Weekly Vulnerabilities Reports > December 26, 2011 to January 1, 2012
Overview
46 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 46 products from 38 vendors including HP, Oracle, Google, Zabbix, and Novell. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "SQL Injection".
- 41 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 44 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 7 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-12-29 | CVE-2011-4165 | HP | Unspecified vulnerability in HP Database Archiving Software 6.31 Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263. | 10.0 |
| 2011-12-29 | CVE-2011-4164 | HP | Unspecified vulnerability in HP Database Archiving Software 6.31 Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214. | 10.0 |
| 2011-12-29 | CVE-2011-4163 | HP | Unspecified vulnerability in HP Database Archiving Software 6.31 Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213. | 10.0 |
| 2011-12-27 | CVE-2011-4536 | Wellintech | Buffer Errors vulnerability in Wellintech Kingview 6.53/65.30.2010.18018 Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet. | 10.0 |
| 2011-12-31 | CVE-2011-4620 | Steve J Baker | Buffer Errors vulnerability in Steve J Baker Plib 1.8.5 Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. | 9.3 |
| 2011-12-30 | CVE-2011-5046 | Microsoft | Improper Input Validation vulnerability in Microsoft products The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." | 9.3 |
| 2011-12-27 | CVE-2011-4783 | Google HEX Rays | Improper Input Validation vulnerability in Google Idapython The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory. | 9.3 |
13 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-12-30 | CVE-2011-4815 | Ruby Lang | Improper Input Validation vulnerability in Ruby-Lang Ruby Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 7.8 |
| 2011-12-27 | CVE-2011-1393 | IBM | Unspecified vulnerability in IBM Lotus Domino Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet. | 7.8 |
| 2011-12-31 | CVE-2011-1710 | Novell | Numeric Errors vulnerability in Novell Xtier Framework 3.1.8 Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables. | 7.5 |
| 2011-12-30 | CVE-2011-5039 | Infoproject | SQL Injection vulnerability in Infoproject Biznis Heroj Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php. | 7.5 |
| 2011-12-30 | CVE-2011-5038 | Hitcode | SQL Injection vulnerability in Hitcode Hitappoint SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. | 7.5 |
| 2011-12-29 | CVE-2011-5031 | Shilpisoft | SQL Injection vulnerability in Shilpisoft Capexweb 1.1 Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. | 7.5 |
| 2011-12-27 | CVE-2011-4537 | 7T | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 7T Igss Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399. | 7.5 |
| 2011-12-27 | CVE-2011-4169 | HP | Unspecified vulnerability in HP Managed Printing Administration Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | 7.5 |
| 2011-12-27 | CVE-2011-4168 | HP | Path Traversal vulnerability in HP Managed Printing Administration Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | 7.5 |
| 2011-12-27 | CVE-2011-4167 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Managed Printing Administration Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp. | 7.5 |
| 2011-12-27 | CVE-2011-4166 | HP | Path Traversal vulnerability in HP Managed Printing Administration Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | 7.5 |
| 2011-12-30 | CVE-2011-5044 | Sopcast | Permissions, Privileges, and Access Controls vulnerability in Sopcast 3.4.7.45585 SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program. | 7.2 |
| 2011-12-27 | CVE-2011-4784 | Nvidia | Improper Input Validation vulnerability in Nvidia Stereoscopic 3D Driver The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application. | 7.2 |
24 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-12-30 | CVE-2011-5037 | Improper Input Validation vulnerability in Google V8 Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. | 5.0 | |
| 2011-12-30 | CVE-2011-5036 | Rack Project | Cryptographic Issues vulnerability in Rack Project Rack Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |
| 2011-12-30 | CVE-2011-5035 | Oracle | Improper Input Validation vulnerability in Oracle Glassfish Server Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | 5.0 |
| 2011-12-30 | CVE-2011-4885 | PHP | Improper Input Validation vulnerability in PHP PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |
| 2011-12-30 | CVE-2011-4838 | Jruby | Resource Exhaustion vulnerability in Jruby JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 5.0 |
| 2011-12-30 | CVE-2011-4462 | Plone | Improper Input Validation vulnerability in Plone Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |
| 2011-12-30 | CVE-2011-4461 | Oracle Mortbay | Cryptographic Issues vulnerability in multiple products Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |
| 2011-12-27 | CVE-2009-5111 | Goahead | Resource Management Errors vulnerability in Goahead Webserver GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | 5.0 |
| 2011-12-27 | CVE-2009-5110 | Dhttpd | Resource Management Errors vulnerability in Dhttpd dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | 5.0 |
| 2011-12-27 | CVE-2007-6750 | Apache | Resource Management Errors vulnerability in Apache Http Server The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. | 5.0 |
| 2011-12-27 | CVE-2011-4050 | 7T | Buffer Errors vulnerability in 7T Igss 9.0.0.11200 Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401. | 5.0 |
| 2011-12-29 | CVE-2011-5032 | Winmount | Unspecified vulnerability in Winmount 3.5.1018 WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device. | 4.9 |
| 2011-12-29 | CVE-2011-5033 | Configserver Directadmin | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Configserver Security Firewall Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file. | 4.4 |
| 2011-12-30 | CVE-2011-5045 | Jjwdesign | Cross-Site Scripting vulnerability in Jjwdesign PHP Booking Calendar 10E Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter. | 4.3 |
| 2011-12-30 | CVE-2011-5043 | Tomatosoft | Improper Input Validation vulnerability in Tomatosoft Free MP3 Player 1.0 TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow. | 4.3 |
| 2011-12-30 | CVE-2011-5042 | Gphemsley | Cross-Site Scripting vulnerability in Gphemsley Sasha 0.2.0 Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter. | 4.3 |
| 2011-12-30 | CVE-2011-5041 | Pulsecms | Cross-Site Scripting vulnerability in Pulsecms Pulse CMS 1.7.2 Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php. | 4.3 |
| 2011-12-30 | CVE-2011-5040 | Infoproject | Cross-Site Scripting vulnerability in Infoproject Biznis Heroj Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php. | 4.3 |
| 2011-12-29 | CVE-2011-5029 | Alexander Palmo | Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php. | 4.3 |
| 2011-12-29 | CVE-2011-5027 | Zabbix | Cross-Site Scripting vulnerability in Zabbix Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. | 4.3 |
| 2011-12-29 | CVE-2011-4615 | Zabbix | Cross-Site Scripting vulnerability in Zabbix Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. | 4.3 |
| 2011-12-29 | CVE-2011-5026 | Winn | Cross-Site Scripting vulnerability in Winn Guestbook Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. | 4.3 |
| 2011-12-27 | CVE-2011-3841 | Wpsymposiumpro | Cross-Site Scripting vulnerability in Wpsymposiumpro WP Symposium Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter. | 4.3 |
| 2011-12-29 | CVE-2011-5028 | Novell | Path Traversal vulnerability in Novell Sentinel LOG Manager Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. | 4.0 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-12-29 | CVE-2011-5030 | Valthbald Drupal | Cross-Site Scripting vulnerability in Valthbald Meta Tags Quick 7.X2.1/7.X2.2 Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." | 3.5 |
| 2011-12-31 | CVE-2011-4617 | Python | Link Following vulnerability in Python Virtualenv virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | 1.2 |