Weekly Vulnerabilities Reports > December 19 to 25, 2011
Overview
47 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 46 products from 36 vendors including Mozilla, TOR, Wuzly, IBM, and 3Ssoftware. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Resource Management Errors", "Code Injection", and "Permissions, Privileges, and Access Controls".
- 47 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 44 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 7 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-12-25 | CVE-2011-5012 | Attachmate | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Attachmate products Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. | 10.0 |
2011-12-25 | CVE-2011-5010 | Ctekproducts | Permissions, Privileges, and Access Controls vulnerability in Ctekproducts Skyrouter 4200/4300 apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action. | 10.0 |
2011-12-25 | CVE-2011-5007 | 3Ssoftware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 3Ssoftware Codesys Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. | 10.0 |
2011-12-25 | CVE-2011-5003 | Avid | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avid Media Composer Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659. | 10.0 |
2011-12-25 | CVE-2011-5002 | Finaldraft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Finaldraft Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Character elements. | 10.0 |
2011-12-25 | CVE-2011-5001 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Control Manager Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. | 10.0 |
2011-12-25 | CVE-2011-4862 | GNU Heimdal Project MIT Freebsd Fedoraproject Debian Opensuse Suse | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. | 10.0 |
2011-12-21 | CVE-2011-3660 | Mozilla | Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. | 10.0 |
2011-12-25 | CVE-2011-5006 | Qqplayer | Buffer Errors vulnerability in Qqplayer 3.2.845 Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file. | 9.3 |
2011-12-25 | CVE-2010-5081 | Mini Stream | Buffer Errors vulnerability in Mini-Stream Rm-Mp3 Converter 3.1.2.1 Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file. | 9.3 |
2011-12-25 | CVE-2009-5109 | Mini Stream | Buffer Errors vulnerability in Mini-Stream Ripper 3.0.1.1 Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file. | 9.3 |
2011-12-23 | CVE-2011-1392 | Bbsoftware IBM | Code Injection vulnerability in .Bbsoftware BB Flashback The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2011-12-23 | CVE-2011-1391 | Bbsoftware IBM | Code Injection vulnerability in .Bbsoftware BB Flashback The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2011-12-23 | CVE-2011-1388 | Bbsoftware IBM | Code Injection vulnerability in .Bbsoftware BB Flashback The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2011-12-22 | CVE-2011-4037 | Sielcosistemi | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file. | 9.3 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-12-20 | CVE-2011-4869 | Unbound | Resource Management Errors vulnerability in Unbound validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528. | 7.8 |
2011-12-23 | CVE-2011-2778 | TOR | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in TOR Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration. | 7.6 |
2011-12-25 | CVE-2011-5008 | 3Ssoftware | Numeric Errors vulnerability in 3Ssoftware Codesys 3.4 Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. | 7.5 |
2011-12-25 | CVE-2011-5005 | Claudio Klingler Mads Brunn | Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory. | 7.5 |
2011-12-24 | CVE-2011-3839 | Wuzly | Permissions, Privileges, and Access Controls vulnerability in Wuzly 2.0 The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie. | 7.5 |
2011-12-24 | CVE-2011-3838 | Wuzly | SQL Injection vulnerability in Wuzly 2.0 Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php. | 7.5 |
2011-12-24 | CVE-2011-3372 | Cyrus | Improper Authentication vulnerability in Cyrus Imapd imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | 7.5 |
2011-12-22 | CVE-2011-4453 | Pmwiki | Code Injection vulnerability in Pmwiki The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function. | 7.5 |
2011-12-21 | CVE-2011-3665 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. | 7.5 |
2011-12-21 | CVE-2011-3661 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | 7.5 |
2011-12-21 | CVE-2011-3658 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | 7.5 |
21 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-12-24 | CVE-2011-3837 | Wuzly | Path Traversal vulnerability in Wuzly 2.0 Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. | 6.8 |
2011-12-24 | CVE-2011-3836 | Wuzly | Cross-Site Request Forgery (CSRF) vulnerability in Wuzly 2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors. | 6.8 |
2011-12-21 | CVE-2011-3666 | Mozilla Apple | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. | 6.8 |
2011-12-21 | CVE-2011-3664 | Mozilla Apple | NULL Pointer Dereference Denial Of Service vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. | 6.8 |
2011-12-25 | CVE-2011-5004 | Fabrikar Joomla | Unspecified vulnerability in Fabrikar COM Fabrikar Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 6.0 |
2011-12-23 | CVE-2011-4596 | Openstack | Path Traversal vulnerability in Openstack Nova 2011.3 Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. | 6.0 |
2011-12-23 | CVE-2011-2768 | TOR | Permissions, Privileges, and Access Controls vulnerability in TOR Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. | 5.8 |
2011-12-20 | CVE-2011-4717 | Zftpserver | Path Traversal vulnerability in Zftpserver Suite 6.0.0.52 Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command. | 5.5 |
2011-12-25 | CVE-2011-5009 | 3Ssoftware | Unspecified vulnerability in 3Ssoftware Codesys 3.4 The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. | 5.0 |
2011-12-25 | CVE-2011-4601 | Pidgin | Improper Input Validation vulnerability in Pidgin family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition. | 5.0 |
2011-12-24 | CVE-2011-4362 | Lighttpd Debian | Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. | 5.0 |
2011-12-22 | CVE-2011-4203 | Moodle | Code Injection vulnerability in Moodle CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | 5.0 |
2011-12-20 | CVE-2011-4528 | Unbound | Resource Management Errors vulnerability in Unbound Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response. | 5.0 |
2011-12-24 | CVE-2011-3835 | Wuzly | Cross-Site Scripting vulnerability in Wuzly 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name parameter to theme_settings.php, (5) extension_name parameter to extension_settings.php, (6) q parameter to search.php, (7) type parameter to comments.php, sort parameter to (8) pages.php and (9) posts.php, and the (10) type and (11) q parameter to media.php in admin/; the sidebar parameter to (12) add_widget.php and (13) widgets.php, id parameter to (14) category_delete.php, (15) comment.php, (16) page_delete.php, and (17) post_delete.php, (18) type parameter to media.php, and (19) id and (20) sidebar parameter to widget_delete.php in mobile/; and the (21) name, (22) email, (23) website, and (24) comment parameters to index.php; and the (25) username parameter to admin/login.php. | 4.3 |
2011-12-23 | CVE-2011-4897 | TOR | Information Exposure vulnerability in TOR Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | 4.3 |
2011-12-23 | CVE-2011-4896 | TOR | Information Exposure vulnerability in TOR Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port. | 4.3 |
2011-12-23 | CVE-2011-4895 | TOR | Information Exposure vulnerability in TOR Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | 4.3 |
2011-12-23 | CVE-2011-4894 | TOR | Information Exposure vulnerability in TOR Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | 4.3 |
2011-12-23 | CVE-2011-2769 | TOR | Information Exposure vulnerability in TOR Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | 4.3 |
2011-12-22 | CVE-2011-3990 | Pukiwiki | Cross-Site Scripting vulnerability in Pukiwiki Plus! Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-12-21 | CVE-2011-3663 | Mozilla | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. | 4.3 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|