Weekly Vulnerabilities Reports > January 23 to 29, 2012

Overview

96 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 74 products from 57 vendors including Android, Sitracker, Google, Linux, and Tencent. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "SQL Injection".

  • 85 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • Android has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Renren has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-25 CVE-2011-3478 Symantec Improper Authentication vulnerability in Symantec Pcanywhere

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

10.0
2012-01-24 CVE-2012-0918 Hitachi Remote Code Execution vulnerability in Hitachi products

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.

10.0
2012-01-27 CVE-2011-3874 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.

9.3
2012-01-27 CVE-2012-0395 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Networker

Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.

9.3
2012-01-24 CVE-2012-0916 Renren Buffer Errors vulnerability in Renren Talk 2.9

Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file.

9.3
2012-01-24 CVE-2012-0915 Renren Numeric Errors vulnerability in Renren Talk 2.9

Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image.

9.3
2012-01-23 CVE-2012-0192 IBM Numeric Errors vulnerability in IBM Lotus Symphony

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-28 CVE-2012-0929 Schneider Electric Buffer Errors vulnerability in Schneider-Electric Modicon Quantum PLC

Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.

7.8
2012-01-29 CVE-2011-5072 Sitracker SQL Injection vulnerability in Sitracker Support Incident Tracker

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.

7.5
2012-01-29 CVE-2011-4337 Sitracker Code Injection vulnerability in Sitracker Support Incident Tracker

Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

7.5
2012-01-29 CVE-2012-0935 Aryadad SQL Injection vulnerability in Aryadad CMS

SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.

7.5
2012-01-29 CVE-2012-0934 Zingiri
Wordpress
Code Injection vulnerability in Zingiri Theme Tuner Plugin

PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.

7.5
2012-01-29 CVE-2011-5071 Sitracker SQL Injection vulnerability in Sitracker Support Incident Tracker

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php.

7.5
2012-01-29 CVE-2011-3831 Sitracker SQL Injection vulnerability in Sitracker Support Incident Tracker 3.65

SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.

7.5
2012-01-28 CVE-2012-0931 Schneider Electric Improper Authentication vulnerability in Schneider-Electric Modicon Quantum PLC

Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.

7.5
2012-01-27 CVE-2011-4608 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 5.1.2

mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints.

7.5
2012-01-27 CVE-2011-3626 Drusus
Kerry Thompson
Resource Management Errors vulnerability in multiple products

Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.

7.5
2012-01-24 CVE-2012-0913 Icloudcenter SQL Injection vulnerability in Icloudcenter Ictimeattendance 1.0

SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter.

7.5
2012-01-24 CVE-2012-0069 Batavi SQL Injection vulnerability in Batavi

SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.

7.5
2012-01-24 CVE-2012-0912 Stone Ware SQL Injection vulnerability in Stone-Ware Webnetwork 6.0.5.0

SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-01-24 CVE-2011-3928 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

7.5
2012-01-24 CVE-2011-3927 Google Improper Initialization vulnerability in Google Chrome

Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2012-01-24 CVE-2011-3926 Google
Apple
Out-Of-Bounds Write vulnerability in Google Chrome

Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2012-01-24 CVE-2011-3925 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page.

7.5
2012-01-24 CVE-2011-3924 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

7.5
2012-01-27 CVE-2012-0029 KVM Group Buffer Errors vulnerability in KVM Group Qemu-Kvm 0.12

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

7.4
2012-01-27 CVE-2011-4330 Linux Buffer Errors vulnerability in Linux Kernel 2.6

Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.

7.2

62 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-27 CVE-2012-0056 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.39

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

6.9
2012-01-27 CVE-2011-4077 Linux Buffer Errors vulnerability in Linux Kernel 2.6.0

Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

6.9
2012-01-29 CVE-2011-5074 Sitracker Cross-Site Request Forgery (CSRF) vulnerability in Sitracker Support Incident Tracker

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.

6.8
2012-01-29 CVE-2011-5068 Sitracker Cross-Site Request Forgery (CSRF) vulnerability in Sitracker Support Incident Tracker 3.65

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.

6.8
2012-01-25 CVE-2011-3479 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Pcanywhere

Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.

6.8
2012-01-24 CVE-2012-0286 Stone Ware Cross-Site Request Forgery (CSRF) vulnerability in Stone-Ware Webnetwork 6.0.5.0

Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts.

6.8
2012-01-29 CVE-2011-3832 Sitracker Code Injection vulnerability in Sitracker Support Incident Tracker 3.65

Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.

6.5
2012-01-27 CVE-2012-0806 Duckcorp Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Duckcorp BIP

Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.

6.5
2012-01-25 CVE-2011-4866 Kaixin001
Android
Information Exposure vulnerability in Kaixin001 1.3.1/1.3.3

The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application.

6.4
2012-01-25 CVE-2011-4699 Ubermedia
Android
Information Exposure vulnerability in Ubermedia Twidroyd Legacy 4.3.11

The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application.

6.4
2012-01-25 CVE-2011-4698 Androidapptools
Android
Information Exposure vulnerability in Androidapptools Easy Filter 1.1/1.2

The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application.

6.4
2012-01-25 CVE-2011-4697 Xiaomi
Android
Information Exposure vulnerability in Xiaomi Mitalk Messenger 1.0/2.1.280

The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application.

6.4
2012-01-29 CVE-2011-5069 Sitracker Input Validation vulnerability in Sitracker Support Incident Tracker 3.65

Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833.

6.0
2012-01-29 CVE-2011-3833 Sitracker Input Validation vulnerability in Sitracker Support Incident Tracker 3.65

Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.

6.0
2012-01-27 CVE-2011-4314 KAY Framework Project
Openid
Redhat
Improper Input Validation vulnerability in multiple products

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

5.8
2012-01-27 CVE-2011-4354 Openssl Cryptographic Issues vulnerability in Openssl

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.

5.8
2012-01-25 CVE-2011-4867 Tencent
Android
Permissions, Privileges, and Access Controls vulnerability in Tencent Qqpphoto 0.97

The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application.

5.8
2012-01-25 CVE-2011-4865 Tencent
Google
Permissions, Privileges, and Access Controls vulnerability in Tencent Microblogpad and Wblog

The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application.

5.8
2012-01-25 CVE-2011-4864 Tencent
Google
Permissions, Privileges, and Access Controls vulnerability in Tencent Mobileqq 2.2

The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application.

5.8
2012-01-25 CVE-2011-4863 Tencent
Google
Permissions, Privileges, and Access Controls vulnerability in Tencent Qqpimsecure 3.0.2

The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application.

5.8
2012-01-25 CVE-2011-4773 Anguanjia
Android
Permissions, Privileges, and Access Controls vulnerability in Anguanjia 2.10.343

The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.

5.8
2012-01-25 CVE-2011-4772 360
Android
Permissions, Privileges, and Access Controls vulnerability in 360 Kouxin 1.5.3

The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.

5.8
2012-01-25 CVE-2011-4771 Lucion
Android
Permissions, Privileges, and Access Controls vulnerability in Lucion Scan TO PDF Free 2.0.4

The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application.

5.8
2012-01-25 CVE-2011-4770 Qiwi
Android
Permissions, Privileges, and Access Controls vulnerability in Qiwi Wallet 1.13

The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application.

5.8
2012-01-25 CVE-2011-4769 360
Android
Permissions, Privileges, and Access Controls vulnerability in 360 Mobilesafe 2.1.0/2.2.0

The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.

5.8
2012-01-25 CVE-2011-4705 Ming
Android
Permissions, Privileges, and Access Controls vulnerability in Ming Blacklist Free 1.8.1/1.9.2.1

The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack."

5.8
2012-01-25 CVE-2011-4704 Voxofon
Android
Permissions, Privileges, and Access Controls vulnerability in Voxofon

The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application.

5.8
2012-01-25 CVE-2011-4703 Nathanielkh
Android
Permissions, Privileges, and Access Controls vulnerability in Nathanielkh Limit MY Call 2.11

The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application.

5.8
2012-01-25 CVE-2011-4702 Nimbuzz
Android
Permissions, Privileges, and Access Controls vulnerability in Nimbuzz 2..0.10/2.0.8

The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application.

5.8
2012-01-25 CVE-2011-4701 Hatena
Android
Permissions, Privileges, and Access Controls vulnerability in Hatena Callconfirm 2.0.0

The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application.

5.8
2012-01-25 CVE-2011-4700 Ubermedia
Android
Permissions, Privileges, and Access Controls vulnerability in Ubermedia Ubersocial

The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application.

5.8
2012-01-27 CVE-2012-0807 Hardened PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hardened-PHP Suhosin

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

5.1
2012-01-29 CVE-2011-5075 Sitracker Unspecified vulnerability in Sitracker Support Incident Tracker

translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.

5.0
2012-01-27 CVE-2011-4143 RSA Information Exposure vulnerability in RSA Envision 4.0/4.1

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.

5.0
2012-01-27 CVE-2011-4622 Redhat Local Denial of Service vulnerability in Redhat KVM 83

The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.

4.9
2012-01-27 CVE-2011-4325 Linux Local Denial of Service vulnerability in Linux Kernel NFS Implementation

The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.

4.9
2012-01-29 CVE-2011-5073 Sitracker Cross-Site Scripting vulnerability in Sitracker Support Incident Tracker

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.

4.3
2012-01-29 CVE-2012-0936 Opennms ORG Cross-Site Scripting vulnerability in Opennms.Org Opennms

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.

4.3
2012-01-29 CVE-2012-0932 Leadcapturepagesystem Cross-Site Scripting vulnerability in Leadcapturepagesystem Lead Capture Page System

Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2012-01-29 CVE-2011-5070 Sitracker Cross-Site Scripting vulnerability in Sitracker Support Incident Tracker 3.65

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.

4.3
2012-01-29 CVE-2011-3830 Sitracker Cross-Site Scripting vulnerability in Sitracker Support Incident Tracker 3.65

Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.

4.3
2012-01-28 CVE-2012-0053 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Http Server

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

4.3
2012-01-28 CVE-2012-0930 Schneider Electric Cross-Site Scripting vulnerability in Schneider-Electric Modicon Quantum PLC

Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-26 CVE-2012-0312 Oscommerce Cross-Site Scripting vulnerability in Oscommerce Online Merchant and Oscommerce

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-26 CVE-2012-0311 Oscommerce Cross-Site Scripting vulnerability in Oscommerce

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-26 CVE-2011-1941 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin 3.4.0.0

Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3
2012-01-26 CVE-2011-1940 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.

4.3
2012-01-25 CVE-2011-4276 Google Information Exposure vulnerability in Google Android

The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.

4.3
2012-01-25 CVE-2012-0885 Asterisk Unspecified vulnerability in Asterisk Open Source

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

4.3
2012-01-24 CVE-2012-0919 Hitachi Cross-Site Scripting vulnerability in Hitachi IT Operations Director

Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-24 CVE-2012-0917 Hitachi Cross-Site Scripting vulnerability in Hitachi IT Operations Analyzer

Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-24 CVE-2012-0914 Earl Miles
Drupal
Cross-Site Scripting vulnerability in Earl Miles Panels

Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.

4.3
2012-01-24 CVE-2012-0909 Horde Cross-Site Scripting vulnerability in Horde Groupware Webmail Edition

Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification.

4.3
2012-01-24 CVE-2012-0908 Simplesamlphp Cross-Site Scripting vulnerability in Simplesamlphp

Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter.

4.3
2012-01-24 CVE-2012-0791 Horde Cross-Site Scripting vulnerability in Horde Dynamic Imp, Groupware Webmail Edition and IMP

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names.

4.3
2012-01-24 CVE-2012-0790 Oetiker Cross-Site Scripting vulnerability in Oetiker Smokeping

Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.

4.3
2012-01-24 CVE-2012-0389 Mailenable Cross-Site Scripting vulnerability in Mailenable

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

4.3
2012-01-24 CVE-2012-0040 Simplesamlphp Cross-Site Scripting vulnerability in Simplesamlphp

Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter.

4.3
2012-01-24 CVE-2012-0285 Stone Ware Cross-Site Scripting vulnerability in Stone-Ware Webnetwork 6.0.5.0

Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-24 CVE-2012-0313 Glucose Cross-Site Scripting vulnerability in Glucose 2 Betastage5/Betastage5.1/Stage6

Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

4.3
2012-01-29 CVE-2011-5067 Sitracker Information Exposure vulnerability in Sitracker Support Incident Tracker 3.65

move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

4.0
2012-01-29 CVE-2011-3829 Sitracker Information Exposure vulnerability in Sitracker Support Incident Tracker 3.65

ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-27 CVE-2012-0814 Openbsd Credentials Management vulnerability in Openbsd Openssh

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite.

3.5
2012-01-29 CVE-2012-0933 Acidcat Cross-Site Scripting vulnerability in Acidcat CMS 3.5.1/3.5.2/3.5.6

Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.

2.6
2012-01-28 CVE-2012-0021 Apache Improper Input Validation vulnerability in Apache Http Server

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

2.6
2012-01-27 CVE-2011-4132 Linux
Suse
Improper Input Validation vulnerability in multiple products

The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."

2.1
2012-01-27 CVE-2011-4110 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6

The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."

2.1
2012-01-27 CVE-2011-2203 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6

The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.

2.1
2012-01-27 CVE-2011-1162 Linux Information Exposure vulnerability in Linux Kernel 2.6

The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command.

2.1