Weekly Vulnerabilities Reports > April 2 to 8, 2012
Overview
55 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 106 products from 25 vendors including Google, Apple, HP, Invensys, and Arcinfo. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use After Free", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Credentials Management".
- 51 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 53 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-06 | CVE-2012-1239 | Toshibatec | Permissions, Privileges, and Access Controls vulnerability in Toshibatec products The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. | 10.0 |
| 2012-04-05 | CVE-2012-0131 | HP | Remote Denial Of Service vulnerability in HP-UX Running DCE Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 |
| 2012-04-06 | CVE-2012-0725 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724. | 9.3 |
| 2012-04-06 | CVE-2012-0724 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725. | 9.3 |
| 2012-04-05 | CVE-2012-1337 | Cisco | Buffer Errors vulnerability in Cisco Webex Recording Format Player 27.11.26/27.21.10 Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1336. | 9.3 |
| 2012-04-05 | CVE-2012-1336 | Cisco | Buffer Errors vulnerability in Cisco Webex Recording Format Player 27.11.26/27.21.10 Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1337. | 9.3 |
| 2012-04-05 | CVE-2012-1335 | Cisco | Buffer Errors vulnerability in Cisco Webex Recording Format Player 27.11.26/27.21.10 Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337. | 9.3 |
| 2012-04-03 | CVE-2011-4043 | Arcinfo | Numeric Errors vulnerability in Arcinfo Frontvue, Pcvue and Plantvue Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow. | 9.3 |
| 2012-04-03 | CVE-2011-4042 | Arcinfo | Unspecified vulnerability in Arcinfo Frontvue, Pcvue and Plantvue An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer. | 9.3 |
| 2012-04-02 | CVE-2012-0246 | Ecava | Path Traversal vulnerability in Ecava Integraxor Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. | 9.3 |
8 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-02 | CVE-2012-1515 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare ESX and Esxi VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. | 8.3 |
| 2012-04-05 | CVE-2012-0129 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Onboard Administrator HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | 7.6 |
| 2012-04-05 | CVE-2012-2055 | Github | Improper Control of Dynamically-Managed Code Resources vulnerability in Github GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. | 7.5 |
| 2012-04-05 | CVE-2012-1777 | F5 | SQL Injection vulnerability in F5 Firepass 6.0/6.1.0/7.0.0 SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | 7.5 |
| 2012-04-02 | CVE-2012-0228 | Invensys | Permissions, Privileges, and Access Controls vulnerability in Invensys Wonderware Information Server 4.0/4.5 Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | 7.5 |
| 2012-04-02 | CVE-2012-0226 | Invensys | SQL Injection vulnerability in Invensys Wonderware Information Server 4.0/4.5 SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-04-02 | CVE-2011-5085 | Sixapart | Remote Security vulnerability in Movable Type Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors. | 7.5 |
| 2012-04-05 | CVE-2012-2053 | F5 | Permissions, Privileges, and Access Controls vulnerability in F5 Firepass 6.0/6.1.0/7.0.0 The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. | 7.2 |
33 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-06 | CVE-2012-1237 | ICZ | Cross-Site Request Forgery (CSRF) vulnerability in ICZ Sencha SNS 1.0.0/1.0.1 Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2012-04-05 | CVE-2011-3077 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue. | 6.8 | |
| 2012-04-05 | CVE-2011-3076 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. | 6.8 |
| 2012-04-05 | CVE-2011-3075 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands. | 6.8 |
| 2012-04-05 | CVE-2011-3074 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media. | 6.8 |
| 2012-04-05 | CVE-2011-3073 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources. | 6.8 |
| 2012-04-05 | CVE-2011-3072 | Origin Validation Error vulnerability in Google Chrome Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. | 6.8 | |
| 2012-04-05 | CVE-2011-3071 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 6.8 |
| 2012-04-05 | CVE-2011-3070 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings. | 6.8 | |
| 2012-04-05 | CVE-2011-3069 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. | 6.8 |
| 2012-04-05 | CVE-2011-3068 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes. | 6.8 |
| 2012-04-05 | CVE-2011-3067 | Google Apple | Origin Validation Error vulnerability in Google Chrome Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | 6.8 |
| 2012-04-05 | CVE-2011-3066 | Out-Of-Bounds Read vulnerability in Google Chrome Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 6.8 | |
| 2012-04-03 | CVE-2011-4535 | Craig Peterson Scadatec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file. | 6.8 |
| 2012-04-02 | CVE-2012-0258 | Invensys | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Invensys products Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the AddFile member. | 6.8 |
| 2012-04-02 | CVE-2012-0257 | Invensys | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Invensys products Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite. | 6.8 |
| 2012-04-05 | CVE-2012-0128 | HP | Improper Input Validation vulnerability in HP Onboard Administrator HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2012-04-03 | CVE-2011-4044 | Arcinfo | Unspecified vulnerability in Arcinfo Frontvue, Pcvue and Plantvue An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods. | 5.8 |
| 2012-04-05 | CVE-2012-2054 | Redmine | Credentials Management vulnerability in Redmine Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327. | 5.0 |
| 2012-04-05 | CVE-2012-0255 | Quagga | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). | 5.0 |
| 2012-04-05 | CVE-2012-0130 | HP | Information Exposure vulnerability in HP Onboard Administrator HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2012-04-05 | CVE-2008-7311 | Spreecommerce | Credentials Management vulnerability in Spreecommerce Spree 0.2.0 The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file. | 5.0 |
| 2012-04-05 | CVE-2008-7310 | Spreecommerce | Credentials Management vulnerability in Spreecommerce Spree 0.2.0 Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability. | 5.0 |
| 2012-04-05 | CVE-2008-7309 | Insoshi | Credentials Management vulnerability in Insoshi Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability. | 5.0 |
| 2012-04-02 | CVE-2012-0222 | Rockwellautomation | Buffer Errors vulnerability in Rockwellautomation Factorytalk and Rslogix 5000 The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. | 5.0 |
| 2012-04-02 | CVE-2012-0221 | Rockwellautomation | Improper Input Validation vulnerability in Rockwellautomation Factorytalk and Rslogix 5000 The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. | 5.0 |
| 2012-04-06 | CVE-2012-1902 | Phpmyadmin | Information Exposure vulnerability in PHPmyadmin show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. | 4.3 |
| 2012-04-06 | CVE-2012-1238 | ICZ | Cross-Site Request Forgery vulnerability in ICZ Sencha SNS 1.0.0/1.0.1 Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
| 2012-04-05 | CVE-2012-0327 | Redmine | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-05 | CVE-2012-0132 | HP Microsoft | Cross-Site Scripting vulnerability in HP Business Availability Center 9.01 Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-03 | CVE-2011-4045 | Arcinfo | Buffer Errors vulnerability in Arcinfo Frontvue, Pcvue and Plantvue Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document. | 4.3 |
| 2012-04-02 | CVE-2012-0225 | Invensys | Cross-Site Scripting vulnerability in Invensys Wonderware Information Server 4.0/4.5 Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-02 | CVE-2011-5084 | Sixapart | Cross-Site Scripting vulnerability in Sixapart Movable Type Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
4 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-05 | CVE-2012-1982 | Socialcms | Cross-Site Scripting vulnerability in Socialcms 1.0.2 Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action. | 3.5 |
| 2012-04-05 | CVE-2011-5000 | Openbsd | Numeric Errors vulnerability in Openbsd Openssh The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. | 3.5 |
| 2012-04-05 | CVE-2012-0250 | Quagga | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. | 3.3 |
| 2012-04-05 | CVE-2012-0249 | Quagga | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. | 3.3 |