Weekly Vulnerabilities Reports > May 16 to 22, 2011

Overview

50 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 41 products from 27 vendors including Smartertools, Ffmpeg, IBM, Cisco, and Adobe. Vulnerabilities are notably categorized as "Cross-site Scripting", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 46 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 49 reported vulnerabilities are exploitable by an anonymous user.
  • Smartertools has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Smartertools has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-20 CVE-2011-2164 Adobe Remote Security vulnerability in Photoshop Professional

Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors.

10.0
2011-05-20 CVE-2011-2162 Ffmpeg
Mplayerhq
Mandriva
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
10.0
2011-05-20 CVE-2011-2159 Smartertools Unspecified vulnerability in Smartertools Smarterstats 6.0

The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.aspx, (5) App_Themes/Default/ButtonBarIcons.xml, (6) App_Themes/Default/Skin.xml, (7) Client/frmImportSettings.aspx, (8) Client/frmSeoSettings.aspx, (9) Services/Web.config, (10) aspnet_client/system_web/4_0_30319/, (11) clientaccesspolicy.xml, (12) cloudscan.exe, (13) crossdomain.xml, or (14) sitemap.xml.

10.0
2011-05-20 CVE-2011-2158 Smartertools Unspecified vulnerability in Smartertools Smarterstats 6.0

The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/.

10.0
2011-05-20 CVE-2011-2148 Smartertools OS Command Injection vulnerability in Smartertools Smarterstats 6.0

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an "OS command injection" issue.

10.0
2011-05-20 CVE-2011-2163 IBM Remote Security vulnerability in Virtualization Manager

Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors.

9.3
2011-05-20 CVE-2011-2160 Ffmpeg
Mplayerhq
Improper Input Validation vulnerability in multiple products

The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.

9.3
2011-05-16 CVE-2011-0615 Adobe Buffer Errors vulnerability in Adobe Audition 3.0

Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data in unspecified fields in the TRKM chunk in an Audition Session (aka .ses) file, related to inconsistent use of character data types.

9.3
2011-05-16 CVE-2011-0614 Adobe Buffer Errors vulnerability in Adobe Audition 3.0

Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Audition Session (aka .ses) file.

9.3

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-20 CVE-2011-2155 Smartertools Improper Authentication vulnerability in Smartertools Smarterstats 6.0

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.

7.5
2011-05-20 CVE-2011-2149 Smartertools SQL Injection vulnerability in Smartertools Smarterstats 6.0

Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx.

7.5
2011-05-20 CVE-2011-0960 Cisco SQL Injection vulnerability in Cisco Unified Operations Manager

Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

7.5
2011-05-16 CVE-2011-2141 IBM SQL Injection vulnerability in IBM Datacap Taskmaster Capture 8.0.1

SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2011-05-16 CVE-2011-1407 Exim Improper Input Validation vulnerability in Exim

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

7.5
2011-05-16 CVE-2011-1800 Apple
Google
Integer Overflow OR Wraparound vulnerability in Google Chrome

Multiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5

31 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-20 CVE-2011-0966 Cisco Path Traversal vulnerability in Cisco Ciscoworks Common Services

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a ..

6.8
2011-05-20 CVE-2011-0723 Ffmpeg
Mplayer
Resource Management Errors vulnerability in multiple products

FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

6.8
2011-05-20 CVE-2011-0722 Ffmpeg
Mplayerhq
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

6.8
2011-05-20 CVE-2010-3908 Ffmpeg
Mplayerhq
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

6.8
2011-05-16 CVE-2011-2143 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Datacap Taskmaster Capture 8.0.1

IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain.

6.8
2011-05-16 CVE-2011-1799 Google
Debian
Incorrect Type Conversion OR Cast vulnerability in Google Chrome

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2011-05-20 CVE-2010-0217 Zeacom Cryptographic Issues vulnerability in Zeacom Chat Server

Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.

5.8
2011-05-20 CVE-2011-2157 Smartertools Permissions, Privileges, and Access Controls vulnerability in Smartertools Smarterstats 6.0

The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields.

5.0
2011-05-20 CVE-2011-2156 Smartertools Information Exposure vulnerability in Smartertools Smarterstats 6.0

The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/.

5.0
2011-05-20 CVE-2011-2154 Smartertools Information Exposure vulnerability in Smartertools Smarterstats 6.0

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.0
2011-05-20 CVE-2011-2153 Smartertools Information Exposure vulnerability in Smartertools Smarterstats 6.0

Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue.

5.0
2011-05-20 CVE-2011-2152 Smartertools Information Exposure vulnerability in Smartertools Smarterstats 6.0

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

5.0
2011-05-20 CVE-2011-2151 Smartertools Cryptographic Issues vulnerability in Smartertools Smarterstats 6.0

The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5.0
2011-05-20 CVE-2011-2150 Smartertools Improper Input Validation vulnerability in Smartertools Smarterstats 6.0

The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue.

5.0
2011-05-16 CVE-2011-2144 IBM Resource Management Errors vulnerability in IBM Datacap Taskmaster Capture 8.0.1

The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service (batch abort) via a long subject line in an e-mail message that is represented in a .eml file.

5.0
2011-05-16 CVE-2011-2142 IBM Cryptographic Issues vulnerability in IBM Datacap Taskmaster Capture 8.0.1

The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors.

5.0
2011-05-16 CVE-2011-0612 Adobe Resource Management Errors vulnerability in Adobe Flash Media Server

Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors.

5.0
2011-05-20 CVE-2011-2161 Ffmpeg Resource Management Errors vulnerability in Ffmpeg

The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.

4.3
2011-05-20 CVE-2011-2021 Tibco Cross-Site Scripting vulnerability in Tibco Iprocess Engine and Iprocess Workspace

Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.

4.3
2011-05-20 CVE-2011-2020 Tibco Cross-Site Scripting vulnerability in Tibco Iprocess Engine and Iprocess Workspace

Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-20 CVE-2011-1838 Twiki Cross-Site Scripting vulnerability in Twiki

Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.

4.3
2011-05-20 CVE-2011-1582 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat 7.0.12/7.0.13

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests.

4.3
2011-05-20 CVE-2011-0962 Cisco Cross-Site Scripting vulnerability in Cisco Unified Operations Manager

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.

4.3
2011-05-20 CVE-2011-0961 Cisco Cross-Site Scripting vulnerability in Cisco Ciscoworks Common Services

Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.

4.3
2011-05-20 CVE-2011-0959 Cisco Cross-Site Scripting vulnerability in Cisco Unified Operations Manager

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

4.3
2011-05-20 CVE-2009-5075 Monkeysaudio Resource Management Errors vulnerability in Monkeysaudio Monkey'S Audio

Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file.

4.3
2011-05-20 CVE-2006-7245 Monkeysaudio Resource Management Errors vulnerability in Monkeysaudio Monkey'S Audio

Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination.

4.3
2011-05-16 CVE-2011-1856 HP Cross-Site Scripting vulnerability in HP Business Availability Center

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-16 CVE-2011-1899 CA Cross-Site Scripting vulnerability in CA Ehealth

Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2011-05-16 CVE-2011-0613 Adobe Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server

Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/.

4.3
2011-05-16 CVE-2011-0419 Apache
Apple
Oracle
Netbsd
Openbsd
Freebsd
Google
Resource Management Errors vulnerability in multiple products

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-20 CVE-2011-2147 Openswan Permissions, Privileges, and Access Controls vulnerability in Openswan 2.2.0/2.2.1

Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784.

3.6
2011-05-20 CVE-2011-1784 Keepalived Permissions, Privileges, and Access Controls vulnerability in Keepalived

The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.

3.6
2011-05-20 CVE-2011-1327 Trendmicro Cryptographic Issues vulnerability in Trendmicro Trend Micro Internet Security 2009

The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger.

2.1
2011-05-16 CVE-2011-1828 Evan Dandrea Permissions, Privileges, and Access Controls vulnerability in Evan Dandrea Usb-Creator

usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.

2.1