 |
2011-04-28 | CVE-2011-1839 | IBM | Information Exposure vulnerability in IBM Rational Build Forge 7.1.0 IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 5.0 |
2011-04-27 | CVE-2011-1725 | HP | Information Exposure vulnerability in HP Network Automation Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
2011-04-27 | CVE-2011-1507 | Digium | Resource Management Errors vulnerability in Digium Asterisk Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. | 5.0 |
2011-04-29 | CVE-2011-1592 | Wireshark Microsoft | Numeric Errors vulnerability in Wireshark The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. | 4.3 |
2011-04-29 | CVE-2011-1543 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Systems Insight Manager Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 4.3 |
2011-04-29 | CVE-2011-1542 | HP | Cross-Site Scripting vulnerability in HP Systems Insight Manager Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-04-27 | CVE-2011-1578 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . | 4.3 |
2011-04-27 | CVE-2010-4794 | Joomlaseller Joomla | Cross-Site Scripting vulnerability in Joomlaseller COM Jscalendar 1.5.1/1.5.4 Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. | 4.3 |
2011-04-27 | CVE-2010-4792 | Openit | Cross-Site Scripting vulnerability in Openit Overlook 5.0 Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter. | 4.3 |
2011-04-27 | CVE-2010-2787 | Mediawiki | Information Exposure vulnerability in Mediawiki api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-27 | CVE-2011-1580 | Mediawiki | Improper Input Validation vulnerability in Mediawiki The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request. | 3.5 |
2011-04-29 | CVE-2011-1499 | Banu Debian | Configuration vulnerability in multiple products acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server. | 2.6 |
2011-04-27 | CVE-2010-2788 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | 2.6 |