Weekly Vulnerabilities Reports > April 16 to 22, 2012

Overview

55 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 36 vendors including Wordpress, Realnetworks, IBM, Owncloud, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Cryptographic Issues".

  • 45 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 49 reported vulnerabilities are exploitable by an anonymous user.
  • Wordpress has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Wordpress has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-04-22 CVE-2012-2405 Maian
Menalto
Cryptographic Issues vulnerability in multiple products

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.

10.0
2012-04-21 CVE-2012-2400 Wordpress Remote vulnerability in WordPress

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.

10.0
2012-04-21 CVE-2012-2399 Wordpress Remote vulnerability in WordPress

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

10.0
2012-04-18 CVE-2011-5089 Iconics Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Iconics Bizviz and Genesis32

Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.

10.0
2012-04-18 CVE-2012-1799 Siemens Improper Authentication vulnerability in Siemens products

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

10.0
2012-04-22 CVE-2012-0708 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Clearquest

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.

9.3
2012-04-18 CVE-2011-5088 Iconics Remote Security vulnerability in GENESIS32

The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."

9.3
2012-04-18 CVE-2012-0278 Irfanview Buffer Errors vulnerability in Irfanview Flashpix Plugin 4.3.4.0/4.32/4.33

Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.

9.3
2012-04-17 CVE-2011-2478 Google Code Injection vulnerability in Google Sketchup 6.0/7.0/7.1

Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.

9.3

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-04-17 CVE-2012-1518 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.

8.3
2012-04-20 CVE-2012-0406 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Data Protection Advisor

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.

7.8
2012-04-18 CVE-2012-1802 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.

7.8
2012-04-18 CVE-2012-1801 ABB Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ABB products

Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data.

7.7
2012-04-19 CVE-2012-2110 Openssl
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

7.5
2012-04-17 CVE-2012-0942 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Helix Mobile Server and Helix Server

Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.

7.5
2012-04-16 CVE-2012-1241 Artonx ORG Permissions, Privileges, and Access Controls vulnerability in Artonx.Org Activescriptruby

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.

7.5

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-04-18 CVE-2012-0883 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Http Server

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

6.9
2012-04-20 CVE-2012-2397 Owncloud Cross-Site Request Forgery (CSRF) vulnerability in Owncloud 3.0.0/3.0.1/3.0.2

Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts.

6.8
2012-04-18 CVE-2011-5086 Nsoftware Improper Input Validation vulnerability in Nsoftware Unitronics Uniopc 1.3.8

https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site.

6.8
2012-04-17 CVE-2012-2089 Nginx
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.

6.8
2012-04-17 CVE-2012-1985 Realnetworks Cross-Site Request Forgery (CSRF) vulnerability in Realnetworks Helix Mobile Server and Helix Server

Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL.

6.8
2012-04-20 CVE-2012-2236 Ryan Walberg SQL Injection vulnerability in Ryan Walberg PHP Gift Registry 1.5.5

SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.

6.5
2012-04-22 CVE-2012-0726 IBM Cryptographic Issues vulnerability in IBM Tivoli Directory Server

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

6.4
2012-04-18 CVE-2012-1800 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products

Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame.

6.1
2012-04-20 CVE-2012-2270 Owncloud Improper Input Validation vulnerability in Owncloud 3.0.0/3.0.1/3.0.2

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

5.8
2012-04-21 CVE-2012-2402 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.

5.5
2012-04-22 CVE-2012-0743 IBM Resource Management Errors vulnerability in IBM Tivoli Directory Server

IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.

5.0
2012-04-22 CVE-2012-1243 Studiohitori
Google
Information Exposure vulnerability in Studiohitori Twitrocker2 Android

The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

5.0
2012-04-21 CVE-2012-2401 Moxiecode
Wordpress
Permissions, Privileges, and Access Controls vulnerability in multiple products

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

5.0
2012-04-20 CVE-2012-0407 EMC Numeric Errors vulnerability in EMC Data Protection Advisor

Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.

5.0
2012-04-18 CVE-2011-5087 Adastra Remote Arbitrary File Access vulnerability in AdAstrA TRACE MODE Data Center

Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS.

5.0
2012-04-18 CVE-2011-4871 Opcsystems Improper Input Validation vulnerability in Opcsystems Opcsystems.Net 4.0

Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.

5.0
2012-04-17 CVE-2012-1180 Nginx
Fedoraproject
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

5.0
2012-04-17 CVE-2012-2268 Realnetworks Improper Input Validation vulnerability in Realnetworks Helix Mobile Server and Helix Server

master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923.

5.0
2012-04-17 CVE-2012-2267 Realnetworks Permissions, Privileges, and Access Controls vulnerability in Realnetworks Helix Mobile Server and Helix Server

master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923.

5.0
2012-04-20 CVE-2012-2273 Comodo
Microsoft
Code Injection vulnerability in Comodo Internet Security

Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value.

4.9
2012-04-19 CVE-2012-0134 HP Local Denial Of Service vulnerability in HP OpenVMS

Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors.

4.9
2012-04-22 CVE-2012-0946 Nvidia Permissions, Privileges, and Access Controls vulnerability in Nvidia Unix Driver

The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.

4.6
2012-04-22 CVE-2012-0216 Debian Cross-Site Scripting vulnerability in Apache2

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.

4.4
2012-04-22 CVE-2012-1575 Trevor Mckay Cross-Site Scripting vulnerability in Trevor Mckay Cumin

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.

4.3
2012-04-22 CVE-2012-1113 Maian
Menalto
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-04-22 CVE-2012-0740 IBM Cross-Site Scripting vulnerability in IBM Tivoli Directory Server

Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-04-22 CVE-2012-2234 Teampass Cross-Site Scripting vulnerability in Teampass

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.

4.3
2012-04-21 CVE-2012-2404 Wordpress Cross-Site Scripting vulnerability in Wordpress

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3
2012-04-21 CVE-2012-2403 Wordpress Cross-Site Scripting vulnerability in Wordpress

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3
2012-04-20 CVE-2012-2398 Owncloud Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2

Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.

4.3
2012-04-20 CVE-2012-2269 Owncloud Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.

4.3
2012-04-19 CVE-2012-2396 Videolan Unspecified vulnerability in Videolan VLC Media Player 2.0.1

VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.

4.3
2012-04-18 CVE-2012-0253 Demandmedia Cross-Site Scripting vulnerability in Demandmedia Pluck Sitelife 5.0.12

Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm.

4.3
2012-04-17 CVE-2012-1984 Realnetworks Cross-Site Scripting vulnerability in Realnetworks Helix Mobile Server and Helix Server

Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-04-16 CVE-2012-1240 Recruit Cross-Site Scripting vulnerability in Recruit Dokodemo Rikunabi 2013 1.0.0

Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-04-18 CVE-2012-0135 HP Unspecified vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors.

3.5
2012-04-17 CVE-2012-1979 Syndeocms Cross-Site Scripting vulnerability in Syndeocms

Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.

3.5
2012-04-18 CVE-2012-1993 HP Unspecified vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors.

3.2
2012-04-17 CVE-2012-1923 Realnetworks Cryptographic Issues vulnerability in Realnetworks Helix Mobile Server and Helix Server

RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.

2.1