Weekly Vulnerabilities Reports > November 28 to December 4, 2011

Overview

54 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 44 vendors including Wordpress, Schneider Electric, IBM, Apache, and Prestashop. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 54 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 36 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 52 reported vulnerabilities are exploitable by an anonymous user.
  • Wordpress has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Schneider Electric has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-01 CVE-2011-4161 HP Permissions, Privileges, and Access Controls vulnerability in HP products

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

10.0
2011-12-02 CVE-2011-4034 Schneider Electric Buffer Errors vulnerability in Schneider-Electric products

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

9.3

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-02 CVE-2011-4674 Zabbix SQL Injection vulnerability in Zabbix 1.8.3/1.8.4

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.

7.5
2011-12-02 CVE-2011-4673 Automattic
Wordpress
SQL Injection vulnerability in Automattic Jetpack

SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-12-02 CVE-2011-4672 Valid SQL Injection vulnerability in Valid Tiny-Erp

Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.

7.5
2011-12-02 CVE-2011-4671 Adrotateplugin
Wordpress
SQL Injection vulnerability in Adrotateplugin Adrotate

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

7.5
2011-12-02 CVE-2011-4669 Wordpress SQL Injection vulnerability in Wordpress Wordpress-Users

SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.

7.5
2011-12-02 CVE-2011-4668 IBM Code Injection vulnerability in IBM Tivoli Netcool/Reporter

IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.

7.5
2011-12-01 CVE-2011-4001 Mawashimono Path Traversal vulnerability in Mawashimono Nikki

Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors.

7.5
2011-11-30 CVE-2011-4542 Hastymail SQL Injection vulnerability in Hastymail Hastymail2

Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.

7.5
2011-11-30 CVE-2011-4191 Novell Buffer Errors vulnerability in Novell Netware 6.5

Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.

7.5
2011-11-30 CVE-2011-4002 Mawashimono OS Command Injection vulnerability in Mawashimono Nikki

HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."

7.5
2011-11-30 CVE-2011-3173 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Open Enterprise Server 2

Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field.

7.5
2011-11-30 CVE-2009-5028 Namazu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Namazu

Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field.

7.5
2011-11-29 CVE-2011-4405 Canonical Improper Input Validation vulnerability in Canonical Ubuntu Linux 11.04/11.10

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

7.5
2011-11-29 CVE-2011-4571 Eaimproved
Joomla
SQL Injection vulnerability in Eaimproved COM Estateagent

SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.

7.5
2011-11-29 CVE-2011-4570 Takeaweb
Joomla
SQL Injection vulnerability in Takeaweb COM Timereturns 2.0

SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.

7.5
2011-11-29 CVE-2011-4569 TOM K
Mybb
SQL Injection vulnerability in TOM K Forum Userbar Plugin 2.2

SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.

7.5
2011-11-28 CVE-2011-4559 Vtiger SQL Injection vulnerability in Vtiger CRM

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

7.5

32 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-29 CVE-2011-3150 Canonical Improper Input Validation vulnerability in Canonical Ubuntu Linux 10.10/11.04/11.10

Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack.

6.8
2011-11-28 CVE-2011-1372 IBM Improper Authentication vulnerability in IBM products

The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.

6.8
2011-11-29 CVE-2011-4566 PHP Numeric Errors vulnerability in PHP 5.4.0

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

6.4
2011-11-30 CVE-2011-4646 Lesterchan
Wordpress
Code Injection vulnerability in Lesterchan Wp-Postratings 1.50/1.61

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post.

6.0
2011-12-02 CVE-2011-4545 Prestashop Code Injection vulnerability in Prestashop 1.4.4.1

CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.

5.0
2011-12-02 CVE-2011-4036 Schneider Electric Path Traversal vulnerability in Schneider-Electric products

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2011-11-29 CVE-2011-4313 ISC Remote Denial of Service vulnerability in ISC BIND 9 Recursive Queries

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.

5.0
2011-11-29 CVE-2011-3367 Arora Browser Improper Input Validation vulnerability in Arora-Browser Arora 0.11.0

Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

5.0
2011-12-02 CVE-2011-4670 Vtiger Cross-Site Scripting vulnerability in Vtiger CRM

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php.

4.3
2011-12-02 CVE-2011-4035 Schneider Electric Cross-Site Scripting vulnerability in Schneider-Electric products

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-12-02 CVE-2011-4033 Schneider Electric Buffer Errors vulnerability in Schneider-Electric products

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors.

4.3
2011-12-01 CVE-2011-4544 Prestashop Cross-Site Scripting vulnerability in Prestashop

Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.

4.3
2011-12-01 CVE-2011-4540 Atmail Cross-Site Scripting vulnerability in Atmail Open 1.04

Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php.

4.3
2011-12-01 CVE-2011-2461 Adobe Cross-Site Scripting vulnerability in Adobe Flex SDK

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

4.3
2011-11-30 CVE-2011-4647 Geeklog Cross-Site Scripting vulnerability in Geeklog 1.8.0

Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.

4.3
2011-11-30 CVE-2011-4317 Apache Improper Input Validation vulnerability in Apache Http Server

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions.

4.3
2011-11-30 CVE-2011-3639 Apache Improper Input Validation vulnerability in Apache products

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character.

4.3
2011-11-29 CVE-2011-3366 Adjam Improper Input Validation vulnerability in Adjam Rekonq

Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

4.3
2011-11-29 CVE-2011-3365 KDE Improper Input Validation vulnerability in KDE SC

The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

4.3
2011-11-29 CVE-2011-4572 Codefuture Cross-Site Scripting vulnerability in Codefuture CF Image Hosting Script 1.3.82/1.4.1

Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2011-11-29 CVE-2011-4568 Foliovision
Wordpress
Cross-Site Scripting vulnerability in Foliovision FV Wordpress Flowplayer Plugin

Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2011-11-29 CVE-2011-4567 ZEN Cart Cross-Site Scripting vulnerability in Zen-Cart ZEN Cart

Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.

4.3
2011-11-29 CVE-2011-4547 ZEN Cart Cross-Site Scripting vulnerability in Zen-Cart ZEN Cart 1.3.9H

Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567.

4.3
2011-11-29 CVE-2011-4541 Hastymail Cross-Site Scripting vulnerability in Hastymail Hastymail2

Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action.

4.3
2011-11-28 CVE-2011-4565 Xoops Cross-Site Scripting vulnerability in Xoops

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message).

4.3
2011-11-28 CVE-2011-4564 Activedev Cross-Site Scripting vulnerability in Activedev Active CMS 1.2

Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action.

4.3
2011-11-28 CVE-2011-4563 Jakcms Cross-Site Scripting vulnerability in Jakcms 2.0.4.1

Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce.

4.3
2011-11-28 CVE-2011-4562 John Godley
Wordpress
Cross-Site Scripting vulnerability in John Godley Redirection Plugin 2.2.9

Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.

4.3
2011-11-28 CVE-2011-4561 Phorum Cross-Site Scripting vulnerability in Phorum 5.2.18

Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php.

4.3
2011-11-28 CVE-2011-4335 Contao Cross-Site Scripting vulnerability in Contao CMS

Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.

4.3
2011-11-28 CVE-2011-4329 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 3.1.0

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php.

4.3
2011-11-28 CVE-2011-4319 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-28 CVE-2011-4560 Drupal Cross-Site Scripting vulnerability in Drupal Petition Node Module

Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.

3.5
2011-12-01 CVE-2011-4344 Jenkins Cross-Site Scripting vulnerability in Jenkins

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

2.6
2011-11-30 CVE-2011-4345 Namazu
Microsoft
Cross-Site Scripting vulnerability in Namazu

Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.

2.6