Weekly Vulnerabilities Reports > August 22 to 28, 2011
Overview
27 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 12 vendors including Novell, Marcus Schafer, PHP, RSA, and Snitz Communications. Vulnerabilities are notably categorized as "Cross-site Scripting", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Cryptographic Issues".
- 26 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 27 reported vulnerabilities are exploitable by an anonymous user.
- Novell has the most reported vulnerabilities, with 11 reported vulnerabilities.
- PHP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-08-25 | CVE-2011-3268 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. | 10.0 |
| 2011-08-25 | CVE-2011-2940 | Stunnel | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Stunnel 4.40/4.41 stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | 9.3 |
| 2011-08-23 | CVE-2011-2225 | Marcus Schafer Novell | Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh. | 9.3 |
10 High Vulnerabilities
13 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-08-25 | CVE-2011-3267 | PHP | Resource Management Errors vulnerability in PHP PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 |
| 2011-08-25 | CVE-2011-3182 | PHP | NULL Pointer Dereference Denial Of Service vulnerability in PHP Prior to 5.3.7 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. | 5.0 |
| 2011-08-25 | CVE-2011-2737 | RSA | Information Exposure vulnerability in RSA Envision RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability." | 5.0 |
| 2011-08-25 | CVE-2011-2736 | RSA | Cryptographic Issues vulnerability in RSA Envision 4.0 RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. | 5.0 |
| 2011-08-25 | CVE-2011-1657 | PHP | Resource Management Errors vulnerability in PHP 5.3.6 The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND. | 5.0 |
| 2011-08-25 | CVE-2011-3189 | PHP | Cryptographic Issues vulnerability in PHP 5.3.7 The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. | 4.3 |
| 2011-08-24 | CVE-2010-4828 | Solarwinds | Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor 10.1 Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. | 4.3 |
| 2011-08-24 | CVE-2010-4827 | Snitz Communications | Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 3.4.07 Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. | 4.3 |
| 2011-08-24 | CVE-2010-4825 | Pleer Wordpress | Cross-Site Scripting vulnerability in Pleer Wp-Twitter-Feed 0.3.1 Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
| 2011-08-23 | CVE-2011-2652 | Marcus Schafer Novell | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file. | 4.3 |
| 2011-08-23 | CVE-2011-2650 | Marcus Schafer Novell | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display. | 4.3 |
| 2011-08-23 | CVE-2011-2644 | Marcus Schafer Novell | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display. | 4.3 |
| 2011-08-23 | CVE-2011-2226 | Marcus Schafer Novell | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-08-24 | CVE-2011-3266 | Wireshark | Resource Management Errors vulnerability in Wireshark The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. | 2.6 |