Weekly Vulnerabilities Reports > May 16 to 22, 2011
Overview
40 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 26 products from 17 vendors including Smartertools, Ffmpeg, IBM, Adobe, and Mplayerhq. Vulnerabilities are notably categorized as "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".
- 36 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 40 reported vulnerabilities are exploitable by an anonymous user.
- Smartertools has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-20 | CVE-2011-2164 | Adobe | Remote Security vulnerability in Photoshop Professional Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors. | 10.0 |
2011-05-20 | CVE-2011-2162 | Ffmpeg Mplayerhq Mandriva | Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." | 10.0 |
2011-05-20 | CVE-2011-2159 | Smartertools | Unspecified vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.aspx, (5) App_Themes/Default/ButtonBarIcons.xml, (6) App_Themes/Default/Skin.xml, (7) Client/frmImportSettings.aspx, (8) Client/frmSeoSettings.aspx, (9) Services/Web.config, (10) aspnet_client/system_web/4_0_30319/, (11) clientaccesspolicy.xml, (12) cloudscan.exe, (13) crossdomain.xml, or (14) sitemap.xml. | 10.0 |
2011-05-20 | CVE-2011-2158 | Smartertools | Unspecified vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. | 10.0 |
2011-05-20 | CVE-2011-2148 | Smartertools | OS Command Injection vulnerability in Smartertools Smarterstats 6.0 Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an "OS command injection" issue. | 10.0 |
2011-05-20 | CVE-2011-2163 | IBM | Remote Security vulnerability in Virtualization Manager Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors. | 9.3 |
2011-05-20 | CVE-2011-2160 | Ffmpeg Mplayerhq | Improper Input Validation vulnerability in multiple products The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. | 9.3 |
2011-05-16 | CVE-2011-0615 | Adobe | Buffer Errors vulnerability in Adobe Audition 3.0 Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data in unspecified fields in the TRKM chunk in an Audition Session (aka .ses) file, related to inconsistent use of character data types. | 9.3 |
2011-05-16 | CVE-2011-0614 | Adobe | Buffer Errors vulnerability in Adobe Audition 3.0 Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Audition Session (aka .ses) file. | 9.3 |
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-20 | CVE-2011-2155 | Smartertools | Improper Authentication vulnerability in Smartertools Smarterstats 6.0 Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. | 7.5 |
2011-05-20 | CVE-2011-2149 | Smartertools | SQL Injection vulnerability in Smartertools Smarterstats 6.0 Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx. | 7.5 |
2011-05-16 | CVE-2011-2141 | IBM | SQL Injection vulnerability in IBM Datacap Taskmaster Capture 8.0.1 SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-05-16 | CVE-2011-1407 | Exim | Improper Input Validation vulnerability in Exim The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity. | 7.5 |
23 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-20 | CVE-2011-0723 | Ffmpeg Mplayer | Resource Management Errors vulnerability in multiple products FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. | 6.8 |
2011-05-20 | CVE-2011-0722 | Ffmpeg Mplayerhq | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | 6.8 |
2011-05-20 | CVE-2010-3908 | Ffmpeg Mplayerhq | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. | 6.8 |
2011-05-16 | CVE-2011-2143 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Datacap Taskmaster Capture 8.0.1 IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. | 6.8 |
2011-05-20 | CVE-2010-0217 | Zeacom | Cryptographic Issues vulnerability in Zeacom Chat Server Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack. | 5.8 |
2011-05-20 | CVE-2011-2157 | Smartertools | Permissions, Privileges, and Access Controls vulnerability in Smartertools Smarterstats 6.0 The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. | 5.0 |
2011-05-20 | CVE-2011-2156 | Smartertools | Information Exposure vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. | 5.0 |
2011-05-20 | CVE-2011-2154 | Smartertools | Information Exposure vulnerability in Smartertools Smarterstats 6.0 login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
2011-05-20 | CVE-2011-2153 | Smartertools | Information Exposure vulnerability in Smartertools Smarterstats 6.0 Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. | 5.0 |
2011-05-20 | CVE-2011-2152 | Smartertools | Information Exposure vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | 5.0 |
2011-05-20 | CVE-2011-2151 | Smartertools | Cryptographic Issues vulnerability in Smartertools Smarterstats 6.0 The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2011-05-20 | CVE-2011-2150 | Smartertools | Improper Input Validation vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue. | 5.0 |
2011-05-16 | CVE-2011-2144 | IBM | Resource Management Errors vulnerability in IBM Datacap Taskmaster Capture 8.0.1 The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service (batch abort) via a long subject line in an e-mail message that is represented in a .eml file. | 5.0 |
2011-05-16 | CVE-2011-2142 | IBM | Cryptographic Issues vulnerability in IBM Datacap Taskmaster Capture 8.0.1 The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. | 5.0 |
2011-05-16 | CVE-2011-0612 | Adobe | Resource Management Errors vulnerability in Adobe Flash Media Server Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors. | 5.0 |
2011-05-20 | CVE-2011-2161 | Ffmpeg | Resource Management Errors vulnerability in Ffmpeg The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. | 4.3 |
2011-05-20 | CVE-2011-2021 | Tibco | Cross-Site Scripting vulnerability in Tibco Iprocess Engine and Iprocess Workspace Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
2011-05-20 | CVE-2011-2020 | Tibco | Cross-Site Scripting vulnerability in Tibco Iprocess Engine and Iprocess Workspace Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-05-20 | CVE-2011-1838 | Twiki | Cross-Site Scripting vulnerability in Twiki Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script. | 4.3 |
2011-05-20 | CVE-2009-5075 | Monkeysaudio | Resource Management Errors vulnerability in Monkeysaudio Monkey'S Audio Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file. | 4.3 |
2011-05-20 | CVE-2006-7245 | Monkeysaudio | Resource Management Errors vulnerability in Monkeysaudio Monkey'S Audio Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination. | 4.3 |
2011-05-16 | CVE-2011-1856 | HP | Cross-Site Scripting vulnerability in HP Business Availability Center Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-05-16 | CVE-2011-0613 | Adobe | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-20 | CVE-2011-2147 | Openswan | Permissions, Privileges, and Access Controls vulnerability in Openswan 2.2.0/2.2.1 Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784. | 3.6 |
2011-05-20 | CVE-2011-1784 | Keepalived | Permissions, Privileges, and Access Controls vulnerability in Keepalived The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files. | 3.6 |
2011-05-20 | CVE-2011-1327 | Trendmicro | Cryptographic Issues vulnerability in Trendmicro Trend Micro Internet Security 2009 The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. | 2.1 |
2011-05-16 | CVE-2011-1828 | Evan Dandrea | Permissions, Privileges, and Access Controls vulnerability in Evan Dandrea Usb-Creator usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command. | 2.1 |