Weekly Vulnerabilities Reports > April 16 to 22, 2012
Overview
52 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 57 products from 33 vendors including Wordpress, Realnetworks, IBM, Owncloud, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Cryptographic Issues".
- 44 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 47 reported vulnerabilities are exploitable by an anonymous user.
- Wordpress has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Iconics has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-22 | CVE-2012-2405 | Maian Menalto | Cryptographic Issues vulnerability in multiple products Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. | 10.0 |
| 2012-04-21 | CVE-2012-2400 | Wordpress | Remote vulnerability in WordPress Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. | 10.0 |
| 2012-04-21 | CVE-2012-2399 | Wordpress | Remote vulnerability in WordPress Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. | 10.0 |
| 2012-04-18 | CVE-2011-5089 | Iconics | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Iconics Bizviz and Genesis32 Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. | 10.0 |
| 2012-04-18 | CVE-2012-1799 | Siemens | Improper Authentication vulnerability in Siemens products The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | 10.0 |
| 2012-04-22 | CVE-2012-0708 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Clearquest Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. | 9.3 |
| 2012-04-18 | CVE-2011-5088 | Iconics | Remote Security vulnerability in GENESIS32 The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability." | 9.3 |
| 2012-04-18 | CVE-2012-0278 | Irfanview | Buffer Errors vulnerability in Irfanview Flashpix Plugin 4.3.4.0/4.32/4.33 Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression. | 9.3 |
| 2012-04-17 | CVE-2011-2478 | Code Injection vulnerability in Google Sketchup 6.0/7.0/7.1 Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file. | 9.3 |
6 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-17 | CVE-2012-1518 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare products VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | 8.3 |
| 2012-04-20 | CVE-2012-0406 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Data Protection Advisor The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. | 7.8 |
| 2012-04-18 | CVE-2012-1802 | Siemens | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. | 7.8 |
| 2012-04-19 | CVE-2012-2110 | Openssl Redhat | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | 7.5 |
| 2012-04-17 | CVE-2012-0942 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Helix Mobile Server and Helix Server Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. | 7.5 |
| 2012-04-16 | CVE-2012-1241 | Artonx ORG | Permissions, Privileges, and Access Controls vulnerability in Artonx.Org Activescriptruby GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | 7.5 |
33 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-20 | CVE-2012-2397 | Owncloud | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. | 6.8 |
| 2012-04-18 | CVE-2011-5086 | Nsoftware | Improper Input Validation vulnerability in Nsoftware Unitronics Uniopc 1.3.8 https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site. | 6.8 |
| 2012-04-17 | CVE-2012-2089 | F5 Fedoraproject | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | 6.8 |
| 2012-04-17 | CVE-2012-1985 | Realnetworks | Cross-Site Request Forgery (CSRF) vulnerability in Realnetworks Helix Mobile Server and Helix Server Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL. | 6.8 |
| 2012-04-20 | CVE-2012-2236 | Ryan Walberg | SQL Injection vulnerability in Ryan Walberg PHP Gift Registry 1.5.5 SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action. | 6.5 |
| 2012-04-22 | CVE-2012-0726 | IBM | Cryptographic Issues vulnerability in IBM Tivoli Directory Server The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. | 6.4 |
| 2012-04-18 | CVE-2012-1800 | Siemens | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. | 6.1 |
| 2012-04-20 | CVE-2012-2270 | Owncloud | Improper Input Validation vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | 5.8 |
| 2012-04-21 | CVE-2012-2402 | Wordpress | Permissions, Privileges, and Access Controls vulnerability in Wordpress wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors. | 5.5 |
| 2012-04-22 | CVE-2012-0743 | IBM | Resource Management Errors vulnerability in IBM Tivoli Directory Server IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | 5.0 |
| 2012-04-22 | CVE-2012-1243 | Studiohitori | Information Exposure vulnerability in Studiohitori Twitrocker2 Android The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 5.0 |
| 2012-04-21 | CVE-2012-2401 | Moxiecode Wordpress | Permissions, Privileges, and Access Controls vulnerability in multiple products Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. | 5.0 |
| 2012-04-20 | CVE-2012-0407 | EMC | Numeric Errors vulnerability in EMC Data Protection Advisor Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. | 5.0 |
| 2012-04-18 | CVE-2011-5087 | Adastra | Remote Arbitrary File Access vulnerability in AdAstrA TRACE MODE Data Center Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS. | 5.0 |
| 2012-04-18 | CVE-2011-4871 | Opcsystems | Improper Input Validation vulnerability in Opcsystems Opcsystems.Net 4.0 Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. | 5.0 |
| 2012-04-17 | CVE-2012-1180 | F5 Fedoraproject Debian | Use After Free vulnerability in multiple products Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | 5.0 |
| 2012-04-17 | CVE-2012-2268 | Realnetworks | Improper Input Validation vulnerability in Realnetworks Helix Mobile Server and Helix Server master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923. | 5.0 |
| 2012-04-17 | CVE-2012-2267 | Realnetworks | Permissions, Privileges, and Access Controls vulnerability in Realnetworks Helix Mobile Server and Helix Server master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. | 5.0 |
| 2012-04-20 | CVE-2012-2273 | Comodo Microsoft | Code Injection vulnerability in Comodo Internet Security Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. | 4.9 |
| 2012-04-19 | CVE-2012-0134 | HP | Local Denial Of Service vulnerability in HP OpenVMS Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors. | 4.9 |
| 2012-04-22 | CVE-2012-0946 | Nvidia | Permissions, Privileges, and Access Controls vulnerability in Nvidia Unix Driver The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | 4.6 |
| 2012-04-22 | CVE-2012-0216 | Debian | Cross-Site Scripting vulnerability in Apache2 The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server. | 4.4 |
| 2012-04-22 | CVE-2012-1113 | Maian Menalto | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-22 | CVE-2012-0740 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Directory Server Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-22 | CVE-2012-2234 | Teampass | Cross-Site Scripting vulnerability in Teampass Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action. | 4.3 |
| 2012-04-21 | CVE-2012-2404 | Wordpress | Cross-Site Scripting vulnerability in Wordpress wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
| 2012-04-21 | CVE-2012-2403 | Wordpress | Cross-Site Scripting vulnerability in Wordpress wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
| 2012-04-20 | CVE-2012-2398 | Owncloud | Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. | 4.3 |
| 2012-04-20 | CVE-2012-2269 | Owncloud | Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. | 4.3 |
| 2012-04-19 | CVE-2012-2396 | Videolan | Unspecified vulnerability in Videolan VLC Media Player 2.0.1 VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. | 4.3 |
| 2012-04-18 | CVE-2012-0253 | Demandmedia | Cross-Site Scripting vulnerability in Demandmedia Pluck Sitelife 5.0.12 Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm. | 4.3 |
| 2012-04-17 | CVE-2012-1984 | Realnetworks | Cross-Site Scripting vulnerability in Realnetworks Helix Mobile Server and Helix Server Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-16 | CVE-2012-1240 | Recruit | Cross-Site Scripting vulnerability in Recruit Dokodemo Rikunabi 2013 1.0.0 Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
4 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-04-18 | CVE-2012-0135 | HP | Unspecified vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. | 3.5 |
| 2012-04-17 | CVE-2012-1979 | Syndeocms | Cross-Site Scripting vulnerability in Syndeocms Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. | 3.5 |
| 2012-04-18 | CVE-2012-1993 | HP | Unspecified vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. | 3.2 |
| 2012-04-17 | CVE-2012-1923 | Realnetworks | Cryptographic Issues vulnerability in Realnetworks Helix Mobile Server and Helix Server RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. | 2.1 |