Weekly Vulnerabilities Reports > May 7 to 13, 2012
Overview
1 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 8 vendors including Apple, Debian, PHP, Fedoraproject, and Opensuse. Vulnerabilities are notably categorized as and "Command Injection".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-05-11 | CVE-2012-1823 | PHP Fedoraproject Debian HP Opensuse Suse Apple Redhat | Command Injection vulnerability in multiple products sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | 9.8 |
0 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|