Weekly Vulnerabilities Reports > August 22 to 28, 2011

Overview

27 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 12 vendors including Novell, Marcus Schafer, PHP, RSA, and Snitz Communications. Vulnerabilities are notably categorized as "Cross-site Scripting", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Cryptographic Issues".

  • 26 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 27 reported vulnerabilities are exploitable by an anonymous user.
  • Novell has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • PHP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-08-25 CVE-2011-3268 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.

10.0
2011-08-25 CVE-2011-2940 Stunnel Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Stunnel 4.40/4.41

stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3
2011-08-23 CVE-2011-2225 Marcus Schafer
Novell
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh.
9.3

10 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-08-23 CVE-2011-2735 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Autostart 5.3/5.4

Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP.

7.9
2011-08-24 CVE-2010-4830 T Dreams SQL Injection vulnerability in T-Dreams JOB Career Package 3.0

SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.

7.5
2011-08-24 CVE-2010-4829 T Dreams SQL Injection vulnerability in T-Dreams Cars ADS Package 2.0

SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2011-08-24 CVE-2010-4826 Snitz Communications SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.07

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter.

7.5
2011-08-23 CVE-2011-2651 Marcus Schafer
Novell
Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename.
7.5
2011-08-23 CVE-2011-2649 Marcus Schafer
Novell
Improper Input Validation vulnerability in multiple products

Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.

7.5
2011-08-23 CVE-2011-2648 Marcus Schafer
Novell
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a filter in a modified file.
7.5
2011-08-23 CVE-2011-2647 Marcus Schafer
Novell
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files.
7.5
2011-08-23 CVE-2011-2646 Marcus Schafer
Novell
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files.
7.5
2011-08-23 CVE-2011-2645 Marcus Schafer
Novell
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM.
7.5

13 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-08-25 CVE-2011-3267 PHP Resource Management Errors vulnerability in PHP

PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.

5.0
2011-08-25 CVE-2011-3182 PHP NULL Pointer Dereference Denial Of Service vulnerability in PHP Prior to 5.3.7

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.

5.0
2011-08-25 CVE-2011-2737 RSA Information Exposure vulnerability in RSA Envision

RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability."

5.0
2011-08-25 CVE-2011-2736 RSA Cryptographic Issues vulnerability in RSA Envision 4.0

RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox.

5.0
2011-08-25 CVE-2011-1657 PHP Resource Management Errors vulnerability in PHP 5.3.6

The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.

5.0
2011-08-25 CVE-2011-3189 PHP Cryptographic Issues vulnerability in PHP 5.3.7

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

4.3
2011-08-24 CVE-2010-4828 Solarwinds Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor 10.1

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx.

4.3
2011-08-24 CVE-2010-4827 Snitz Communications Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 3.4.07

Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter.

4.3
2011-08-24 CVE-2010-4825 Pleer
Wordpress
Cross-Site Scripting vulnerability in Pleer Wp-Twitter-Feed 0.3.1

Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2011-08-23 CVE-2011-2652 Marcus Schafer
Novell
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file.

4.3
2011-08-23 CVE-2011-2650 Marcus Schafer
Novell
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display.

4.3
2011-08-23 CVE-2011-2644 Marcus Schafer
Novell
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.

4.3
2011-08-23 CVE-2011-2226 Marcus Schafer
Novell
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-08-24 CVE-2011-3266 Wireshark Resource Management Errors vulnerability in Wireshark

The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.

2.6