Search

See Resources

@RISK Newsletter for December 01, 2011 The Consensus Security Vulnerability Alert

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.


@RISK: The Consensus Security Vulnerability Alert
Vol. 11, Num. 49

Providing a reliable, weekly summary of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked.

Archived issues may be found at https://www.qualys.com/research/sans-at-risk/


Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
— | —
Other Microsoft Products 1
Third Party Windows Apps 2
Mac Os | 1
Solaris 1
Cross Platform 12 (#1,#2,#3,#4)
Web Application - Cross Site Scripting | 3
Web Application - SQL Injection 1
Web Application 4
Network Device | 1


Part I – Critical Vulnerabilities from TippingPoint ( www.tippingpoint.com )

Widely Deployed Software
(1) HIGH: Apple Products Multiple Security Vulnerabilities
(2) HIGH: Oracle Java Multiple Security Vulnerabilities
(3) HIGH: Adobe Products Multiple Security Vulnerabilities
(4) MEDIUM: Novell Multiple Products Security Vulnerabilities


Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys

(www.qualys.com)

Other Microsoft Products

11.43.1 - Microsoft Publisher Memory Corruption Remote Code Execution

Third Party Windows Apps

11.43.2 - atvise webMI2ADS Web Server Multiple Remote Vulnerabilities
11.43.3 - Honeywell EBI TEMA Remote Installer ActiveX Control Arbitrary File Download

Mac Os

11.43.4 - Apple Mac OS X and Mac OS X Lion Multiple Security Vulnerabilities

Solaris

11.43.5 - Oracle Solaris Multiple Vulnerabilities

Cross Platform

11.43.6 - VMware Hosted Products UDF File Systems Buffer Overflow
11.43.7 - Snort Report Multiple Remote Command Execution Vulnerabilities
11.43.8 - Google App Engine SDK Cross-Site Request Forgery And Command Execution Weaknesses
11.43.9 - Cisco TelePresence Video Communication Server “User-Agent” HTTP Header HTML Injection
11.43.10 - Apple Safari Multiple Security Vulnerabilities
11.43.11 - HP Data Protector Unspecified Remote Code Execution Vulnerabilities
11.43.12 - ClamAV Recursion Level Handling Denial of Service
11.43.13 - X.Org X11 File Enumeration Information Disclosure
11.43.14 - Oracle E-Business Suite Multiple Remote Vulnerabilities
11.43.15 - Oracle Database Server Remote Database Multiple Vulnerabilities
11.43.16 - Oracle Java SE Remote Java Runtime Environment Vulnerabilities
11.43.17 - Oracle PeopleSoft Multiple Vulnerabilities

Web Application - Cross Site Scripting

11.43.18 - Contao CMS Cross-Site Scripting
11.43.19 - BugFree Multiple Cross-Site Scripting Vulnerabilities
11.43.20 - phpMyAdmin Setup Interface Cross-Site Scripting

Web Application - SQL Injection

11.43.21 - Roundcube webmail “_user” Parameter SQL Injection

Web Application

11.43.22 - Filmis SQL Injection and Cross-Site Scripting Vulnerabilities
11.43.23 - Geeklog BBCode Tags HTML Injection Vulnerabilities
11.43.24 - Simple Machines Forum Cross-Site Scripting and Spoofing Vulnerabilities
11.43.25 - Supermicro IPMI Web Interface Multiple Security Bypass Vulnerabilities

Network Device

11.43.26 - Avaya Identity Engines Ignition Server Remote Code Execution


PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process


(1) HIGH: Apple Products Multiple Security Vulnerabilities

Affected:
Apple OS X prior to 10.7.2
Apple Safari prior to 5.1.1
Apple iOS 5

Description: Apple has released patches for security vulnerabilities
affecting its OS X operating system, Safari web browser, and iOS mobile
operating system. The vulnerabilities include updates to third-party
software like PHP as well as Apple software like QuickTime and Safari.
The issues with QuickTime are mostly buffer overflows and would require
an attacker to entice a target to view malicious files. The iOS
vulnerabilities include some that could be exploited with multiple
vectors, including some in image libraries, as well as some in
client-side components like WebKit. Updates to Safari and WebKit could
result in code execution if a target is enticed to visit a malicious
site.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.apple.com
Apple Security Advisory
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://support.apple.com/kb/HT5002
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-295/
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/37118
http://www.securityfocus.com/bid/37865
http://www.securityfocus.com/bid/39635
http://www.securityfocus.com/bid/40370
http://www.securityfocus.com/bid/40863
http://www.securityfocus.com/bid/41544
http://www.securityfocus.com/bid/44723
http://www.securityfocus.com/bid/45015
http://www.securityfocus.com/bid/45133
http://www.securityfocus.com/bid/45137
http://www.securityfocus.com/bid/45668
http://www.securityfocus.com/bid/46164
http://www.securityfocus.com/bid/46174
http://www.securityfocus.com/bid/46177
http://www.securityfocus.com/bid/46262
http://www.securityfocus.com/bid/46262
http://www.securityfocus.com/bid/46354
http://www.securityfocus.com/bid/46365
http://www.securityfocus.com/bid/46429
http://www.securityfocus.com/bid/46464
http://www.securityfocus.com/bid/46614
http://www.securityfocus.com/bid/46658
http://www.securityfocus.com/bid/46767
http://www.securityfocus.com/bid/46785
http://www.securityfocus.com/bid/46786
http://www.securityfocus.com/bid/46811
http://www.securityfocus.com/bid/46854
http://www.securityfocus.com/bid/46965
http://www.securityfocus.com/bid/46967
http://www.securityfocus.com/bid/46968
http://www.securityfocus.com/bid/46969
http://www.securityfocus.com/bid/46970
http://www.securityfocus.com/bid/46975
http://www.securityfocus.com/bid/46977
http://www.securityfocus.com/bid/46992
http://www.securityfocus.com/bid/47020
http://www.securityfocus.com/bid/47024
http://www.securityfocus.com/bid/47029
http://www.securityfocus.com/bid/47604
http://www.securityfocus.com/bid/47820
http://www.securityfocus.com/bid/48007
http://www.securityfocus.com/bid/48250
http://www.securityfocus.com/bid/48422
http://www.securityfocus.com/bid/48429
http://www.securityfocus.com/bid/48440
http://www.securityfocus.com/bid/48479
http://www.securityfocus.com/bid/48566
http://www.securityfocus.com/bid/48618
http://www.securityfocus.com/bid/48619
http://www.securityfocus.com/bid/48660
http://www.securityfocus.com/bid/48660
http://www.securityfocus.com/bid/48823
http://www.securityfocus.com/bid/48832
http://www.securityfocus.com/bid/48833
http://www.securityfocus.com/bid/48840
http://www.securityfocus.com/bid/48842
http://www.securityfocus.com/bid/48843
http://www.securityfocus.com/bid/48844
http://www.securityfocus.com/bid/48845
http://www.securityfocus.com/bid/48846
http://www.securityfocus.com/bid/48847
http://www.securityfocus.com/bid/48848
http://www.securityfocus.com/bid/48850
http://www.securityfocus.com/bid/48852
http://www.securityfocus.com/bid/48853
http://www.securityfocus.com/bid/48854
http://www.securityfocus.com/bid/48855
http://www.securityfocus.com/bid/48856
http://www.securityfocus.com/bid/48857
http://www.securityfocus.com/bid/48858
http://www.securityfocus.com/bid/48859
http://www.securityfocus.com/bid/48960
http://www.securityfocus.com/bid/48993
http://www.securityfocus.com/bid/49038
http://www.securityfocus.com/bid/49279
http://www.securityfocus.com/bid/49303
http://www.securityfocus.com/bid/49658
http://www.securityfocus.com/bid/49778
http://www.securityfocus.com/bid/49850
http://www.securityfocus.com/bid/49850
http://www.securityfocus.com/bid/50066
http://www.securityfocus.com/bid/50067
http://www.securityfocus.com/bid/50068
http://www.securityfocus.com/bid/50087
http://www.securityfocus.com/bid/50088
http://www.securityfocus.com/bid/50091
http://www.securityfocus.com/bid/50092
http://www.securityfocus.com/bid/50095
http://www.securityfocus.com/bid/50098
http://www.securityfocus.com/bid/50099
http://www.securityfocus.com/bid/50100
http://www.securityfocus.com/bid/50101
http://www.securityfocus.com/bid/50109
http://www.securityfocus.com/bid/50111
http://www.securityfocus.com/bid/50112
http://www.securityfocus.com/bid/50113
http://www.securityfocus.com/bid/50114
http://www.securityfocus.com/bid/50115
http://www.securityfocus.com/bid/50115
http://www.securityfocus.com/bid/50116
http://www.securityfocus.com/bid/50117
http://www.securityfocus.com/bid/50120
http://www.securityfocus.com/bid/50121
http://www.securityfocus.com/bid/50122
http://www.securityfocus.com/bid/50123
http://www.securityfocus.com/bid/50124
http://www.securityfocus.com/bid/50127
http://www.securityfocus.com/bid/50129
http://www.securityfocus.com/bid/50130
http://www.securityfocus.com/bid/50131
http://www.securityfocus.com/bid/50143
http://www.securityfocus.com/bid/50144
http://www.securityfocus.com/bid/50146
http://www.securityfocus.com/bid/50147
http://www.securityfocus.com/bid/50149
http://www.securityfocus.com/bid/50150
http://www.securityfocus.com/bid/50151
http://www.securityfocus.com/bid/50152
http://www.securityfocus.com/bid/50153
http://www.securityfocus.com/bid/50154
http://www.securityfocus.com/bid/50155
http://www.securityfocus.com/bid/50156
http://www.securityfocus.com/bid/50157
http://www.securityfocus.com/bid/50158
http://www.securityfocus.com/bid/50159
http://www.securityfocus.com/bid/50161
http://www.securityfocus.com/bid/50162
http://www.securityfocus.com/bid/50163
http://www.securityfocus.com/bid/50169
http://www.securityfocus.com/bid/50180


(2) HIGH: Oracle Java Multiple Security Vulnerabilities

Affected:
JDK and JRE 7 Java SE
JDK and JRE 6 Update 27 and earlier Java SE
JDK and JRE 5.0 Update 31 and earlier Java SE
SDK and JRE 1.4.2_33 and earlier Java SE
JavaFX 2.0 JavaFX
JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0) JRockit

Description: Oracle has released patches for multiple security
vulnerabilities affecting its Java virtual machine. Many of these
vulnerabilities can allow attackers to execute arbitrary code by
enticing a target to view a malicious site. Normally applets that are
automatically loaded and run by browsers are sandboxed, but a number of
these vulnerabilities allow applets to break out of that sandbox and
execute code with the full privileges of the underlying browser. Java
vulnerabilities are particularly attractive targets for malware writers
because Java is widely deployed and multiplatform.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.oracle.com
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/49778
http://www.securityfocus.com/bid/50211
http://www.securityfocus.com/bid/50215
http://www.securityfocus.com/bid/50216
http://www.securityfocus.com/bid/50218
http://www.securityfocus.com/bid/50220
http://www.securityfocus.com/bid/50223
http://www.securityfocus.com/bid/50224
http://www.securityfocus.com/bid/50226
http://www.securityfocus.com/bid/50229
http://www.securityfocus.com/bid/50231
http://www.securityfocus.com/bid/50234
http://www.securityfocus.com/bid/50236
http://www.securityfocus.com/bid/50237
http://www.securityfocus.com/bid/50239
http://www.securityfocus.com/bid/50242
http://www.securityfocus.com/bid/50243
http://www.securityfocus.com/bid/50246
http://www.securityfocus.com/bid/50248
http://www.securityfocus.com/bid/50250


(3) HIGH: Adobe Products Multiple Security Vulnerabilities

Affected:
Adobe Reader X (10.1) and earlier versions for Windows and Macintosh
Adobe Reader 9.4.2 and earlier versions for UNIX
Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh

Description: Adobe has released patches for multiple security
vulnerabilities affecting its Reader and Acrobat products. By enticing
a target to view a malicious document, an attacker can exploit these
vulnerabilities in order to execute arbitrary code on a target’s
machine. The first two vulnerabilities are buffer overflows in the image
parsing library. The last is a buffer overflow in the code responsible
for handling compound glyphs when rendering a font.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb11-24.html
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-11-283/
http://www.zerodayinitiative.com/advisories/ZDI-11-284/
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/49572
http://www.securityfocus.com/bid/49575
http://www.securityfocus.com/bid/49576
http://www.securityfocus.com/bid/49577
http://www.securityfocus.com/bid/49578
http://www.securityfocus.com/bid/49579
http://www.securityfocus.com/bid/49580
http://www.securityfocus.com/bid/49581
http://www.securityfocus.com/bid/49582
http://www.securityfocus.com/bid/49583
http://www.securityfocus.com/bid/49584
http://www.securityfocus.com/bid/49585
http://www.securityfocus.com/bid/49586


(4) MEDIUM: Novell Multiple Products Security Vulnerabilities

Affected:
Novell Groupwise versions 8.0x up to and including 8.02HP2
Novell ZENworks 10 Configuration Management with Support Pack 2 - 10.2
Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3
Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP
Novell ZENworks AdminStudio

Description: Novell has released patches for security vulnerabilities
affecting multiple products. The company has patched three unspecified
ActiveX vulnerabilities in Novell ZENworks, its configuration management
software. It has also released patches for Groupwise, its collaborative
software that integrates email, calendaring, instant messaging, and so
on. The updates to Groupwise address two vulnerabilities reported to the
Zero Day Initiative. The first is triggered when a target opens an email
containing a malicious DOCX attachment. By enticing a target to open
such a message, an attacker can execute arbitrary code on the target’s
machine with the privileges of the mail client. The second, which
involves a problem in the component of gwwww1.dll responsible for
parsing calendar data, is triggered when an unauthenticated attacker
sends a malicious email. Code in exploits for the second vulnerability
will run with SYSTEM-level privileges.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.novell.com
Novell Security Updates
http://www.novell.com/support/viewContent.do?externalId=7009207
http://www.novell.com/support/viewContent.do?externalId=7009212
http://www.novell.com/support/viewContent.do?externalId=7009570
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-11-285/
http://www.zerodayinitiative.com/advisories/ZDI-11-286/
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/46025


Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys

(www.qualys.com)

This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 12501 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.


11.43.1 CVE: CVE-2011-1508

Platform: Other Microsoft Products
Title: Microsoft Publisher Memory Corruption Remote Code Execution
Description: Microsoft Publisher is a desktop publishing application.
The application is exposed to a remote code execution issue.
Specifically, memory may become corrupted when the “pubconv.dll”
parses a specially crafted “.pub”
file. Microsoft Publisher 2007 is vulnerable.
Ref: http://www.coresecurity.com/content/publisher-pubconv-memory-corruption


11.43.2 CVE: Not Available

Platform: Third Party Windows Apps
Title: atvise webMI2ADS Web Server Multiple Remote Vulnerabilities
Description: atvise webMI2ADS is a web server for Microsoft Windows.
The application is exposed to multiple remote issues. Two
directory traversal issues let attackers view directories outside of
the web root directory. A NULL pointer dereference issue occurs when
handling an HTTP request that contains a specially crafted
Authorization Basic field. atvise webMI2ADS 1.0 and prior versions are
affected.
Ref: http://www.securityfocus.com/bid/50048/references


11.43.3 CVE: Not Available

Platform: Third Party Windows Apps
Title: Honeywell EBI TEMA Remote Installer ActiveX Control Arbitrary
File Download
Description: Honeywell EBI is a building system integration
application. The application is exposed to an issue that exists in the
TEMA installer and can allow malicious files to be downloaded and
saved to arbitrary locations on an affected computer. The issue
affects an unspecified ActiveX control when downloading a malicious
file named “TinClient_TemaKit.msi”. When the file is downloaded onto
the victim’s computer, TEMA will silently install the “.msi” file.
Honeywell EBI R310.1 - TEMA 4.8, EBI R310.1 - TEMA 4.9, EBI R310.1 -
TEMA 4.10, EBI R400.2 SP1 - TEMA 5.2, EBI R410.1 - TEMA 5.3.0 and EBI
R410.2 - TEMA 5.3.1 are affected.
Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-285-01.pdf


11.43.4 CVE:

CVE-2011-0419,CVE-2011-3192,CVE-2011-0185,CVE-2011-3437, CVE-2011-0229,CVE-2011-0230,CVE-2011-1910,CVE-2011-2464, CVE-2009-4022,
CVE-2010-0097,CVE-2010-3613, CVE-2010-3614,CVE-2011-1910,CVE-2011-2464,CVE-2011-0231, CVE-2011-3246,CVE-2011-0259,CVE-2011-0187,
CVE-2011-0224,CVE-2011-0260,CVE-2011-3212,CVE-2011-3213, CVE-2011-3214,CVE-2011-1755,CVE-2011-3215,CVE-2011-3216, CVE-2011-3227,
CVE-2011-0707,CVE-2011-3217, CVE-2011-3435,CVE-2011-3436,CVE-2011-3226,CVE-2011-0226, CVE-2011-2690,CVE-2011-2691,CVE-2011-2692,
CVE-2010-3436,CVE-2010-4645,CVE-2011-0420,CVE-2011-0421, CVE-2011-0708,CVE-2011-1092,CVE-2011-1153,CVE-2011-1466, CVE-2011-1467,
CVE-2011-1468,CVE-2011-1469, CVE-2011-1470,CVE-2011-1471,CVE-2011-0411,CVE-2010-1634, CVE-2010-2089,CVE-2011-1521,CVE-2011-3228,
CVE-2011-0249,CVE-2011-0250,CVE-2011-0251,CVE-2011-0252, CVE-2011-3218,CVE-2011-3219,CVE-2011-3220,CVE-2011-3221, CVE-2011-3222,
CVE-2011-3223,CVE-2011-3225, CVE-2010-1157,CVE-2010-2227,CVE-2010-3718,CVE-2010-4172, CVE-2011-0013,CVE-2011-0534,CVE-2011-3224
Platform: Mac Os
Title: Apple Mac OS X and Mac OS X Lion Multiple Security
Vulnerabilities
Description: Apple Mac OS X and Mac OS X Lion are exposed to multiple
remote code execution issues that affect Application Firewall, ATS,
CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems,
IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File
Server, User Documentation and libsecurity. Mac OS X lion prior to
10.7.2, Mac OS X up to 10.6.8 are affected.
Ref:
http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html


11.43.5 CVE:

CVE-2011-3508,CVE-2011-3543,CVE-2011-3515,CVE-2011-3534,CVE-2011-3535,CVE-2011-3537,CVE-2011-3542,CVE-2011-2313,CVE-2011-2304,
CVE-2011-2292,CVE-2011-2286,CVE-2011-3536,CVE-2011-2311,CVE-2011-2312,CVE-2011-3539
Platform: Solaris
Title: Oracle Solaris Multiple Vulnerabilities
Description: Oracle Solaris is an operating system. The application is
exposed to multiple local and remote issues. See reference for further
details. Oracle Solaris versions 8, 9, 10 and 11 Express are affected.
Ref: http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html


11.43.6 CVE: CVE-2011-3868

Platform: Cross Platform
Title: VMware Hosted Products UDF File Systems Buffer Overflow
Description: Multiple VMware products are exposed to a buffer overflow
issue. This issue occurs because the application fails to perform
adequate boundary checks when processing UDF file systems. VMware
Workstation 7.1.4 and earlier, VMware Player 3.1.4 and earlier and VMware
Fusion 3.1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/49942/references


11.43.7 CVE: Not Available

Platform: Cross Platform
Title: Snort Report Multiple Remote Command Execution Vulnerabilities
Description: Snort Report is an add-on module for the Snort Intrusion
Detection System. Snort Report is exposed to multiple remote
command execution issues because it fails to properly validate
user-supplied input submitted to the “nmap.php” and “nbtscan.php”
scripts. All version of Snort Report are affected.
Ref: http://www.securityfocus.com/bid/50031/discuss


11.43.8 CVE: CVE-2011-1364

Platform: Cross Platform
Title: Google App Engine SDK Cross-Site Request Forgery And Command
Execution Weaknesses
Description: Google App Engine is an application to build and host web
applications. The application is exposed to multiple issues. A
cross-site request forgery issue affects the admin console.
Specifically, the “_ah/admin/interactive/execute” script allows
attackers to perform certain actions, such as executing local python
scripts on user’s behalf. Multiple command execution weaknesses
affect the FakeFile, original OS and google.appengine.api. blobstore.os
objects because the application fails to properly restrict access.
Google App Engine versions prior to 1.5 are vulnerable.
Ref: http://blog.watchfire.com/files/googleappenginesdk.pdf


11.43.9 CVE: CVE-2011-3294

Platform: Cross Platform
Title: Cisco TelePresence Video Communication Server “User-Agent”
HTTP Header HTML Injection
Description: Cisco Unified Video Communication Server is exposed to an
HTML injection issue because it fails to properly sanitize user-supplied
input to the “User-Agent” HTTP Header. Versions prior to Cisco
TelePresence Video Communication Server X7.0 are affected.
Ref: http://www.cisco.com/en/US/products/products_security_response09186a0080b98d0b.html


11.43.10 CVE: CVE-2011-3229,CVE-2011-3230,CVE-2011-3231,CVE-2011-3242

Platform: Cross Platform
Title: Apple Safari Multiple Security Vulnerabilities
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to multiple security issues
that have been addressed in Apple security advisory APPLE-SA-2011-10-12-4.
See reference for further details. versions prior to Safari 5.1.1
running on Apple Mac OS X, Windows 7, XP and Vista are affected.
Ref:
http://lists.apple.com/archives/Security-announce/2011/Oct/msg00004.html


11.43.11 CVE:

CVE-2011-3162,CVE-2011-3161,CVE-2011-3160,CVE-2011-3159,CVE-2011-3158,CVE-2011-3157,CVE-2011-3156
Platform: Cross Platform
Title: HP Data Protector Unspecified Remote Code Execution
Vulnerabilities
Description: HP Data Protector is a backup and recovery solution. The
application is exposed to unspecified code execution issues. HP Data
Protector Notebook Extension version 6.20, and HP Data Protector for
Personal Computers version 7.0 running on Windows platforms are affected.
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03054543


11.43.12 CVE: Not Available

Platform: Cross Platform
Title: ClamAV Recursion Level Handling Denial of Service
Description: ClamAV is a multiplatform toolkit used to scan email
messages for viruses. The application is exposed to a denial of service
issue that occurs in the “cli_bcapi_extractnew()” function of the
“bytecode.c” source file and the “cli_bytecode_runhook()” function of
the “bytecode_api.c” files. Versions prior to ClamAV 0.97.3 are
vulnerable.
Ref: http://www.securityfocus.com/bid/50183/discuss


11.43.13 CVE: CVE-2011-4028

Platform: Cross Platform
Title: X.Org X11 File Enumeration Information Disclosure
Description: The X.Org X Windows server is an open source X Window
System for UNIX, Linux and variants. The application is exposed to an
information disclosure issue because of the way it handles lock files.
Specifically, the application returns different results when handling
a lock file as a symbolic link that points to a file that does or does
not exist. All X.Org Xserver versions are vulnerable when running
with root privileges.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/6033


11.43.14 CVE:

CVE-2011-2303,CVE-2011-3519,CVE-2011-2308,CVE-2011-3513, CVE-2011-2302
Platform: Cross Platform
Title: Oracle E-Business Suite Multiple Remote Vulnerabilities
Description: Oracle E-Business Suite is exposed to multiple remote
issues which affect Oracle Application Object Library and Oracle
Applications Framework. See reference for further details. Oracle
E-Business Suite Release 12, versions 12.0.6, 12.1.2, 12.1.3 and
Oracle E-Business Suite Release 11i, version 11.5.10.2 are affected.
Ref:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html


11.43.15 CVE:

CVE-2011-3525,CVE-2011-3512,CVE-2011-2301,CVE-2011-3511,CVE-2011-2322
Platform: Cross Platform
Title: Oracle Database Server Remote Database Multiple Vulnerabilities
Description: Oracle Database Server is exposed to multiple local and
remote issues. See reference for further details. Oracle Database
Server version 3.2, 4.0, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7 and 11.2.0.2 are vulnerable.
Ref:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html


11.43.16 CVE:

CVE-2011-3548,CVE-2011-3521,CVE-2011-3554,CVE-2011-3544, CVE-2011-3545,CVE-2011-3549,CVE-2011-3551,
CVE-2011-3550,CVE-2011-3516,CVE-2011-3556,CVE-2011-3557, CVE-2011-3560,CVE-2011-3555,CVE-2011-3546,
CVE-2011-3558,CVE-2011-3547,CVE-2011-3389,CVE-2011-3553, CVE-2011-3552,CVE-2011-3561
Platform: Cross Platform
Title: Oracle Java SE Remote Java Runtime Environment Vulnerabilities
Description: Oracle Java SE is exposed to multiple remote issues in the
Java Runtime Environment. See reference for further details. JDK and JRE 7,
6 Update 27, 5.0 Update 31 and before, 1.4.2_33 and before,
JRockit R28.1.4 and JavaFX 2.0 are affected.
Ref:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html


11.43.17 CVE:

CVE-2011-3527,CVE-2011-3533,CVE-2011-3528,CVE-2011-2315,CVE-2011-3529,CVE-2011-3530,CVE-2011-3520
Platform: Cross Platform
Title: Oracle PeopleSoft Multiple Vulnerabilities
Description: Oracle PeopleSoft products provide solutions for Human Resource
Management, Financial Management, Supply Chain, manufacturing and
enterprise performance management. The applications are exposed to multiple
issues. See reference for further details. PeopleSoft Enterprise
PeopleTools version 8.49, 8.50 and 8.51, PeopleSoft Enterprise HRMS
version 8.9, 9.0 and 9.1 are affected.
Ref:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html


11.43.18 CVE: Not Available

Platform: Web Application - Cross Site Scripting
Title: Contao CMS Cross-Site Scripting
Description: Contao is a PHP-based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the “index.php” script.
Contao 2.10.1 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50061/references


11.43.19 CVE: Not Available

Platform: Web Application - Cross Site Scripting
Title: BugFree Multiple Cross-Site Scripting Vulnerabilities
Description: BugFree is a web-based application implemented in PHP.
The application is exposed to multiple cross-site scripting issues
because it fails to sufficiently sanitize user-supplied input. The
following scripts and parameters are affected: “Bug.php” :
“ActionType”, “Report.php” : “ReportMode”, “ReportLeft.php” :
“ReportMode”, “AdminProjectList.php”, “AdminGroupList.php”,
“AdminUserLogList.php”. BugFree 2.1.3 is vulnerable and other versions
may also be affected.
Ref:
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_bugfree.html


11.43.20 CVE: CVE-2011-4064

Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Setup Interface Cross-Site Scripting
Description: phpMyAdmin is a web-based administration interface for
MySQL databases and is implemented in PHP. The application is exposed to
a cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input. This issue affects the setup interface, when the
configuration directory exists and is writeable. Versions prior to
phpMyAdmin 3.4.6 are vulnerable.
Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php


11.43.21 CVE: Not Available

Platform: Web Application - SQL Injection
Title: Roundcube webmail “_user” Parameter SQL Injection
Description: Roundcube Webmail is a web-based IMAP client implemented
in PHP. Roundcube Webmail is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data submitted to the
“_user” parameter of the “index.php” script before using it in an SQL
query. Roundcube Webmail 0.3.1 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/50035/discuss


11.43.22 CVE: Not Available

Platform: Web Application
Title: Filmis SQL Injection and Cross-Site Scripting Vulnerabilities
Description: Filmis is a Web-based application implemented in PHP. The
application is exposed to multiple issues because it fails to
sufficiently sanitize user-supplied input. An SQL injection issue
affects the “nb” parameter of the “cat.php” script. Multiple
cross-site scripting issues exist in the “nb” parameter of the “index.php”
and “cat.php” scripts. Filmis 2.0 is vulnerable and other versions may
also be affected.
Ref: http://www.securityfocus.com/bid/50081/discuss


11.43.23 CVE: Not Available

Platform: Web Application
Title: Geeklog BBCode Tags HTML Injection Vulnerabilities
Description: Geeklog is a web-based application implemented in PHP.
The application is exposed to HTML injection issues because it fails
to properly sanitize user-supplied input before using it in
dynamically generated content. Specifically, “code” and “raw” BBCode
tags aren’t properly sanitized. Geeklog versions prior to 1.8.1 are
affected.
Ref: http://www.securityfocus.com/bid/50060/discuss


11.43.24 CVE: CVE-2011-3615

Platform: Web Application
Title: Simple Machines Forum Cross-Site Scripting and Spoofing
Vulnerabilities
Description: Simple Machines Forum is an open-source web forum. The
application is exposed to an unspecified cross-site scripting issue and
an unspecified issue that may aid in phishing attacks. Simple Machines
Forum 1.x prior to 1.1.15 and 2.x prior to 2.0.1 are vulnerable.
Ref: http://www.securityfocus.com/bid/50103/discuss


11.43.25 CVE: Not Available

Platform: Web Application
Title: Supermicro IPMI Web Interface Multiple Security Bypass
Vulnerabilities
Description: Supermicro is an “end-to-end green computing solutions”
application. The application is exposed to multiple issues. A
security bypass issue affects the IPMI web interface. A
security bypass issue occurs because the IPMI web interface contains
an “Anonymous” account and password. Supermicro X8SI6-F and X9SCL-F
are affected.
Ref: http://www.securityfocus.com/bid/50097/discuss


11.43.26 CVE: Not Available

Platform: Network Device
Title: Avaya Identity Engines Ignition Server Remote Code Execution
Description: Avaya Identity Engines Ignition Server is a network
monitoring and management application. The application is exposed to a
remote code execution issue. The problem occurs in the AdminAccountManager
process, which listens for GIOP requests on 23456 and 23457 (SSL).
Specifically, this issue occurs because the process responds differently
to remote requests for administrative functions. Avaya Identity Engines
Ignition Server 6.0.0 is affected.
Ref: http://www.securityfocus.com/bid/50271/references


Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Company
Free Trial & Tools
Popular Topics