Weekly Vulnerabilities Reports > November 21 to 27, 2011

Overview

57 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 44 vendors including Realnetworks, Joomla, Sitecom, Cisco, and IBM. Vulnerabilities are notably categorized as "SQL Injection", "Code Injection", "Cross-site Scripting", "Configuration", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 54 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 56 reported vulnerabilities are exploitable by an anonymous user.
  • Realnetworks has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Realnetworks has the most reported critical vulnerabilities, with 19 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

25 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-24 CVE-2011-4256 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2011-11-24 CVE-2011-4255 Realnetworks Unspecified vulnerability in Realnetworks Realplayer

Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.

10.0
2011-11-24 CVE-2011-4254 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.

10.0
2011-11-24 CVE-2011-4253 Realnetworks Unspecified vulnerability in Realnetworks Realplayer

Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2011-11-24 CVE-2011-4250 Realnetworks Unspecified vulnerability in Realnetworks Realplayer

Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2011-11-24 CVE-2011-4249 Realnetworks Improper Input Validation vulnerability in Realnetworks Realplayer

Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2011-11-24 CVE-2011-4246 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer

The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2011-11-24 CVE-2011-4245 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer

The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2011-11-24 CVE-2011-4244 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer

Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2011-11-24 CVE-2011-4548 Google
Acer
Samsung
Remote Security vulnerability in Chrome Os

Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

10.0
2011-11-22 CVE-2011-4502 Edimax
Canyon Tech
Sitecom
Sweex
OS Command Injection vulnerability in multiple products

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters.

10.0
2011-11-22 CVE-2011-4501 Edimax
Canyon Tech
Sitecom
Sweex
Configuration vulnerability in multiple products

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

10.0
2011-11-21 CVE-2011-4040 Njstar Buffer Errors vulnerability in Njstar Communicator 3.0.11818

Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.

10.0
2011-11-26 CVE-2011-3828 Sunplus Tech Code Injection vulnerability in Sunplus-Tech DVR Remote Activex Control 2.1.0.39

DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server.

9.3
2011-11-24 CVE-2011-4262 Realnetworks Unspecified vulnerability in Realnetworks Realplayer

Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.

9.3
2011-11-24 CVE-2011-4261 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.

9.3
2011-11-24 CVE-2011-4260 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.

9.3
2011-11-24 CVE-2011-4259 Realnetworks Numeric Errors vulnerability in Realnetworks Realplayer

Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.

9.3
2011-11-24 CVE-2011-4258 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.

9.3
2011-11-24 CVE-2011-4257 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.

9.3
2011-11-24 CVE-2011-4252 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.

9.3
2011-11-24 CVE-2011-4251 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.

9.3
2011-11-24 CVE-2011-4248 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.

9.3
2011-11-24 CVE-2011-4247 Realnetworks Code Injection vulnerability in Realnetworks Realplayer

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.

9.3
2011-11-21 CVE-2011-4496 Aviosoft Buffer Errors vulnerability in Aviosoft DTV Player 1.0.1.2

Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.

9.3

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-23 CVE-2010-5062 MH Products SQL Injection vulnerability in MH products Kleinanzeigenmarkt

SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.

7.5
2011-11-23 CVE-2010-5061 Rsstatic SQL Injection vulnerability in Rsstatic

SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter.

7.5
2011-11-23 CVE-2010-5060 Internet Works SQL Injection vulnerability in Internet-Works NUS Newssystem 1.02

SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-11-23 CVE-2010-5059 Cmscout SQL Injection vulnerability in Cmscout 2.08

SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.

7.5
2011-11-23 CVE-2010-5058 Alephsystem SQL Injection vulnerability in Alephsystem CMS Ariadna 1.1

SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter.

7.5
2011-11-23 CVE-2010-5057 Alephsystem SQL Injection vulnerability in Alephsystem CMS Ariadna 1.1

SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.

7.5
2011-11-23 CVE-2010-5056 GBU Grafici
Joomla
SQL Injection vulnerability in GBU Grafici COM Gbufacebook 1.0.5

SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.

7.5
2011-11-23 CVE-2010-5055 Almnzm SQL Injection vulnerability in Almnzm 2.1

SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-11-23 CVE-2010-5053 PHP Shop System
Joomla
SQL Injection vulnerability in PHP-Shop-System COM Xobbix 1.0.1

SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.

7.5
2011-11-23 CVE-2010-5049 Zabbix SQL Injection vulnerability in Zabbix

SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.

7.5
2011-11-23 CVE-2010-5047 V EVA SQL Injection vulnerability in V-Eva Press Release Script

SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-11-22 CVE-2011-4507 Dlink Cryptographic Issues vulnerability in Dlink Dir-685

The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device.

7.5
2011-11-22 CVE-2011-4506 Technicolor Configuration vulnerability in Technicolor Tg585 Router and Tg585 Router Firmware

The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

7.5
2011-11-22 CVE-2011-4505 Alcatel Configuration vulnerability in Alcatel products

The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

7.5
2011-11-22 CVE-2011-4504 Genmei Mori
Zyxel
Configuration vulnerability in multiple products

The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

7.5
2011-11-22 CVE-2011-4503 Broadcom
Sitecom
Configuration vulnerability in multiple products

The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

7.5
2011-11-22 CVE-2011-4500 Cisco
Linksys
Configuration vulnerability in multiple products

The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.

7.5
2011-11-22 CVE-2011-4499 Cisco
Linksys
Configuration vulnerability in multiple products

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

7.5

11 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-21 CVE-2011-4498 Zenprise Cross-Site Request Forgery (CSRF) vulnerability in Zenprise Device Manager

Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices.

6.8
2011-11-23 CVE-2011-4321 Joomla Cryptographic Issues vulnerability in Joomla Joomla!

The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.

5.0
2011-11-26 CVE-2011-4275 Combodo Cross-Site Scripting vulnerability in Combodo Itop 1.1.181/1.2.0

Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.

4.3
2011-11-24 CVE-2011-4312 Reviewboard Cross-Site Scripting vulnerability in Reviewboard Review Board

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.

4.3
2011-11-23 CVE-2011-4332 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-11-23 CVE-2010-5054 Jamwiki Cross-Site Scripting vulnerability in Jamwiki

Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2011-11-23 CVE-2010-5052 GET Simple Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 2.01

Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.

4.3
2011-11-23 CVE-2010-5051 Razorcms Cross-Site Scripting vulnerability in Razorcms 1.0

Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.

4.3
2011-11-23 CVE-2010-5050 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus 4.4.0

Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter.

4.3
2011-11-23 CVE-2010-5048 Joomlatune
Joomla
Cross-Site Scripting vulnerability in Joomlatune COM Jcomments 2.1.0.0

Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.

4.3
2011-11-23 CVE-2010-5046 Ecocms Cross-Site Scripting vulnerability in Ecocms

Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-21 CVE-2011-4497 Asus Information Exposure vulnerability in Asus Rt-N56U and Rt-N56U Firmware

QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.

3.3
2011-11-24 CVE-2011-4160 HP
IBM
Linux
SUN
Local Unauthorized Access vulnerability in HP Operations Agent and Performance Agent

Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.

3.2
2011-11-26 CVE-2011-1378 IBM
HP
Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 6.0

IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.

1.9