Weekly Vulnerabilities Reports > July 4 to 10, 2011
Overview
26 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 25 products from 23 vendors including IBM, Digium, ISC, 6Kbbs, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Information Exposure".
- 23 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 22 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 5 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-07 | CVE-2011-2681 | IBM | Improper Input Validation vulnerability in IBM Rational Doors web Access IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors. | 10.0 |
2011-07-07 | CVE-2011-2680 | IBM | Multiple Unspecified vulnerability in IBM Rational DOORS Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response." | 10.0 |
2011-07-07 | CVE-2011-1336 | Estsoft | Buffer Errors vulnerability in Estsoft Alzip 8.0/8.12/8.21 Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file. | 9.3 |
5 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-08 | CVE-2010-4814 | Bestsoftinc | SQL Injection vulnerability in Bestsoftinc Advance Hotel Booking System 1.0 SQL injection vulnerability in index1.php in Best Soft Inc. | 7.5 |
2011-07-08 | CVE-2010-4810 | Awcm CMS | Code Injection vulnerability in Awcm-Cms AR web Content Manager 2.1 Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php. | 7.5 |
2011-07-08 | CVE-2010-4809 | Liberologico | SQL Injection vulnerability in Liberologico Dbsite 1.0 SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2011-07-08 | CVE-2010-4808 | Valarsoft | SQL Injection vulnerability in Valarsoft Webmatic SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
2011-07-07 | CVE-2011-1946 | Hongli LAI | Permissions, Privileges, and Access Controls vulnerability in Hongli LAI Libgnomesu 1.0.0 gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts. | 7.2 |
15 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-07 | CVE-2011-2678 | Cisco Microsoft | Local Security vulnerability in Cisco VPN Client 5.0.7.0240/5.0.7.0290 The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. | 6.8 |
2011-07-08 | CVE-2010-4812 | 6Kbbs | SQL Injection vulnerability in 6Kbbs 8.0 Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php. | 6.5 |
2011-07-08 | CVE-2011-2464 | ISC | Packet Processing Remote Denial of Service vulnerability in ISC BIND 9 Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. | 5.0 |
2011-07-06 | CVE-2011-2666 | Digium | Configuration vulnerability in Digium Asterisk The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. | 5.0 |
2011-07-06 | CVE-2011-2665 | Digium | Denial-Of-Service vulnerability in Asterisk reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. | 5.0 |
2011-07-06 | CVE-2011-2536 | Digium | Information Exposure vulnerability in Digium Asterisk chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. | 5.0 |
2011-07-06 | CVE-2011-2535 | Digium | Improper Input Validation vulnerability in Digium Asterisk chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. | 5.0 |
2011-07-06 | CVE-2011-2529 | Digium | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. | 5.0 |
2011-07-08 | CVE-2010-4811 | 6Kbbs | Cross-Site Scripting vulnerability in 6Kbbs 8.0 Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action. | 4.3 |
2011-07-07 | CVE-2011-2192 | Curl Haxx Apple Fedoraproject Debian Canonical | Credentials Management vulnerability in multiple products The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | 4.3 |
2011-07-07 | CVE-2011-1498 | Apache | Information Exposure vulnerability in Apache Httpclient 4.0/4.0.1/4.1 Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header. | 4.3 |
2011-07-07 | CVE-2011-1224 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. | 4.3 |
2011-07-07 | CVE-2011-2679 | IBM | Cross-Site Scripting vulnerability in IBM Rational Doors web Access Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-07-07 | CVE-2011-2597 | Wireshark | Resource Management Errors vulnerability in Wireshark The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. | 4.3 |
2011-07-07 | CVE-2011-2682 | IBM | Resource Management Errors vulnerability in IBM Rational Doors web Access The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-08 | CVE-2011-2664 | Checkpoint | Local Security vulnerability in Check Point Provider-1 Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. | 3.6 |
2011-07-08 | CVE-2010-4813 | Category Tokens Project Drupal | Cross-Site Scripting vulnerability in Category Tokens Project Category Tokens 6.X1.0 Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | 3.5 |
2011-07-08 | CVE-2011-2465 | ISC | Remote Denial of Service vulnerability in ISC BIND 9 RPZ Configurations Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query. | 2.6 |