Weekly Vulnerabilities Reports > August 29 to September 4, 2011
Overview
39 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 22 vendors including Cisco, Rubyonrails, Tibco, Pidgin, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "Improper Authentication".
- 38 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 36 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-02 | CVE-2011-0342 | Indusoft | Buffer Errors vulnerability in Indusoft web Studio 7.0B2 Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method. | 10.0 |
2011-08-29 | CVE-2011-2555 | Cisco | Credentials Management vulnerability in Cisco Telepresence Recording Server Software 1.7.2 Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182. | 10.0 |
2011-08-29 | CVE-2011-1643 | Cisco | Information Exposure vulnerability in Cisco products Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | 10.0 |
2011-09-02 | CVE-2011-2594 | Kmplayer | Buffer Errors vulnerability in Kmplayer 3.0.0.1441 Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field. | 9.3 |
2011-09-02 | CVE-2011-1944 | Xmlsoft | Numeric Errors vulnerability in Xmlsoft Libxml and Libxml2 Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. | 9.3 |
2011-08-29 | CVE-2011-3185 | Microsoft Pidgin | Improper Input Validation vulnerability in Pidgin gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | 9.3 |
10 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-08-31 | CVE-2011-2577 | Cisco | Remote Denial of Service vulnerability in Cisco TelePresence Codecs SIP Packet Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500. | 7.8 |
2011-08-29 | CVE-2011-2564 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. | 7.8 |
2011-08-29 | CVE-2011-2563 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. | 7.8 |
2011-08-29 | CVE-2011-2562 | Cisco | Unspecified vulnerability in Cisco Unified Communications Manager Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. | 7.8 |
2011-08-29 | CVE-2011-2560 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Manager The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162. | 7.8 |
2011-09-02 | CVE-2011-3134 | Tibco | Unspecified vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | 7.5 |
2011-09-02 | CVE-2011-2763 | Lifesize | Improper Input Validation vulnerability in Lifesize Room Appliance Software 4.7.18/Lsrm13.5.3 The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. | 7.5 |
2011-08-29 | CVE-2011-0228 | Apple | Improper Input Validation vulnerability in Apple Iphone OS The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | 7.5 |
2011-08-29 | CVE-2011-2930 | Rubyonrails | SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. | 7.5 |
2011-08-29 | CVE-2011-2561 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Manager The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. | 7.1 |
20 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-02 | CVE-2011-2903 | Rhythm | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rhythm Tcptrack Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. | 6.8 |
2011-09-02 | CVE-2011-1411 | Shibboleth | Improper Authentication vulnerability in Shibboleth Opensaml and Shibboleth-Identity-Provider Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | 5.8 |
2011-08-31 | CVE-2011-2899 | Redhat | Improper Input Validation vulnerability in Redhat System-Config-Printer pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers. | 5.1 |
2011-09-02 | CVE-2011-2762 | Lifesize | Improper Authentication vulnerability in Lifesize Room Appliance Software Lsrm13.5.3 The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. | 5.0 |
2011-08-31 | CVE-2011-2524 | Gnome | Path Traversal vulnerability in Gnome Libsoup Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | 5.0 |
2011-08-29 | CVE-2011-2929 | Rubyonrails | Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." | 5.0 |
2011-09-02 | CVE-2011-3385 | Lepton CMS Websitebaker2 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307. | 4.3 |
2011-09-02 | CVE-2009-5086 | Juniper | Cross-Site Scripting vulnerability in Juniper IDP Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-09-02 | CVE-2011-3133 | Tibco | Unspecified vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
2011-09-02 | CVE-2011-3132 | Tibco | Cross-Site Scripting vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-08-29 | CVE-2011-3187 | Rubyonrails | Improper Input Validation vulnerability in Rubyonrails Rails 3.0.5 The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | 4.3 |
2011-08-29 | CVE-2011-3186 | Rubyonrails | Code Injection vulnerability in Rubyonrails Rails CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. | 4.3 |
2011-08-29 | CVE-2011-2932 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." | 4.3 |
2011-08-29 | CVE-2011-2931 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. | 4.3 |
2011-08-29 | CVE-2011-3184 | Pidgin | Resource Management Errors vulnerability in Pidgin The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. | 4.3 |
2011-08-29 | CVE-2011-3181 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. | 4.3 |
2011-08-29 | CVE-2011-2943 | Pidgin | Denial of Service and Security Bypass vulnerability in Pidgin Libpurple and Pidgin The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. | 4.3 |
2011-09-02 | CVE-2011-3387 | IBM | Improper Input Validation vulnerability in IBM Java 1.4.2.13.9 The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. | 4.0 |
2011-09-02 | CVE-2011-3386 | Medtronic | Unspecified vulnerability in Medtronic Paradigm Wireless Insulin Pump Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. | 4.0 |
2011-08-29 | CVE-2011-2746 | Otrs | Local File Disclosure vulnerability in OTRS 'AdminPackageManager.pm' Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-02 | CVE-2011-0311 | IBM | Buffer Errors vulnerability in IBM Java and Runtimes for Java Technology The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. | 3.5 |
2011-08-29 | CVE-2011-2712 | Apache | Cross-Site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2.6 |
2011-09-02 | CVE-2011-2176 | Gnome | Improper Authentication vulnerability in Gnome Networkmanager GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | 2.1 |