Weekly Vulnerabilities Reports > January 9 to 15, 2012
Overview
32 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 38 products from 20 vendors including HP, IBM, Adobe, Microsoft, and Cogentdatahub. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Out-of-bounds Write", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".
- 28 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 30 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 6 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-15 | CVE-2011-1377 | IBM | Unspecified vulnerability in IBM Websphere Application Server The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors. | 10.0 |
2012-01-13 | CVE-2012-0697 | HP | Path Traversal vulnerability in HP Storageworks P2000 G3 MSA HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788. | 10.0 |
2012-01-13 | CVE-2011-4789 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Diagnostics Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. | 10.0 |
2012-01-12 | CVE-2012-0695 | Google Acer Samsung | Remote Security vulnerability in Chrome Os Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | 10.0 |
2012-01-10 | CVE-2011-5059 | Finaldraft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Finaldraft 8/8.01 Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrary code via a crafted SmartType element, a different vulnerability than CVE-2011-5002. | 10.0 |
2012-01-10 | CVE-2011-4371 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | 9.8 |
2012-01-10 | CVE-2011-4370 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. | 9.8 |
2012-01-15 | CVE-2012-0267 | Ntrglobal | Improper Input Validation vulnerability in Ntrglobal NTR Activex Control The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer. | 9.3 |
2012-01-15 | CVE-2012-0266 | Ntrglobal | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ntrglobal NTR Activex Control Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL. | 9.3 |
2012-01-12 | CVE-2011-4787 | HP | Code Injection vulnerability in HP Easy Printer Care Software A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786. | 9.3 |
2012-01-12 | CVE-2011-4786 | HP | Code Injection vulnerability in HP Easy Printer Care Software A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787. | 9.3 |
2012-01-10 | CVE-2012-0009 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows Server 2003 and Windows XP Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-002 'The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-13 | CVE-2011-4788 | HP | Path Traversal vulnerability in HP products Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI. | 7.8 |
2012-01-10 | CVE-2011-4785 | HP | Information Exposure vulnerability in HP Hp-Chaisoe 1.0 Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419. | 7.8 |
2012-01-14 | CVE-2011-5061 | Whmcs | Code Injection vulnerability in Whmcs Whmcompletesolution functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field. | 7.5 |
2012-01-13 | CVE-2011-3597 | Gisle AAS | Improper Input Validation vulnerability in Gisle AAS Digest Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. | 7.5 |
2012-01-10 | CVE-2011-4373 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. | 7.5 |
2012-01-10 | CVE-2011-4372 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. | 7.5 |
12 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-10 | CVE-2011-5058 | 3Ssoftware | Permissions, Privileges, and Access Controls vulnerability in 3Ssoftware Codesys 3.4 The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | 6.4 |
2012-01-15 | CVE-2011-4868 | ISC | Resource Management Errors vulnerability in ISC Dhcp The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update. | 6.1 |
2012-01-13 | CVE-2012-0310 | Cogentdatahub | Code Injection vulnerability in Cogentdatahub Cascade Datahub, Cogent Datahub and OPC Datahub CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.8 |
2012-01-13 | CVE-2011-4057 | Wibu | Resource Management Errors vulnerability in Wibu Codemeter Runtime 4.10B/4.20A/4.30C Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. | 5.0 |
2012-01-13 | CVE-2012-0030 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack Essex and Nova Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. | 4.9 |
2012-01-13 | CVE-2011-4925 | Cluster Resources Clusterresources | Permissions, Privileges, and Access Controls vulnerability in multiple products Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors. | 4.9 |
2012-01-13 | CVE-2011-2776 | Robert Luberda | Buffer Errors vulnerability in Robert Luberda Super 3.30.0 Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. | 4.4 |
2012-01-15 | CVE-2011-5065 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. | 4.3 |
2012-01-15 | CVE-2011-1362 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-01-13 | CVE-2012-0696 | IBM | Cross-Site Scripting vulnerability in IBM Cognos Executive Viewer and Cognos TM1 Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js. | 4.3 |
2012-01-13 | CVE-2012-0309 | Cogentdatahub | Cross-Site Scripting vulnerability in Cogentdatahub Cascade Datahub, Cogent Datahub and OPC Datahub Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-01-10 | CVE-2012-0007 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Anti-Cross Site Scripting Library 3.1/4.0 The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-13 | CVE-2011-5060 | Roderich Schupp | Permissions, Privileges, and Access Controls vulnerability in Roderich Schupp Par-Packer Module The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114. | 3.3 |
2012-01-15 | CVE-2011-5066 | IBM | Information Exposure vulnerability in IBM Websphere Application Server The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. | 2.1 |