Weekly Vulnerabilities Reports > November 14 to 20, 2011
Overview
24 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 15 vendors including HP, Mahara, Apple, Phpmyadmin, and Xelerance. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Resource Management Errors", and "Information Exposure".
- 22 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 18 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 5 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-16 | CVE-2011-4157 | HP | Buffer Errors vulnerability in HP products Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request. | 10.0 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-15 | CVE-2011-1516 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. | 7.6 |
| 2011-11-15 | CVE-2008-7303 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. | 7.6 |
20 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-17 | CVE-2011-4122 | Freebsd | Path Traversal vulnerability in Freebsd 8.1 Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. | 6.9 |
| 2011-11-19 | CVE-2011-4159 | HP | Unspecified vulnerability in HP Event Monitoring Service A.04.20.11.04 Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. | 6.8 |
| 2011-11-15 | CVE-2011-2773 | Mahara | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution. | 6.8 |
| 2011-11-17 | CVE-2011-4107 | Phpmyadmin Fedoraproject Debian | XXE vulnerability in multiple products The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | 6.5 |
| 2011-11-15 | CVE-2011-4118 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target. | 6.0 |
| 2011-11-19 | CVE-2011-4404 | Vmware | Configuration vulnerability in VMWare Vcenter Update Manager 4.0/4.1 The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. | 5.0 |
| 2011-11-19 | CVE-2011-4311 | Montala | Improper Input Validation vulnerability in Montala Resourcespace ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors. | 5.0 |
| 2011-11-19 | CVE-2011-3849 | Broadcom | Unspecified vulnerability in Broadcom Directory 8.1/R12 Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet. | 5.0 |
| 2011-11-17 | CVE-2011-4096 | Squid Cache | Resource Management Errors vulnerability in Squid-Cache Squid The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. | 5.0 |
| 2011-11-17 | CVE-2011-3646 | Phpmyadmin | Improper Input Validation vulnerability in PHPmyadmin phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. | 5.0 |
| 2011-11-17 | CVE-2011-3380 | Xelerance | Unspecified vulnerability in Xelerance Openswan Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. | 5.0 |
| 2011-11-15 | CVE-2011-2772 | Mahara | Improper Input Validation vulnerability in Mahara The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image. | 5.0 |
| 2011-11-19 | CVE-2011-4465 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Mobile Connect 6.1.4 Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. | 4.3 |
| 2011-11-17 | CVE-2011-2770 | Robert Luberda | Cross-Site Scripting vulnerability in Robert Luberda Man2Html 1.6 Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages. | 4.3 |
| 2011-11-16 | CVE-2011-4156 | HP | Cross-Site Scripting vulnerability in HP Network Node Manager I Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155. | 4.3 |
| 2011-11-16 | CVE-2011-4155 | HP | Cross-Site Scripting vulnerability in HP Network Node Manager I Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156. | 4.3 |
| 2011-11-15 | CVE-2011-2771 | Mahara | Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. | 4.3 |
| 2011-11-17 | CVE-2011-4073 | Xelerance | Resource Management Errors vulnerability in Xelerance Openswan Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. | 4.0 |
| 2011-11-16 | CVE-2011-4158 | HP | Unspecified vulnerability in HP Directories Support for Proliant Management Processors 3.10/3.20 Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors. | 4.0 |
| 2011-11-15 | CVE-2011-2774 | Mahara | Information Exposure vulnerability in Mahara The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. | 4.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-17 | CVE-2011-4457 | Owasp Java Html Sanitizer Project | Information Exposure vulnerability in Owasp-Java-Html-Sanitizer Project Owasp-Java-Html-Sanitizer OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. | 2.6 |