Weekly Vulnerabilities Reports > July 11 to 17, 2011
Overview
32 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 38 products from 21 vendors including IBM, Microsoft, Fedoraproject, Debian, and Squirrelmail. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Resource Management Errors", "SQL Injection", and "Path Traversal".
- 25 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 30 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 5 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-14 | CVE-2011-2220 | Novell | Buffer Errors vulnerability in Novell File Reporter and File Reporter Engine Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element. | 10.0 |
2011-07-11 | CVE-2011-1867 | HP | Buffer Errors vulnerability in HP products Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet. | 10.0 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-17 | CVE-2011-2692 | Libpng Fedoraproject Debian Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. | 8.8 |
2011-07-13 | CVE-2011-1265 | Bluetooth Microsoft | Code Injection vulnerability in multiple products The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." | 8.3 |
2011-07-11 | CVE-2011-2064 | Cisco | Resource Management Errors vulnerability in Cisco Content Services Gateway Second Generation and IOS Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577. | 7.8 |
2011-07-17 | CVE-2011-2751 | Parodia | SQL Injection vulnerability in Parodia 6.2/6.4 SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-07-11 | CVE-2011-0549 | Symantec | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2011-07-17 | CVE-2011-1223 | IBM Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors. | 7.2 |
2011-07-17 | CVE-2011-1222 | IBM Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors. | 7.2 |
2011-07-13 | CVE-2011-1870 | Microsoft | Numeric Errors vulnerability in Microsoft products Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." | 7.2 |
21 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-11 | CVE-2011-1338 | Xnview | DLL Loading Arbitrary Code Execution vulnerability in XnView Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item. | 6.9 |
2011-07-17 | CVE-2011-2753 | Squirrelmail | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. | 6.8 |
2011-07-17 | CVE-2011-2690 | Libpng Fedoraproject Debian Canonical | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. | 6.8 |
2011-07-11 | CVE-2011-2398 | HP | Local Privilege Escalation vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors. | 6.8 |
2011-07-17 | CVE-2011-2691 | Libpng Fedoraproject Debian | NULL Pointer Dereference vulnerability in multiple products The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. | 6.5 |
2011-07-17 | CVE-2011-2501 | Libpng Fedoraproject Debian Canonical | Out-of-bounds Read vulnerability in multiple products The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. | 6.5 |
2011-07-11 | CVE-2011-1526 | MIT Debian Fedoraproject Opensuse Suse | Improper Privilege Management vulnerability in multiple products ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. | 6.5 |
2011-07-14 | CVE-2011-0287 | RIM | Information Disclosure vulnerability in RIM products Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors. | 6.4 |
2011-07-17 | CVE-2011-2752 | Squirrelmail | Code Injection vulnerability in Squirrelmail CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. | 5.8 |
2011-07-17 | CVE-2011-2760 | Brocade | Permissions, Privileges, and Access Controls vulnerability in Brocade Bigiron RX Switch Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet. | 5.0 |
2011-07-17 | CVE-2011-2759 | IBM | Information Exposure vulnerability in IBM Tivoli Directory Server The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 5.0 |
2011-07-17 | CVE-2011-2758 | IBM | Improper Authentication vulnerability in IBM Tivoli Directory Server IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. | 5.0 |
2011-07-17 | CVE-2011-2757 | Manageengine | Path Traversal vulnerability in Manageengine Servicedesk Plus 7.0.0/7.6/8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-07-17 | CVE-2011-2756 | Manageengine | Improper Authentication vulnerability in Manageengine Servicedesk Plus 8.0 FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | 5.0 |
2011-07-17 | CVE-2011-2755 | Manageengine | Path Traversal vulnerability in Manageengine Servicedesk Plus 8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2011-07-17 | CVE-2011-2750 | Novell | Resource Management Errors vulnerability in Novell File Reporter 1.0.1/1.0.1.1/1.0.2 NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD. | 5.0 |
2011-07-17 | CVE-2011-2754 | IBM | Cross-Site Scripting vulnerability in IBM web Content Manager and Websphere Portal Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-07-14 | CVE-2011-2510 | Dokuwiki | Cross-Site Scripting vulnerability in Dokuwiki Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. | 4.3 |
2011-07-14 | CVE-2011-2023 | Squirrelmail | Cross-Site Scripting vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. | 4.3 |
2011-07-14 | CVE-2010-4555 | Squirrelmail | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. | 4.3 |
2011-07-14 | CVE-2010-4554 | Squirrelmail | Improper Input Validation vulnerability in Squirrelmail functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-13 | CVE-2011-1886 | Microsoft | Local Information Disclosure vulnerability in Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1886) win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' | 2.1 |