Vulnerability Summary for the Week of January 23, 2012
Released
Jan 30, 2012
Document ID
SB12-030
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| batavi -- batavi | SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter. | 2012-01-24 | 7.5 | CVE-2012-0069 |
| dev!l's -- dev!l'z_clanportal_gamebase_addon | SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php. | 2012-01-20 | 7.5 | CVE-2012-0905 |
| emc -- networker | Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | 2012-01-26 | 9.3 | CVE-2012-0395 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. | 2012-01-23 | 7.5 | CVE-2011-3924 |
| google -- chrome | Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page. | 2012-01-23 | 7.5 | CVE-2011-3925 |
| google -- chrome | Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2012-01-23 | 7.5 | CVE-2011-3926 |
| google -- chrome | Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2012-01-23 | 7.5 | CVE-2011-3927 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. | 2012-01-23 | 7.5 | CVE-2011-3928 |
| hitachi -- cobol2002_net_developer | Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors. | 2012-01-24 | 10.0 | CVE-2012-0918 |
| ibm -- lotus_symphony | Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. | 2012-01-23 | 9.3 | CVE-2012-0192 |
| icloudcenter -- ictimeattendance | SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information. | 2012-01-24 | 7.5 | CVE-2012-0913 |
| mystarmedia -- moviebase_addon | SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php. | 2012-01-20 | 7.5 | CVE-2012-0906 |
| renren -- renren_talk | Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image. | 2012-01-24 | 9.3 | CVE-2012-0915 |
| renren -- renren_talk | Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file. | 2012-01-24 | 9.3 | CVE-2012-0916 |
| stone-ware -- webnetwork | SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2012-01-24 | 7.5 | CVE-2012-0912 |
| symantec -- pcanywhere | The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631. | 2012-01-25 | 10.0 | CVE-2011-3478 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 360 -- mobilesafe | The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.1.0 and 2.2.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4769 |
| 360 -- kouxin | The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4772 |
| airties -- air_4450 | AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. | 2012-01-20 | 5.0 | CVE-2012-0902 |
| androidapptools -- easy_filter | The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. | 2012-01-24 | 6.4 | CVE-2011-4698 |
| anguanjia -- anguanjia | The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4773 |
| annuairephp -- annuaire_php | Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter. | 2012-01-20 | 4.3 | CVE-2012-0899 |
| asterisk -- open_source | chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. | 2012-01-25 | 4.3 | CVE-2012-0885 |
| attenzione -- yousaytoo | Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | 2012-01-20 | 4.3 | CVE-2012-0901 |
| beehive_forum -- beehive_forum | Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php. | 2012-01-20 | 4.3 | CVE-2012-0900 |
| camaleo -- myeasybackup | Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. | 2012-01-20 | 5.0 | CVE-2012-0898 |
| drupal -- panels | Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. | 2012-01-24 | 4.3 | CVE-2012-0914 |
| duckcorp -- bip | Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors. | 2012-01-26 | 6.5 | CVE-2012-0806 |
| glucose -- glucose_2 | Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | 2012-01-23 | 4.3 | CVE-2012-0313 |
| google -- android | The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. | 2012-01-25 | 4.3 | CVE-2011-4276 |
| hardened-php -- suhosin | Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. | 2012-01-26 | 5.1 | CVE-2012-0807 |
| hatena -- callconfirm | The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4701 |
| hitachi -- it_operations_analyzer | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-01-24 | 4.3 | CVE-2012-0917 |
| hitachi -- it_operations_director | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-01-24 | 4.3 | CVE-2012-0919 |
| horde -- dynamic_imp | Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. | 2012-01-24 | 4.3 | CVE-2012-0791 |
| horde -- groupware_webmail_edition | Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. | 2012-01-24 | 4.3 | CVE-2012-0909 |
| irfanview -- irfanview | Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | 2012-01-20 | 6.8 | CVE-2012-0897 |
| kaixin001 -- kaixin001 | The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application. | 2012-01-24 | 6.4 | CVE-2011-4866 |
| lucion -- scan_to_pdf_free | The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4771 |
| mailenable -- mailenable | Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. | 2012-01-24 | 4.3 | CVE-2012-0389 |
| ming -- blacklist_free | The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack." | 2012-01-24 | 5.8 | CVE-2011-4705 |
| nathanielkh -- limit_my_call | The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4703 |
| neoaxis -- neoaxis_web_player | Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive. | 2012-01-20 | 5.8 | CVE-2012-0907 |
| nimbuzz -- nimbuzz | The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4702 |
| oetiker -- smokeping | Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter. | 2012-01-24 | 4.3 | CVE-2012-0790 |
| openssl -- openssl | crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. | 2012-01-26 | 5.8 | CVE-2011-4354 |
| oscommerce -- oscommerce | Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-01-26 | 4.3 | CVE-2012-0311 |
| oscommerce -- online_merchant | Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-01-26 | 4.3 | CVE-2012-0312 |
| phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. | 2012-01-26 | 4.3 | CVE-2011-1940 |
| phpmyadmin -- phpmyadmin | Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2012-01-26 | 4.3 | CVE-2011-1941 |
| qiwi -- wallet | The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4770 |
| rsa -- envision | EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | 2012-01-26 | 5.0 | CVE-2011-4143 |
| simplesamlphp -- simplesamlphp | Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. | 2012-01-24 | 4.3 | CVE-2012-0040 |
| simplesamlphp -- simplesamlphp | Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter. | 2012-01-24 | 4.3 | CVE-2012-0908 |
| stone-ware -- webnetwork | Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-01-24 | 4.3 | CVE-2012-0285 |
| stone-ware -- webnetwork | Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts. | 2012-01-24 | 6.8 | CVE-2012-0286 |
| symantec -- pcanywhere | Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file. | 2012-01-25 | 4.3 | CVE-2011-3479 |
| tencent -- qqpimsecure | The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4863 |
| tencent -- mobileqq | The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4864 |
| tencent -- microblogpad | The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4865 |
| tencent -- qqpphoto | The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4867 |
| tom_braider -- count_per_day | Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. | 2012-01-20 | 4.3 | CVE-2012-0895 |
| tom_braider -- count_per_day | Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. | 2012-01-20 | 5.0 | CVE-2012-0896 |
| ubermedia -- twidroyd_legacy | The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | 2012-01-24 | 6.4 | CVE-2011-4699 |
| ubersocial -- ubersocial | The UberMedia UberSocial (com.twidroid) application 7.1.5 and 7.2.2 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4700 |
| videolan -- vlc_media_player | VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. | 2012-01-20 | 4.3 | CVE-2012-0904 |
| vmware -- zimbra_desktop | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. | 2012-01-20 | 4.3 | CVE-2012-0903 |
| voxofon -- voxofon | The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. | 2012-01-24 | 5.8 | CVE-2011-4704 |
| xiaomi -- mitalk_messenger | The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. | 2012-01-24 | 6.4 | CVE-2011-4697 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.