Weekly Vulnerabilities Reports > December 26, 2011 to January 1, 2012

Overview

56 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 51 products from 42 vendors including HP, Microsoft, Apache, Google, and Oracle. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "SQL Injection".

  • 51 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 53 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-29 CVE-2011-4165 HP Unspecified vulnerability in HP Database Archiving Software 6.31

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.

10.0
2011-12-29 CVE-2011-4164 HP Unspecified vulnerability in HP Database Archiving Software 6.31

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.

10.0
2011-12-29 CVE-2011-4163 HP Unspecified vulnerability in HP Database Archiving Software 6.31

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.

10.0
2011-12-27 CVE-2011-4536 Wellintech Buffer Errors vulnerability in Wellintech Kingview 6.53/65.30.2010.18018

Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.

10.0
2011-12-31 CVE-2011-4620 Steve J Baker Buffer Errors vulnerability in Steve J Baker Plib 1.8.5

Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS.

9.3
2011-12-30 CVE-2011-5046 Microsoft Improper Input Validation vulnerability in Microsoft products

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

9.3
2011-12-30 CVE-2011-3417 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."

9.3
2011-12-27 CVE-2011-4783 Google
HEX Rays
Improper Input Validation vulnerability in Google Idapython

The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.

9.3

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-30 CVE-2011-3416 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

8.5
2011-12-30 CVE-2011-5034 Apache Improper Input Validation vulnerability in Apache Geronimo

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

7.8
2011-12-30 CVE-2011-4815 Ruby Lang Improper Input Validation vulnerability in Ruby-Lang Ruby

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

7.8
2011-12-30 CVE-2011-3414 Microsoft Resource Management Errors vulnerability in Microsoft products

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

7.8
2011-12-27 CVE-2011-1393 IBM Unspecified vulnerability in IBM Lotus Domino

Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet.

7.8
2011-12-31 CVE-2011-1710 Novell Numeric Errors vulnerability in Novell Xtier Framework 3.1.8

Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables.

7.5
2011-12-30 CVE-2011-5039 Infoproject SQL Injection vulnerability in Infoproject Biznis Heroj

Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.

7.5
2011-12-30 CVE-2011-5038 Hitcode SQL Injection vulnerability in Hitcode Hitappoint

SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php.

7.5
2011-12-29 CVE-2011-5031 Shilpisoft SQL Injection vulnerability in Shilpisoft Capexweb 1.1

Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters.

7.5
2011-12-29 CVE-2011-5022 Pligg SQL Injection vulnerability in Pligg CMS 1.1.2

SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.

7.5
2011-12-29 CVE-2011-5021 Phpids Code Injection vulnerability in PHPids 0.6.4

PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.

7.5
2011-12-27 CVE-2011-4537 7T Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 7T Igss

Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399.

7.5
2011-12-27 CVE-2011-4169 HP Unspecified vulnerability in HP Managed Printing Administration

Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

7.5
2011-12-27 CVE-2011-4168 HP Path Traversal vulnerability in HP Managed Printing Administration

Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

7.5
2011-12-27 CVE-2011-4167 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Managed Printing Administration

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.

7.5
2011-12-27 CVE-2011-4166 HP Path Traversal vulnerability in HP Managed Printing Administration

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

7.5
2011-12-30 CVE-2011-5044 Sopcast Permissions, Privileges, and Access Controls vulnerability in Sopcast 3.4.7.45585

SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.

7.2
2011-12-27 CVE-2011-4784 Nvidia Improper Input Validation vulnerability in Nvidia Stereoscopic 3D Driver

The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application.

7.2

28 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-30 CVE-2011-3415 Microsoft Improper Input Validation vulnerability in Microsoft products

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."

6.8
2011-12-30 CVE-2011-5037 Google Improper Input Validation vulnerability in Google V8

Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.

5.0
2011-12-30 CVE-2011-5036 Rack Project Cryptographic Issues vulnerability in Rack Project Rack

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5.0
2011-12-30 CVE-2011-5035 Oracle Improper Input Validation vulnerability in Oracle Glassfish Server

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.

5.0
2011-12-30 CVE-2011-4885 PHP Improper Input Validation vulnerability in PHP

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5.0
2011-12-30 CVE-2011-4838 Jruby Resource Exhaustion vulnerability in Jruby

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

5.0
2011-12-30 CVE-2011-4462 Plone Improper Input Validation vulnerability in Plone

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5.0
2011-12-30 CVE-2011-4461 Oracle
Mortbay
Cryptographic Issues vulnerability in multiple products

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5.0
2011-12-27 CVE-2009-5111 Goahead Resource Management Errors vulnerability in Goahead Webserver

GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

5.0
2011-12-27 CVE-2009-5110 Dhttpd Resource Management Errors vulnerability in Dhttpd

dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

5.0
2011-12-27 CVE-2007-6750 Apache Resource Management Errors vulnerability in Apache Http Server

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

5.0
2011-12-27 CVE-2011-4050 7T Buffer Errors vulnerability in 7T Igss 9.0.0.11200

Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.

5.0
2011-12-29 CVE-2011-5032 Winmount Unspecified vulnerability in Winmount 3.5.1018

WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device.

4.9
2011-12-29 CVE-2011-5033 Configserver
Directadmin
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Configserver Security Firewall

Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.

4.4
2011-12-30 CVE-2011-5045 Jjwdesign Cross-Site Scripting vulnerability in Jjwdesign PHP Booking Calendar 10E

Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.

4.3
2011-12-30 CVE-2011-5043 Tomatosoft Improper Input Validation vulnerability in Tomatosoft Free MP3 Player 1.0

TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow.

4.3
2011-12-30 CVE-2011-5042 Gphemsley Cross-Site Scripting vulnerability in Gphemsley Sasha 0.2.0

Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter.

4.3
2011-12-30 CVE-2011-5041 Pulsecms Cross-Site Scripting vulnerability in Pulsecms Pulse CMS 1.7.2

Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php.

4.3
2011-12-30 CVE-2011-5040 Infoproject Cross-Site Scripting vulnerability in Infoproject Biznis Heroj

Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.

4.3
2011-12-29 CVE-2011-5029 Alexander Palmo Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php.

4.3
2011-12-29 CVE-2011-5027 Zabbix Cross-Site Scripting vulnerability in Zabbix

Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.

4.3
2011-12-29 CVE-2011-4615 Zabbix Cross-Site Scripting vulnerability in Zabbix

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.

4.3
2011-12-29 CVE-2011-5025 Yaws Cross-Site Scripting vulnerability in Yaws 1.88

Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.

4.3
2011-12-29 CVE-2011-5024 GNU Cross-Site Scripting vulnerability in GNU Mailman

Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.

4.3
2011-12-29 CVE-2011-5023 Pligg Cross-Site Scripting vulnerability in Pligg CMS 1.1.4

Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.

4.3
2011-12-29 CVE-2011-5026 Winn Cross-Site Scripting vulnerability in Winn Guestbook

Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php.

4.3
2011-12-27 CVE-2011-3841 Wpsymposiumpro Cross-Site Scripting vulnerability in Wpsymposiumpro WP Symposium

Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.

4.3
2011-12-29 CVE-2011-5028 Novell Path Traversal vulnerability in Novell Sentinel LOG Manager

Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a ..

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-29 CVE-2011-5030 Valthbald
Drupal
Cross-Site Scripting vulnerability in Valthbald Meta Tags Quick 7.X2.1/7.X2.2

Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles."

3.5
2011-12-31 CVE-2011-4617 Python Link Following vulnerability in Python Virtualenv

virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

1.2