Weekly Vulnerabilities Reports > November 21 to 27, 2011
Overview
57 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 44 vendors including Realnetworks, Joomla, Sitecom, IBM, and Cisco. Vulnerabilities are notably categorized as "SQL Injection", "Code Injection", "Cross-site Scripting", "Configuration", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 54 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities have public exploit available.
- 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 56 reported vulnerabilities are exploitable by an anonymous user.
- Realnetworks has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Realnetworks has the most reported critical vulnerabilities, with 19 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
25 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-24 | CVE-2011-4256 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2011-11-24 | CVE-2011-4255 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name. | 10.0 |
| 2011-11-24 | CVE-2011-4254 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. | 10.0 |
| 2011-11-24 | CVE-2011-4253 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2011-11-24 | CVE-2011-4250 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2011-11-24 | CVE-2011-4249 | Realnetworks | Improper Input Validation vulnerability in Realnetworks Realplayer Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2011-11-24 | CVE-2011-4246 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
| 2011-11-24 | CVE-2011-4245 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
| 2011-11-24 | CVE-2011-4244 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2011-11-24 | CVE-2011-4548 | Google Acer Samsung | Remote Security vulnerability in Chrome Os Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | 10.0 |
| 2011-11-22 | CVE-2011-4502 | Edimax Canyon Tech Sitecom Sweex | OS Command Injection vulnerability in multiple products The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. | 10.0 |
| 2011-11-22 | CVE-2011-4501 | Edimax Canyon Tech Sitecom Sweex | Configuration vulnerability in multiple products The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | 10.0 |
| 2011-11-21 | CVE-2011-4040 | Njstar | Buffer Errors vulnerability in Njstar Communicator 3.0.11818 Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet. | 10.0 |
| 2011-11-26 | CVE-2011-3828 | Sunplus Tech | Code Injection vulnerability in Sunplus-Tech DVR Remote Activex Control 2.1.0.39 DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server. | 9.3 |
| 2011-11-24 | CVE-2011-4262 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file. | 9.3 |
| 2011-11-24 | CVE-2011-4261 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file. | 9.3 |
| 2011-11-24 | CVE-2011-4260 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. | 9.3 |
| 2011-11-24 | CVE-2011-4259 | Realnetworks | Numeric Errors vulnerability in Realnetworks Realplayer Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file. | 9.3 |
| 2011-11-24 | CVE-2011-4258 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. | 9.3 |
| 2011-11-24 | CVE-2011-4257 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | 9.3 |
| 2011-11-24 | CVE-2011-4252 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. | 9.3 |
| 2011-11-24 | CVE-2011-4251 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file. | 9.3 |
| 2011-11-24 | CVE-2011-4248 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. | 9.3 |
| 2011-11-24 | CVE-2011-4247 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. | 9.3 |
| 2011-11-21 | CVE-2011-4496 | Aviosoft | Buffer Errors vulnerability in Aviosoft DTV Player 1.0.1.2 Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file. | 9.3 |
18 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-23 | CVE-2010-5062 | MH Products | SQL Injection vulnerability in MH products Kleinanzeigenmarkt SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 |
| 2011-11-23 | CVE-2010-5061 | Rsstatic | SQL Injection vulnerability in Rsstatic SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter. | 7.5 |
| 2011-11-23 | CVE-2010-5060 | Internet Works | SQL Injection vulnerability in Internet-Works NUS Newssystem 1.02 SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-11-23 | CVE-2010-5059 | Cmscout | SQL Injection vulnerability in Cmscout 2.08 SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action. | 7.5 |
| 2011-11-23 | CVE-2010-5058 | Alephsystem | SQL Injection vulnerability in Alephsystem CMS Ariadna 1.1 SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. | 7.5 |
| 2011-11-23 | CVE-2010-5057 | Alephsystem | SQL Injection vulnerability in Alephsystem CMS Ariadna 1.1 SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter. | 7.5 |
| 2011-11-23 | CVE-2010-5056 | GBU Grafici Joomla | SQL Injection vulnerability in GBU Grafici COM Gbufacebook 1.0.5 SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php. | 7.5 |
| 2011-11-23 | CVE-2010-5055 | Almnzm | SQL Injection vulnerability in Almnzm 2.1 SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-11-23 | CVE-2010-5053 | PHP Shop System Joomla | SQL Injection vulnerability in PHP-Shop-System COM Xobbix 1.0.1 SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php. | 7.5 |
| 2011-11-23 | CVE-2010-5049 | Zabbix | SQL Injection vulnerability in Zabbix SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter. | 7.5 |
| 2011-11-23 | CVE-2010-5047 | V EVA | SQL Injection vulnerability in V-Eva Press Release Script SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-11-22 | CVE-2011-4507 | Dlink | Cryptographic Issues vulnerability in Dlink Dir-685 The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device. | 7.5 |
| 2011-11-22 | CVE-2011-4506 | Technicolor | Configuration vulnerability in Technicolor Tg585 Router and Tg585 Router Firmware The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | 7.5 |
| 2011-11-22 | CVE-2011-4505 | Alcatel | Configuration vulnerability in Alcatel products The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | 7.5 |
| 2011-11-22 | CVE-2011-4504 | Genmei Mori Zyxel | Configuration vulnerability in multiple products The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | 7.5 |
| 2011-11-22 | CVE-2011-4503 | Broadcom Sitecom | Configuration vulnerability in multiple products The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | 7.5 |
| 2011-11-22 | CVE-2011-4500 | Cisco Linksys | Configuration vulnerability in multiple products The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. | 7.5 |
| 2011-11-22 | CVE-2011-4499 | Cisco Linksys | Configuration vulnerability in multiple products The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | 7.5 |
11 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-21 | CVE-2011-4498 | Zenprise | Cross-Site Request Forgery (CSRF) vulnerability in Zenprise Device Manager Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices. | 6.8 |
| 2011-11-23 | CVE-2011-4321 | Joomla | Cryptographic Issues vulnerability in Joomla Joomla! The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. | 5.0 |
| 2011-11-26 | CVE-2011-4275 | Combodo | Cross-Site Scripting vulnerability in Combodo Itop 1.1.181/1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php. | 4.3 |
| 2011-11-24 | CVE-2011-4312 | Reviewboard | Cross-Site Scripting vulnerability in Reviewboard Review Board Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. | 4.3 |
| 2011-11-23 | CVE-2011-4332 | Joomla | Cross-Site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-11-23 | CVE-2010-5054 | Jamwiki | Cross-Site Scripting vulnerability in Jamwiki Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
| 2011-11-23 | CVE-2010-5052 | GET Simple | Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 2.01 Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter. | 4.3 |
| 2011-11-23 | CVE-2010-5051 | Razorcms | Cross-Site Scripting vulnerability in Razorcms 1.0 Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php. | 4.3 |
| 2011-11-23 | CVE-2010-5050 | Zohocorp | Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus 4.4.0 Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. | 4.3 |
| 2011-11-23 | CVE-2010-5048 | Joomlatune Joomla | Cross-Site Scripting vulnerability in Joomlatune COM Jcomments 2.1.0.0 Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php. | 4.3 |
| 2011-11-23 | CVE-2010-5046 | Ecocms | Cross-Site Scripting vulnerability in Ecocms Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-21 | CVE-2011-4497 | Asus | Information Exposure vulnerability in Asus Rt-N56U and Rt-N56U Firmware QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. | 3.3 |
| 2011-11-24 | CVE-2011-4160 | HP IBM Linux SUN | Local Unauthorized Access vulnerability in HP Operations Agent and Performance Agent Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. | 3.2 |
| 2011-11-26 | CVE-2011-1378 | IBM HP | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 6.0 IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command. | 1.9 |