Weekly Vulnerabilities Reports > June 20 to 26, 2011
Overview
53 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 26 products from 21 vendors including Apple, Linux, Simplemachines, Prosody, and Phpnuke. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Numeric Errors", "Information Exposure", and "Cross-site Scripting".
- 43 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 50 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 20 reported vulnerabilities.
- Foxitsoftware has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-21 | CVE-2011-1127 | Simplemachines | Permissions, Privileges, and Access Controls vulnerability in Simplemachines SMF SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |
2011-06-24 | CVE-2011-2194 | Videolan | Numeric Errors vulnerability in Videolan VLC Media Player Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. | 9.3 |
2011-06-24 | CVE-2011-1908 | Foxitsoftware | Numeric Errors vulnerability in Foxitsoftware Foxit Reader Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. | 9.3 |
2011-06-22 | CVE-2011-2530 | Rockwellautomation | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation EDS Hardware Installation Tool and Rslinx Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file. | 9.3 |
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-24 | CVE-2011-2193 | Clusterresources | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clusterresources Torque Resource Manager Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff. | 8.5 |
2011-06-24 | CVE-2011-1770 | Linux Fedoraproject | Integer Underflow (Wrap OR Wraparound) vulnerability in Linux Kernel Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. | 7.8 |
2011-06-24 | CVE-2011-0196 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network. | 7.8 |
2011-06-24 | CVE-2011-0206 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings. | 7.5 |
2011-06-24 | CVE-2011-0201 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow. | 7.5 |
2011-06-21 | CVE-2011-1480 | Phpnuke | SQL Injection vulnerability in PHPnuke PHP-Nuke SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter. | 7.5 |
2011-06-21 | CVE-2011-1130 | Simplemachines | Improper Input Validation vulnerability in Simplemachines SMF Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php. | 7.5 |
2011-06-21 | CVE-2011-1128 | Simplemachines | Cryptographic Issues vulnerability in Simplemachines SMF The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. | 7.5 |
2011-06-22 | CVE-2011-2534 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. | 7.2 |
33 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-24 | CVE-2011-0213 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file. | 6.8 |
2011-06-24 | CVE-2011-0211 | Apple | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 6.8 |
2011-06-24 | CVE-2011-0210 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. | 6.8 |
2011-06-24 | CVE-2011-0209 | Apple | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. | 6.8 |
2011-06-24 | CVE-2011-0208 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. | 6.8 |
2011-06-24 | CVE-2011-0205 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Imageio, mac OS X and mac OS X Server Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. | 6.8 |
2011-06-24 | CVE-2011-0204 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Imageio, mac OS X and mac OS X Server Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image. | 6.8 |
2011-06-24 | CVE-2011-0202 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. | 6.8 |
2011-06-24 | CVE-2011-0200 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. | 6.8 |
2011-06-24 | CVE-2011-0198 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font. | 6.8 |
2011-06-21 | CVE-2011-1482 | Phpnuke | Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison. | 6.8 |
2011-06-24 | CVE-2011-0212 | Apple | Resource Management Errors vulnerability in Apple mac OS X Server servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. | 6.4 |
2011-06-24 | CVE-2011-0199 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | 5.8 |
2011-06-22 | CVE-2011-2206 | Brad Fitzpatrick | Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757. | 5.5 |
2011-06-24 | CVE-2011-1409 | Ulli Horlacher | Improper Authentication vulnerability in Ulli Horlacher FEX 20100208 Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. | 5.0 |
2011-06-24 | CVE-2011-0207 | Apple | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. | 5.0 |
2011-06-24 | CVE-2011-0203 | Apple | Path Traversal vulnerability in Apple mac OS X Server Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing. | 5.0 |
2011-06-22 | CVE-2011-1173 | Linux | Information Exposure vulnerability in Linux Kernel The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. | 5.0 |
2011-06-22 | CVE-2011-2532 | Prosody | Resource Management Errors vulnerability in Prosody 0.8.0 The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data. | 5.0 |
2011-06-22 | CVE-2011-2205 | Prosody | Resource Management Errors vulnerability in Prosody Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-2188 | Matthewwild | Resource Management Errors vulnerability in Matthewwild Luaexpat 1.0/1.0.1/1.0.2 LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1757 | Brad Fitzpatrick | Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1756 | Citadel | Resource Management Errors vulnerability in Citadel modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1755 | Jabber | Resource Management Errors vulnerability in Jabber Jabberd2 jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1754 | Jabberd | Resource Management Errors vulnerability in Jabberd Jabberd14 jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1753 | Process ONE | Resource Management Errors vulnerability in Process-One Ejabberd and Exmpp expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1131 | Simplemachines | Information Exposure vulnerability in Simplemachines SMF The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. | 5.0 |
2011-06-24 | CVE-2011-2484 | Linux | Resource Management Errors vulnerability in Linux Kernel The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. | 4.9 |
2011-06-24 | CVE-2011-1132 | Apple | Denial of Service vulnerability in Apple Mac OS X IPV6 Socket Options (CVE-2010-1132) The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options. | 4.9 |
2011-06-22 | CVE-2011-2200 | D BUS Project | Improper Input Validation vulnerability in D-Bus Project D-Bus The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. | 4.6 |
2011-06-22 | CVE-2011-1330 | KBS | Cross-Site Scripting vulnerability in KBS Weblygo Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-06-22 | CVE-2011-2531 | Prosody | Resource Management Errors vulnerability in Prosody 0.8.0 Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data. | 4.3 |
2011-06-21 | CVE-2011-1481 | Phpnuke | Cross-Site Scripting vulnerability in PHPnuke PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php. | 4.3 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-21 | CVE-2011-1129 | Simplemachines | Cross-Site Scripting vulnerability in Simplemachines SMF Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action. | 3.5 |
2011-06-24 | CVE-2009-5044 | Apple GNU | Link Following vulnerability in multiple products contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. | 3.3 |
2011-06-22 | CVE-2011-2533 | Freedesktop | Link Following vulnerability in Freedesktop Dbus The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | 3.3 |
2011-06-24 | CVE-2011-0197 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | 2.1 |
2011-06-22 | CVE-2011-1172 | Linux | Information Exposure vulnerability in Linux Kernel net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. | 2.1 |
2011-06-22 | CVE-2011-1171 | Linux | Information Exposure vulnerability in Linux Kernel net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. | 2.1 |
2011-06-22 | CVE-2011-1170 | Linux | Information Exposure vulnerability in Linux Kernel net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. | 2.1 |