Weekly Vulnerabilities Reports > December 12 to 18, 2011

Overview

143 new vulnerabilities reported during this period, including 41 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 51 vendors including Parallels, Microsoft, Redhat, Google, and Joomla. Vulnerabilities are notably categorized as "Information Exposure", "Cross-site Scripting", "SQL Injection", "Code Injection", and "Permissions, Privileges, and Access Controls".

  • 136 reported vulnerabilities are remotely exploitables.
  • 17 reported vulnerabilities have public exploit available.
  • 44 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 138 reported vulnerabilities are exploitable by an anonymous user.
  • Parallels has the most reported vulnerabilities, with 53 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 25 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

41 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-17 CVE-2011-4861 Schneider Electric Permissions, Privileges, and Access Controls vulnerability in Schneider-Electric products

The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502.

10.0
2011-12-17 CVE-2011-4860 Schneider Electric Improper Authentication vulnerability in Schneider-Electric products

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.

10.0
2011-12-17 CVE-2011-4859 Schneider Electric Multiple Security vulnerability in Schneider Electric Modicon Quantum

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

10.0
2011-12-16 CVE-2011-4857 Nullsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp

Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file.

10.0
2011-12-16 CVE-2011-4369 Adobe
Apple
Microsoft
Unix
Unspecified vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

10.0
2011-12-16 CVE-2011-4768 Parallels Unspecified vulnerability in Parallels Plesk Small Business Panel 10.2.0

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files.

10.0
2011-12-16 CVE-2011-4762 Parallels Unspecified vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files.

10.0
2011-12-16 CVE-2011-4761 Parallels Unspecified vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files.

10.0
2011-12-16 CVE-2011-4757 Parallels Credentials Management vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files.

10.0
2011-12-16 CVE-2011-4755 Parallels Improper Input Validation vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files.

10.0
2011-12-16 CVE-2011-4752 Smartertools Unspecified vulnerability in Smartertools Smarterstats 6.2.4100

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files.

10.0
2011-12-16 CVE-2011-4749 Parallels
Redhat
Credentials Management vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.

10.0
2011-12-16 CVE-2011-4744 Parallels
Microsoft
Redhat
Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files.

10.0
2011-12-16 CVE-2011-4743 Parallels
Microsoft
Redhat
Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files.

10.0
2011-12-16 CVE-2011-4739 Parallels
Microsoft
Redhat
Credentials Management vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files.

10.0
2011-12-16 CVE-2011-4733 Parallels
Microsoft
Redhat
Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files.

10.0
2011-12-16 CVE-2011-4732 Parallels
Microsoft
Redhat
Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files.

10.0
2011-12-16 CVE-2011-4730 Parallels
Microsoft
Redhat
Credentials Management vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files.

10.0
2011-12-16 CVE-2011-4727 Parallels
Microsoft
Redhat
Improper Input Validation vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files.

10.0
2011-12-17 CVE-2011-4141 RSA Unspecified vulnerability in RSA Securid 4.1/4.1.0.545

Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file.

9.3
2011-12-16 CVE-2011-3834 Nullsoft Numeric Errors vulnerability in Nullsoft Winamp

Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.

9.3
2011-12-16 CVE-2011-4856 Parallels
Microsoft
Unspecified vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files.

9.3
2011-12-16 CVE-2011-4855 Parallels
Microsoft
Unspecified vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/customer-service-plan/list/reset-search/true/ and certain other files.

9.3
2011-12-16 CVE-2011-4854 Parallels
Microsoft
Unspecified vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the get_enabled_product_icon program.

9.3
2011-12-16 CVE-2011-4851 Parallels
Microsoft
Credentials Management vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files.

9.3
2011-12-14 CVE-2011-3413 Microsoft Code Injection vulnerability in Microsoft products

Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."

9.3
2011-12-14 CVE-2011-3412 Microsoft Code Injection vulnerability in Microsoft Publisher 2003/2007

Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."

9.3
2011-12-14 CVE-2011-3411 Microsoft Code Injection vulnerability in Microsoft Publisher 2003

Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."

9.3
2011-12-14 CVE-2011-3410 Microsoft Improper Input Validation vulnerability in Microsoft Publisher 2003/2007

Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."

9.3
2011-12-14 CVE-2011-3403 Microsoft Code Injection vulnerability in Microsoft Excel and Office

Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."

9.3
2011-12-14 CVE-2011-3401 Microsoft Code Injection vulnerability in Microsoft Windows 7, Windows Vista and Windows XP

ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."

9.3
2011-12-14 CVE-2011-3400 Microsoft Code Injection vulnerability in Microsoft Windows Server 2003 and Windows XP

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."

9.3
2011-12-14 CVE-2011-3397 Microsoft Code Injection vulnerability in Microsoft Windows Server 2003 and Windows XP

The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."

9.3
2011-12-14 CVE-2011-3396 Microsoft DLL Loading Arbitrary Code Execution vulnerability in Microsoft Powerpoint 2007/2010

Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms11-094 'PowerPoint Insecure Library Loading Vulnerability - CVE-2011-3396 A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles the loading of DLL files.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

9.3
2011-12-14 CVE-2011-2019 Microsoft DLL Loading Arbitrary Code Execution vulnerability in Microsoft IE 9

Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms11-099 'FAQ for Internet Explorer Insecure Library Loading Vulnerability - CVE-2011-2019 What is the scope of the vulnerability? This is a remote code execution vulnerability.

9.3
2011-12-14 CVE-2011-1983 Microsoft Resource Management Errors vulnerability in Microsoft Office 2007/2010/2011

Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."

9.3
2011-12-14 CVE-2011-1508 Microsoft Code Injection vulnerability in Microsoft Publisher 2003/2007

Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."

9.3
2011-12-13 CVE-2011-4266 Ffftp Insecure Executable File Loading Arbitrary Code Execution vulnerability in FFFTP

Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.

9.3
2011-12-13 CVE-2011-4201 Restorepoint Code Injection vulnerability in Restorepoint 3.2

remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action.

9.3
2011-12-14 CVE-2011-4800 Solarwinds Path Traversal vulnerability in Solarwinds Serv-U File Server

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

9.0
2011-12-14 CVE-2011-3406 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."

9.0

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-16 CVE-2011-4847 Parallels
Microsoft
SQL Injection vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.

7.5
2011-12-16 CVE-2011-4763 Parallels SQL Injection vulnerability in Parallels Plesk Small Business Panel 10.2.0

Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.

7.5
2011-12-16 CVE-2011-4753 Parallels SQL Injection vulnerability in Parallels Plesk Small Business Panel 10.2.0

Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.

7.5
2011-12-16 CVE-2011-4734 Parallels
Microsoft
Redhat
SQL Injection vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files.

7.5
2011-12-16 CVE-2011-4725 Parallels
Microsoft
Redhat
SQL Injection vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.

7.5
2011-12-15 CVE-2011-4835 Homeseer Path Traversal vulnerability in Homeseer HS2 2.5.0.20

Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.

7.5
2011-12-15 CVE-2011-4833 Sugarcrm SQL Injection vulnerability in Sugarcrm

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

7.5
2011-12-15 CVE-2011-4832 Caupo Path Traversal vulnerability in Caupo Cauposhop Classic and Cauposhop PRO

Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a ..

7.5
2011-12-15 CVE-2011-4829 Barter Sites
Joomla
SQL Injection vulnerability in Barter-Sites COM Listing 1.3

SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.

7.5
2011-12-15 CVE-2011-4828 Autosectools Code Injection vulnerability in Autosectools V-Cms 1.0

Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.

7.5
2011-12-15 CVE-2011-4825 Phpletter
Phpmyfaq
Tinymce
Code Injection vulnerability in multiple products

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

7.5
2011-12-15 CVE-2011-4824 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.

7.5
2011-12-15 CVE-2011-4823 Extensionsforjoomla
Joomla
SQL Injection vulnerability in Extensionsforjoomla COM Vikrealestate 1.0

Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.

7.5
2011-12-14 CVE-2011-4811 BST SQL Injection vulnerability in BST Bestshoppro

SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.

7.5
2011-12-14 CVE-2011-4808 Joomlaextensions
Joomla
SQL Injection vulnerability in Joomlaextensions COM Hmcommunity

SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.

7.5
2011-12-14 CVE-2011-4803 Bravenewcode
Wordpress
SQL Injection vulnerability in Bravenewcode Wptouch

SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-12-14 CVE-2011-4801 Authenex SQL Injection vulnerability in Authenex Strong Authentication System Server 3.1.0.2/3.1.0.3

SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2011-12-13 CVE-2011-3917 Google Out-Of-Bounds Write vulnerability in Google Chrome

Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2011-12-13 CVE-2011-3915 Google Classic Buffer Overflow vulnerability in Google Chrome

Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.

7.5
2011-12-13 CVE-2011-3914 Google Out-Of-Bounds Write vulnerability in Google Chrome

The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

7.5
2011-12-13 CVE-2011-3913 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.

7.5
2011-12-13 CVE-2011-3912 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

7.5
2011-12-13 CVE-2011-3904 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.

7.5
2011-12-14 CVE-2011-3408 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."

7.2
2011-12-14 CVE-2011-2018 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."

7.2
2011-12-14 CVE-2011-2010 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

7.2
2011-12-13 CVE-2011-4202 Restorepoint Permissions, Privileges, and Access Controls vulnerability in Restorepoint 3.2

The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.

7.2

72 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-15 CVE-2011-4837 Homeseer Cross-Site Request Forgery (CSRF) vulnerability in Homeseer HS2 2.5.0.20

Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs.

6.8
2011-12-15 CVE-2011-4826 Autosectools SQL Injection vulnerability in Autosectools V-Cms 1.0

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php.

6.8
2011-12-15 CVE-2011-4517 Jasper Project Buffer Errors vulnerability in Jasper Project Jasper 1.900.1

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

6.8
2011-12-15 CVE-2011-4516 Jasper Project Buffer Errors vulnerability in Jasper Project Jasper 1.900.1

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.

6.8
2011-12-14 CVE-2011-2742 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Adaptive Authentication On-Premise 6.0.2.1

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device.

6.8
2011-12-14 CVE-2011-2741 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Adaptive Authentication On-Premise 6.0.2.1

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements."

6.8
2011-12-14 CVE-2011-4802 Dolibarr SQL Injection vulnerability in Dolibarr

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.

6.5
2011-12-17 CVE-2011-4603 Pidgin Improper Input Validation vulnerability in Pidgin

The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.

5.0
2011-12-17 CVE-2011-4602 Pidgin Improper Input Validation vulnerability in Pidgin

The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.

5.0
2011-12-16 CVE-2011-4767 Parallels Information Exposure vulnerability in Parallels Plesk Small Business Panel 10.2.0

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files.

5.0
2011-12-16 CVE-2011-4766 Parallels Information Exposure vulnerability in Parallels Plesk Small Business Panel 10.2.0

** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js.

5.0
2011-12-16 CVE-2011-4760 Parallels Information Exposure vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files.

5.0
2011-12-16 CVE-2011-4759 Parallels Information Exposure vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

5.0
2011-12-16 CVE-2011-4758 Parallels Cryptographic Issues vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files.

5.0
2011-12-16 CVE-2011-4756 Parallels Information Exposure vulnerability in Parallels Plesk Small Business Panel 10.2.0

Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files.

5.0
2011-12-16 CVE-2011-4751 Smartertools Information Exposure vulnerability in Smartertools Smarterstats 6.2.4100

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

5.0
2011-12-16 CVE-2011-4748 Parallels
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files.

5.0
2011-12-16 CVE-2011-4747 Parallels
Redhat
Cryptographic Issues vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list.

5.0
2011-12-16 CVE-2011-4746 Parallels
Redhat
Cryptographic Issues vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses.

5.0
2011-12-16 CVE-2011-4742 Parallels
Microsoft
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files.

5.0
2011-12-16 CVE-2011-4741 Parallels
Microsoft
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/.

5.0
2011-12-16 CVE-2011-4738 Parallels
Microsoft
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files.

5.0
2011-12-16 CVE-2011-4737 Parallels
Microsoft
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/.

5.0
2011-12-16 CVE-2011-4736 Parallels
Microsoft
Redhat
Cryptographic Issues vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files.

5.0
2011-12-16 CVE-2011-4731 Parallels
Microsoft
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files.

5.0
2011-12-16 CVE-2011-4729 Parallels
Microsoft
Redhat
Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files.

5.0
2011-12-16 CVE-2011-4728 Parallels
Microsoft
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.

5.0
2011-12-15 CVE-2011-4597 Digium Information Exposure vulnerability in Digium Asterisk

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

5.0
2011-12-14 CVE-2011-4813 Whmcs Path Traversal vulnerability in Whmcs Whmcompletesolution 3.0.0

Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter.

5.0
2011-12-14 CVE-2011-4810 Whmcs Path Traversal vulnerability in Whmcs Whmcompletesolution

Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.

5.0
2011-12-14 CVE-2011-4807 Phpalbum Path Traversal vulnerability in PHPalbum

Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2011-12-14 CVE-2011-4804 Foobla
Joomla
Path Traversal vulnerability in Foobla COM Obsuggest

Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2011-12-13 CVE-2011-3916 Google Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-12-13 CVE-2011-3911 Google Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-12-13 CVE-2011-3910 Google Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-12-13 CVE-2011-3909 Google
Apple
Buffer Errors vulnerability in Google Chrome

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

5.0
2011-12-13 CVE-2011-3908 Google
Apple
Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-12-13 CVE-2011-3906 Google Out-Of-Bounds Read vulnerability in Google Chrome

The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-12-13 CVE-2011-3905 Google
Debian
Redhat
Out-Of-Bounds Read vulnerability in Google Chrome

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-12-13 CVE-2011-3903 Google Incorrect Comparison vulnerability in Google Chrome

Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-12-15 CVE-2011-4834 HP
IBM
SUN
Permissions, Privileges, and Access Controls vulnerability in HP Application Lifestyle Management 11

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

4.6
2011-12-17 CVE-2011-3339 7T
Safenet INC
Mozilla
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.

4.3
2011-12-16 CVE-2011-4853 Parallels
Microsoft
Information Exposure vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files.

4.3
2011-12-16 CVE-2011-4852 Parallels
Microsoft
Information Exposure vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

4.3
2011-12-16 CVE-2011-4850 Parallels
Microsoft
Information Exposure vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files.

4.3
2011-12-16 CVE-2011-4849 Parallels
Microsoft
Information Exposure vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files.

4.3
2011-12-16 CVE-2011-4848 Parallels
Microsoft
Information Exposure vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/.

4.3
2011-12-16 CVE-2011-4777 Parallels
Microsoft
Cross-Site Scripting vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html.

4.3
2011-12-16 CVE-2011-4776 Parallels
Microsoft
Cross-Site Scripting vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18

Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/update/settings/ and certain other files.

4.3
2011-12-16 CVE-2011-4765 Parallels Information Exposure vulnerability in Parallels Plesk Small Business Panel 10.2.0

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files.

4.3
2011-12-16 CVE-2011-4764 Parallels Cross-Site Scripting vulnerability in Parallels Plesk Small Business Panel 10.2.0

Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files.

4.3
2011-12-16 CVE-2011-4754 Parallels Cross-Site Scripting vulnerability in Parallels Plesk Small Business Panel 10.2.0

Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files.

4.3
2011-12-16 CVE-2011-4750 Smartertools Cross-Site Scripting vulnerability in Smartertools Smarterstats 6.2.4100

Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files.

4.3
2011-12-16 CVE-2011-4745 Parallels
Redhat
Cross-Site Scripting vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09

Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files.

4.3
2011-12-16 CVE-2011-4740 Parallels
Microsoft
Redhat
Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

4.3
2011-12-16 CVE-2011-4735 Parallels
Microsoft
Redhat
Cross-Site Scripting vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20

Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files.

4.3
2011-12-16 CVE-2011-4726 Parallels
Microsoft
Redhat
Cross-Site Scripting vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18

Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files.

4.3
2011-12-15 CVE-2011-4836 Homeseer Cross-Site Scripting vulnerability in Homeseer HS2 2.5.0.20

Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.

4.3
2011-12-15 CVE-2011-4827 Autosectools Cross-Site Scripting vulnerability in Autosectools V-Cms 1.0

Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php.

4.3
2011-12-15 CVE-2011-4822 Atlassian Cross-Site Scripting vulnerability in Atlassian Fisheye

Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page.

4.3
2011-12-15 CVE-2011-4598 Digium Information Exposure vulnerability in Digium Asterisk

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.

4.3
2011-12-14 CVE-2011-4368 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-12-14 CVE-2011-2463 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag.

4.3
2011-12-14 CVE-2011-4814 Dolibarr Cross-Site Scripting vulnerability in Dolibarr

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.

4.3
2011-12-14 CVE-2011-4812 BST Cross-Site Scripting vulnerability in BST Bestshoppro

Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter.

4.3
2011-12-14 CVE-2011-4809 Joomlaextensions
Joomla
Cross-Site Scripting vulnerability in Joomlaextensions COM Hmcommunity

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php.

4.3
2011-12-14 CVE-2011-4806 Phpalbum Cross-Site Scripting vulnerability in PHPalbum

Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.

4.3
2011-12-14 CVE-2011-4805 SAP Cross-Site Scripting vulnerability in SAP Crystal Reports Server 2008

Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.

4.3
2011-12-14 CVE-2011-3404 Microsoft Information Exposure vulnerability in Microsoft IE

Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."

4.3
2011-12-14 CVE-2011-1992 Microsoft Information Exposure vulnerability in Microsoft IE 8

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."

4.3
2011-12-13 CVE-2011-3907 Google Improper Input Validation vulnerability in Google Chrome

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

4.3
2011-12-15 CVE-2011-4831 David Azoulay Path Traversal vulnerability in David Azoulay web File Browser 0.4B14

Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-15 CVE-2011-4606 Artsoft Permissions, Privileges, and Access Controls vulnerability in Artsoft Rocks'N'Diamonds 3.3.0.1

Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.

3.6
2011-12-15 CVE-2011-4339 Corey Minyard
RED HAT
Permissions, Privileges, and Access Controls vulnerability in Corey Minyard Openipmi 1.8.11

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.

3.6
2011-12-15 CVE-2011-4830 Barter Sites
Joomla
Cross-Site Scripting vulnerability in Barter-Sites COM Listing 1.3

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

3.5