Weekly Vulnerabilities Reports > November 28 to December 4, 2011
Overview
48 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 40 vendors including Wordpress, Schneider Electric, Canonical, IBM, and Vtiger. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Code Injection".
- 48 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities have public exploit available.
- 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 46 reported vulnerabilities are exploitable by an anonymous user.
- Wordpress has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Schneider Electric has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-12-01 | CVE-2011-4161 | HP | Permissions, Privileges, and Access Controls vulnerability in HP products The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. | 10.0 |
| 2011-12-02 | CVE-2011-4034 | Schneider Electric | Buffer Errors vulnerability in Schneider-Electric products Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | 9.3 |
17 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-12-02 | CVE-2011-4674 | Zabbix | SQL Injection vulnerability in Zabbix 1.8.3/1.8.4 SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. | 7.5 |
| 2011-12-02 | CVE-2011-4673 | Automattic Wordpress | SQL Injection vulnerability in Automattic Jetpack SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-12-02 | CVE-2011-4672 | Valid | SQL Injection vulnerability in Valid Tiny-Erp Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php. | 7.5 |
| 2011-12-02 | CVE-2011-4671 | Adrotateplugin Wordpress | SQL Injection vulnerability in Adrotateplugin Adrotate SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). | 7.5 |
| 2011-12-02 | CVE-2011-4669 | Wordpress | SQL Injection vulnerability in Wordpress Wordpress-Users SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. | 7.5 |
| 2011-12-02 | CVE-2011-4668 | IBM | Code Injection vulnerability in IBM Tivoli Netcool/Reporter IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server. | 7.5 |
| 2011-12-01 | CVE-2011-4001 | Mawashimono | Path Traversal vulnerability in Mawashimono Nikki Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors. | 7.5 |
| 2011-11-30 | CVE-2011-4542 | Hastymail | SQL Injection vulnerability in Hastymail Hastymail2 Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI. | 7.5 |
| 2011-11-30 | CVE-2011-4191 | Novell | Buffer Errors vulnerability in Novell Netware 6.5 Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. | 7.5 |
| 2011-11-30 | CVE-2011-4002 | Mawashimono | OS Command Injection vulnerability in Mawashimono Nikki HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | 7.5 |
| 2011-11-30 | CVE-2011-3173 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Open Enterprise Server 2 Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field. | 7.5 |
| 2011-11-30 | CVE-2009-5028 | Namazu | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Namazu Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field. | 7.5 |
| 2011-11-29 | CVE-2011-4405 | Canonical | Improper Input Validation vulnerability in Canonical Ubuntu Linux 11.04/11.10 The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories. | 7.5 |
| 2011-11-29 | CVE-2011-4571 | Eaimproved Joomla | SQL Injection vulnerability in Eaimproved COM Estateagent SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. | 7.5 |
| 2011-11-29 | CVE-2011-4570 | Takeaweb Joomla | SQL Injection vulnerability in Takeaweb COM Timereturns 2.0 SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. | 7.5 |
| 2011-11-29 | CVE-2011-4569 | TOM K Mybb | SQL Injection vulnerability in TOM K Forum Userbar Plugin 2.2 SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter. | 7.5 |
| 2011-11-28 | CVE-2011-4559 | Vtiger | SQL Injection vulnerability in Vtiger CRM SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. | 7.5 |
26 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-29 | CVE-2011-3150 | Canonical | Improper Input Validation vulnerability in Canonical Ubuntu Linux 10.10/11.04/11.10 Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack. | 6.8 |
| 2011-11-28 | CVE-2011-1372 | IBM | Improper Authentication vulnerability in IBM products The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | 6.8 |
| 2011-11-29 | CVE-2011-4566 | PHP Debian Canonical | Numeric Errors vulnerability in multiple products Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. | 6.4 |
| 2011-11-30 | CVE-2011-4646 | Lesterchan Wordpress | Code Injection vulnerability in Lesterchan Wp-Postratings 1.50/1.61 SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. | 6.0 |
| 2011-12-02 | CVE-2011-4545 | Prestashop | Code Injection vulnerability in Prestashop 1.4.4.1 CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. | 5.0 |
| 2011-12-02 | CVE-2011-4036 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric products Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2011-11-29 | CVE-2011-4313 | ISC | Remote Denial of Service vulnerability in ISC BIND 9 Recursive Queries query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. | 5.0 |
| 2011-11-29 | CVE-2011-3367 | Arora Browser | Improper Input Validation vulnerability in Arora-Browser Arora 0.11.0 Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | 5.0 |
| 2011-12-02 | CVE-2011-4670 | Vtiger | Cross-Site Scripting vulnerability in Vtiger CRM Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php. | 4.3 |
| 2011-12-02 | CVE-2011-4035 | Schneider Electric | Cross-Site Scripting vulnerability in Schneider-Electric products Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-12-02 | CVE-2011-4033 | Schneider Electric | Buffer Errors vulnerability in Schneider-Electric products Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. | 4.3 |
| 2011-12-01 | CVE-2011-4544 | Prestashop | Cross-Site Scripting vulnerability in Prestashop Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php. | 4.3 |
| 2011-12-01 | CVE-2011-4540 | Atmail | Cross-Site Scripting vulnerability in Atmail Open 1.04 Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php. | 4.3 |
| 2011-12-01 | CVE-2011-2461 | Adobe | Cross-Site Scripting vulnerability in Adobe Flex SDK Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. | 4.3 |
| 2011-11-30 | CVE-2011-4647 | Geeklog | Cross-Site Scripting vulnerability in Geeklog 1.8.0 Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags. | 4.3 |
| 2011-11-29 | CVE-2011-3366 | Adjam | Improper Input Validation vulnerability in Adjam Rekonq Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | 4.3 |
| 2011-11-29 | CVE-2011-4572 | Codefuture | Cross-Site Scripting vulnerability in Codefuture CF Image Hosting Script 1.3.82/1.4.1 Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2011-11-29 | CVE-2011-4568 | Foliovision Wordpress | Cross-Site Scripting vulnerability in Foliovision FV Wordpress Flowplayer Plugin Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2011-11-29 | CVE-2011-4567 | ZEN Cart | Cross-Site Scripting vulnerability in Zen-Cart ZEN Cart Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547. | 4.3 |
| 2011-11-29 | CVE-2011-4547 | ZEN Cart | Cross-Site Scripting vulnerability in Zen-Cart ZEN Cart 1.3.9H Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567. | 4.3 |
| 2011-11-29 | CVE-2011-4541 | Hastymail | Cross-Site Scripting vulnerability in Hastymail Hastymail2 Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action. | 4.3 |
| 2011-11-28 | CVE-2011-4565 | Xoops | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). | 4.3 |
| 2011-11-28 | CVE-2011-4564 | Activedev | Cross-Site Scripting vulnerability in Activedev Active CMS 1.2 Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action. | 4.3 |
| 2011-11-28 | CVE-2011-4561 | Phorum | Cross-Site Scripting vulnerability in Phorum 5.2.18 Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. | 4.3 |
| 2011-11-28 | CVE-2011-4335 | Contao | Cross-Site Scripting vulnerability in Contao CMS Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action. | 4.3 |
| 2011-11-28 | CVE-2011-4319 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring. | 4.3 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-28 | CVE-2011-4560 | Drupal | Cross-Site Scripting vulnerability in Drupal Petition Node Module Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition. | 3.5 |
| 2011-12-01 | CVE-2011-4344 | Jenkins | Cross-Site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | 2.6 |
| 2011-11-30 | CVE-2011-4345 | Namazu Microsoft | Cross-Site Scripting vulnerability in Namazu Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. | 2.6 |