Vulnerability Summary for the Week of September 19, 2011
Released
Sep 28, 2011
Document ID
SB11-269
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- flash_player | Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. | 2011-09-21 | 9.3 | CVE-2011-2426 |
| adobe -- flash_player | Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | 2011-09-21 | 9.3 | CVE-2011-2427 |
| adobe -- flash_player | Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." | 2011-09-21 | 9.3 | CVE-2011-2428 |
| adobe -- flash_player | Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability." | 2011-09-21 | 9.3 | CVE-2011-2430 |
| azeotech -- daqfactory | Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034. | 2011-09-16 | 10.0 | CVE-2011-3492 |
| bcfg2 -- bcfg2 | The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client. | 2011-09-16 | 9.3 | CVE-2011-3211 |
| cisco -- telepresence_c_series_software | Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496. | 2011-09-23 | 9.0 | CVE-2011-2543 |
| cisco -- ciscoworks_lan_management_solution | Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. | 2011-09-19 | 10.0 | CVE-2011-2738 |
| cisco -- identity_services_engine_software | Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135. | 2011-09-21 | 10.0 | CVE-2011-3290 |
| emc -- avamar | EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain. | 2011-09-19 | 7.7 | CVE-2011-1740 |
| equis -- metastock | Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout. | 2011-09-16 | 10.0 | CVE-2011-3488 |
| google -- chrome | Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content. | 2011-09-19 | 7.5 | CVE-2011-2836 |
| google -- chrome | Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors. | 2011-09-19 | 7.5 | CVE-2011-2837 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors. | 2011-09-19 | 7.5 | CVE-2011-2838 |
| google -- chrome | The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors. | 2011-09-19 | 7.5 | CVE-2011-2842 |
| google -- chrome | Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2011-09-19 | 7.5 | CVE-2011-2852 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. | 2011-09-19 | 7.5 | CVE-2011-2853 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | 2011-09-19 | 7.5 | CVE-2011-2854 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | 2011-09-19 | 7.5 | CVE-2011-2855 |
| google -- chrome | Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 2011-09-19 | 7.5 | CVE-2011-2856 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. | 2011-09-19 | 7.5 | CVE-2011-2857 |
| google -- chrome | Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | 2011-09-19 | 7.5 | CVE-2011-2859 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | 2011-09-19 | 7.5 | CVE-2011-2860 |
| google -- chrome | Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors. | 2011-09-19 | 7.5 | CVE-2011-2862 |
| google -- chrome | Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors. | 2011-09-19 | 7.5 | CVE-2011-2874 |
| google -- chrome | Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | 2011-09-19 | 7.5 | CVE-2011-2875 |
| hp -- business_service_automation_essentials | Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors. | 2011-09-21 | 10.0 | CVE-2011-2412 |
| ibm -- lotus_domino | Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. | 2011-09-19 | 9.0 | CVE-2011-3575 |
| ibm -- websphere_commerce | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. | 2011-09-20 | 10.0 | CVE-2011-3577 |
| interactivedata -- esignal | Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2011-09-16 | 9.3 | CVE-2011-3503 |
| mercator -- sentinel | SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-09-22 | 7.5 | CVE-2011-1913 |
| perl -- perl | The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. | 2011-09-23 | 7.5 | CVE-2011-2766 |
| progea -- movicon_powerhmi | Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field. | 2011-09-16 | 10.0 | CVE-2011-3491 |
| progea -- movicon_powerhmi | Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. | 2011-09-16 | 10.0 | CVE-2011-3498 |
| progea -- movicon_powerhmi | Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location. | 2011-09-16 | 10.0 | CVE-2011-3499 |
| siemens -- simatic_wincc_flexible_runtime | Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308. | 2011-09-16 | 9.3 | CVE-2011-3321 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 111webcalendar -- 111webcalendar | 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3695 |
| 60cycle -- 60cyclecms | 60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3696 |
| achievo -- achievo | Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3697 |
| adaptcms -- adaptcms | AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3698 |
| adobe -- flash_player | Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." | 2011-09-21 | 5.0 | CVE-2011-2429 |
| adobe -- flash_player | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. | 2011-09-21 | 4.3 | CVE-2011-2444 |
| alegrocart -- alegrocart | AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3701 |
| anantasoft -- ananta_gazelle | Ananta Gazelle 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/template.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3702 |
| anecms -- anecms | AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3703 |
| anelectron -- advanced_electron_forum | Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php. | 2011-09-23 | 5.0 | CVE-2011-3700 |
| apache -- http_server | The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. | 2011-09-20 | 4.3 | CVE-2011-3348 |
| apprain -- apprain | appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php. | 2011-09-23 | 5.0 | CVE-2011-3704 |
| atutor -- atutor | ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3706 |
| automne-cms -- automne | Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php. | 2011-09-23 | 5.0 | CVE-2011-3708 |
| b2evolution -- b2evolution | b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3709 |
| bbpress -- bbpress | bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3710 |
| beckhoff -- twincat | Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read. | 2011-09-16 | 5.0 | CVE-2011-3486 |
| bigace -- bigace | BIGACE 2.7.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/libs/javascript.inc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3711 |
| boonex -- dolphin | Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3728 |
| cakefoundation -- cakephp | CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3712 |
| carel -- plantvisor | Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | 2011-09-16 | 5.0 | CVE-2011-3487 |
| christian_weiske -- semanticscuttle | Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-09-20 | 4.3 | CVE-2011-2672 |
| clantiger -- clantiger | ClanTiger 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/statistics.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3715 |
| claroline -- claroline | Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3716 |
| clip-bucket -- clipbucket | ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3717 |
| cmsmadesimple -- cms_made_simple | CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444. | 2011-09-23 | 5.0 | CVE-2011-3718 |
| codeigniter -- codeigniter | CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3719 |
| cogentdatahub -- cogent_datahub | Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a .. (dot dot backslash) in an HTTP request. | 2011-09-16 | 5.0 | CVE-2011-3500 |
| cogentdatahub -- cogent_datahub | Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value. | 2011-09-16 | 5.0 | CVE-2011-3501 |
| cogentdatahub -- cogent_datahub | The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). | 2011-09-16 | 5.0 | CVE-2011-3502 |
| conceptcms -- conceptcms | conceptcms 5.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by sys_libs/umlib/um_authserver.inc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3720 |
| concrete5 -- concrete | concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3721 |
| coppermine-gallery -- coppermine_photo_gallery | Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3722 |
| craftysyntax -- crafty_syntax | Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3723 |
| csphere -- clansphere | ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php. | 2011-09-23 | 5.0 | CVE-2011-3714 |
| cubecart -- cubecart | CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3724 |
| deluxebb -- deluxebb | DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by header_html.php. | 2011-09-23 | 5.0 | CVE-2011-3725 |
| dietrich_ayala -- nusoap | NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3761 |
| docebo -- docebolms | DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/show.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3726 |
| dokuwiki -- dokuwiki | DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3727 |
| dotproject -- dotproject | dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3729 |
| drupal -- drupal | Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3730 |
| e107 -- e107 | e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3731 |
| eggblog -- eggblog | eggBlog 4.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3732 |
| elgg -- elgg | Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3733 |
| energine -- energine | Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3734 |
| escortwebsitedesign -- escort-agency-cms | Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethumb.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3735 |
| exoscripts -- exophpdesk | ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3736 |
| eyeos -- eyeos | eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3737 |
| fengoffice -- feng_office | Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3738 |
| frontaccounting -- frontaccounting | FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3740 |
| ganglia -- ganglia | Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3741 |
| google -- chrome | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | 2011-09-19 | 6.8 | CVE-2011-2834 |
| google -- chrome | Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache. | 2011-09-19 | 6.8 | CVE-2011-2835 |
| google -- chrome | Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction." | 2011-09-19 | 5.8 | CVE-2011-2840 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 2011-09-19 | 6.8 | CVE-2011-2841 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-09-19 | 5.0 | CVE-2011-2843 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-09-19 | 5.0 | CVE-2011-2844 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. | 2011-09-19 | 6.8 | CVE-2011-2846 |
| google -- chrome | Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 2011-09-19 | 6.8 | CVE-2011-2847 |
| google -- chrome | Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button. | 2011-09-19 | 5.8 | CVE-2011-2848 |
| google -- chrome | The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | 2011-09-19 | 4.3 | CVE-2011-2849 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-09-19 | 5.0 | CVE-2011-2850 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-09-19 | 5.0 | CVE-2011-2851 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-09-19 | 5.0 | CVE-2011-2858 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation. | 2011-09-19 | 6.8 | CVE-2011-2861 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-09-19 | 5.0 | CVE-2011-2864 |
| google -- chrome | Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-09-19 | 5.0 | CVE-2011-3234 |
| helpcenterlive -- helpcenter_live | HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3742 |
| hesk -- hesk | Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3743 |
| htmlpurifier -- html_purifier | HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3744 |
| hycus -- hycus_cms | HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php. | 2011-09-23 | 5.0 | CVE-2011-3745 |
| ibm -- lotus_domino | Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. | 2011-09-19 | 4.3 | CVE-2011-3576 |
| janrain -- php-openid | JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3707 |
| jasperforge -- jasperreports_server_community_project | JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach. | 2011-09-20 | 6.8 | CVE-2011-1911 |
| jcow -- jcow | Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3746 |
| john_lim -- adodb | John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3699 |
| joomla -- joomla! | Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. | 2011-09-23 | 5.0 | CVE-2011-3747 |
| kamads_classifieds -- 2_b3 | Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2A_XHTML/style/view.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3748 |
| kplaylist -- kplaylist | kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3750 |
| lifetype -- lifetype | LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbehavior/pluginbadbehavior.class.php. | 2011-09-23 | 5.0 | CVE-2011-3751 |
| limesurvey -- limesurvey | LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3752 |
| linpha -- linpha | LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3753 |
| mambo-foundation -- mambo | Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3754 |
| manageengine -- servicedesk_plus | The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 2011-09-20 | 5.0 | CVE-2011-1509 |
| manageengine -- servicedesk_plus | Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 2011-09-20 | 4.3 | CVE-2011-1510 |
| mantisbt -- mantisbt | Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php. | 2011-09-21 | 4.3 | CVE-2011-2938 |
| mantisbt -- mantisbt | Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php. | 2011-09-21 | 4.3 | CVE-2011-3356 |
| mantisbt -- mantisbt | Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php. | 2011-09-21 | 6.8 | CVE-2011-3357 |
| mantisbt -- mantisbt | Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library. | 2011-09-21 | 4.3 | CVE-2011-3358 |
| mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357. | 2011-09-21 | 4.3 | CVE-2011-3578 |
| mantisbt -- mantisbt | MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3755 |
| maptools -- ka-map | ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3749 |
| michael_armbruster -- arctic_fox_cms | Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3705 |
| microblog -- microblog | MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3756 |
| moodle -- moodle | Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3757 |
| moundlabs -- ::mound:: | ::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smarty_internal_template.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3758 |
| mybb -- mybb | MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3759 |
| nucleuscms -- nucleus_cms | Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3760 |
| open-blog -- openblog | OpenBlog 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3762 |
| opencart -- opencart | OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3763 |
| opendocman -- opendocman | OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3764 |
| openfreeway -- freeway | Freeway 1.5 Alpha allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/Freeway/boxes/last_product.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3739 |
| openssl -- openssl | crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | 2011-09-22 | 5.0 | CVE-2011-3207 |
| openssl -- openssl | The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service (application crash) via out-of-order messages that violate the TLS protocol. | 2011-09-22 | 5.0 | CVE-2011-3210 |
| powerdrummer -- cftp | cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files. | 2011-09-23 | 5.0 | CVE-2011-3713 |
| redhat -- enterprise_mrg | Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | 2011-09-20 | 4.6 | CVE-2011-2925 |
| roundcube -- webmail | Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. | 2011-09-21 | 4.3 | CVE-2011-2937 |
| tibco -- managed_file_transfer_command_center | Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-09-19 | 4.3 | CVE-2011-3423 |
| tibco -- managed_file_transfer_command_center | Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. | 2011-09-19 | 4.3 | CVE-2011-3424 |
| wireshark -- wireshark | Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. | 2011-09-20 | 6.9 | CVE-2011-3360 |
| wireshark -- wireshark | The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 2011-09-20 | 4.3 | CVE-2011-3482 |
| wireshark -- wireshark | Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." | 2011-09-20 | 4.3 | CVE-2011-3483 |
| wireshark -- wireshark | The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. | 2011-09-20 | 4.3 | CVE-2011-3484 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- telepresence_mxp_software | Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. | 2011-09-23 | 3.5 | CVE-2011-2544 |
| openfabrics -- enterprise_distribution | ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file. | 2011-09-19 | 2.1 | CVE-2011-3345 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.