Weekly Vulnerabilities Reports > September 26 to October 2, 2011
Overview
51 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 31 products from 24 vendors including Mozilla, Mhproducts, Symantec, Netsaro, and Sonexis. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".
- 48 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 22 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 48 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-30 | CVE-2011-2998 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | 10.0 |
| 2011-09-29 | CVE-2011-3003 | Mozilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. | 10.0 |
| 2011-09-29 | CVE-2011-2997 | Mozilla | Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2011-09-29 | CVE-2011-2996 | Mozilla | Remote Memory Corruption vulnerability in Mozilla Firefox Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2011-09-29 | CVE-2011-2995 | Mozilla | Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2011-09-29 | CVE-2011-3504 | Ffmpeg | Code Injection vulnerability in Ffmpeg The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | 9.3 |
| 2011-09-29 | CVE-2011-3232 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | 9.3 |
| 2011-09-29 | CVE-2011-3005 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | 9.3 |
| 2011-09-29 | CVE-2011-3002 | Mozilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. | 9.3 |
| 2011-09-27 | CVE-2011-3691 | Foxitsoftware | Untrusted Search Path vulnerability in Foxitsoftware Foxit Reader Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory. | 9.3 |
| 2011-09-27 | CVE-2011-3690 | Plotsoft | Unspecified vulnerability in Plotsoft Pdfill PDF Editor 8.0 Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 allows local users to gain privileges via a Trojan horse mfc70enu.dll or mfc80loc.dll in the current working directory. | 9.3 |
| 2011-10-02 | CVE-2011-2411 | Samba HP | Remote Code Execution vulnerability in HP NonStop Server Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
13 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-10-02 | CVE-2011-0554 | Symantec | Code Injection vulnerability in Symantec IM Manager The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." | 7.5 |
| 2011-10-02 | CVE-2011-0553 | Symantec | SQL Injection vulnerability in Symantec IM Manager SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-09-27 | CVE-2011-3688 | Sonexis | SQL Injection vulnerability in Sonexis Conferencemanager 9.3.14.0 Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp. | 7.5 |
| 2011-09-27 | CVE-2011-3645 | Newgensoft | Permissions, Privileges, and Access Controls vulnerability in Newgensoft Omnidocs Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user. | 7.5 |
| 2011-09-27 | CVE-2010-4840 | Manageengine | Buffer Errors vulnerability in Manageengine Eventlog Analyzer 6.1 Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. | 7.5 |
| 2011-09-27 | CVE-2010-4851 | Eclime | SQL Injection vulnerability in Eclime 1.1.2B Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php. | 7.5 |
| 2011-09-27 | CVE-2010-4849 | Alibabaclone | SQL Injection vulnerability in Alibabaclone Alibaba Clone B2B 3.4 SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter. | 7.5 |
| 2011-09-27 | CVE-2010-4847 | Mhproducts | SQL Injection vulnerability in Mhproducts MHP Downloadshop SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | 7.5 |
| 2011-09-27 | CVE-2010-4846 | Mhproducts | SQL Injection vulnerability in Mhproducts PAY PAL Shop Digital SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | 7.5 |
| 2011-09-27 | CVE-2010-4845 | Mhproducts | SQL Injection vulnerability in Mhproducts Projekt Shop Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php. | 7.5 |
| 2011-09-27 | CVE-2010-4844 | Mhproducts | SQL Injection vulnerability in Mhproducts Easy Online Shop SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter. | 7.5 |
| 2011-09-27 | CVE-2010-4843 | Phpwebscripts | SQL Injection vulnerability in PHPwebscripts AD Manager PRO 3.0 SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | 7.5 |
| 2011-09-27 | CVE-2010-4842 | Mhproducts | SQL Injection vulnerability in Mhproducts Download Center 2.2 SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. | 7.5 |
22 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-30 | CVE-2011-3579 | Icewarp | Resource Management Errors vulnerability in Icewarp Mail Server server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. | 6.4 |
| 2011-09-30 | CVE-2011-3580 | Icewarp | Information Exposure vulnerability in Icewarp Mail Server IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | 5.0 |
| 2011-09-30 | CVE-2011-3369 | Juan Toledo | Denial-Of-Service vulnerability in Etherape The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c. | 5.0 |
| 2011-09-27 | CVE-2011-3694 | Netsaro | Information Exposure vulnerability in Netsaro Enterprise Messenger Server 2.0 The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL. | 5.0 |
| 2011-10-02 | CVE-2011-2674 | Basercms | Permissions, Privileges, and Access Controls vulnerability in Basercms BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | 4.9 |
| 2011-10-02 | CVE-2011-3371 | Punbb | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. | 4.3 |
| 2011-10-02 | CVE-2011-2673 | Basercms | Cross-Site Scripting vulnerability in Basercms Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-10-02 | CVE-2011-0552 | Symantec | Cross-Site Scripting vulnerability in Symantec IM Manager Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp. | 4.3 |
| 2011-09-30 | CVE-2011-3010 | Twiki | Cross-Site Scripting vulnerability in Twiki Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin. | 4.3 |
| 2011-09-29 | CVE-2011-3866 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. | 4.3 |
| 2011-09-29 | CVE-2011-3004 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | 4.3 |
| 2011-09-29 | CVE-2011-3001 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | 4.3 |
| 2011-09-29 | CVE-2011-3000 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | 4.3 |
| 2011-09-29 | CVE-2011-2999 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | 4.3 |
| 2011-09-27 | CVE-2011-3689 | Wibu | Cross-Site Scripting vulnerability in Wibu Codemeter Webadmin 3.30/4.30 Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. | 4.3 |
| 2011-09-27 | CVE-2011-3687 | Sonexis | Cross-Site Scripting vulnerability in Sonexis Conferencemanager 9.2.11.0 Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp parameter to ForgotPIN.asp, or the (4) Description, (5) title, or (6) Heading parameter to Error.asp. | 4.3 |
| 2011-09-27 | CVE-2011-3686 | Sonexis | Cross-Site Scripting vulnerability in Sonexis Conferencemanager 9.2.11.0/9.3.14.0 Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter. | 4.3 |
| 2011-09-27 | CVE-2011-3684 | Tembria | Cross-Site Scripting vulnerability in Tembria Server Monitor Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp. | 4.3 |
| 2011-09-27 | CVE-2010-4841 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Eventlog Analyzer 6.1 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. | 4.3 |
| 2011-09-27 | CVE-2010-4852 | Eclime | Cross-Site Scripting vulnerability in Eclime 1.1.2B Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action. | 4.3 |
| 2011-09-27 | CVE-2010-4850 | Diferior | Cross-Site Scripting vulnerability in Diferior 8.03 Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php. | 4.3 |
| 2011-09-27 | CVE-2010-4848 | Axscripts | Cross-Site Scripting vulnerability in Axscripts Axslinks 0.3 Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter. | 4.3 |
4 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-29 | CVE-2011-2372 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | 3.5 |
| 2011-09-27 | CVE-2011-3693 | Netsaro | Cryptographic Issues vulnerability in Netsaro Enterprise Messenger Server 2.0 NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. | 1.9 |
| 2011-09-27 | CVE-2011-3692 | Netsaro | Cryptographic Issues vulnerability in Netsaro Enterprise Messenger Server 2.0 NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step. | 1.9 |
| 2011-09-27 | CVE-2011-3685 | Tembria | Cryptographic Issues vulnerability in Tembria Server Monitor Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory. | 1.9 |