Vulnerability Summary for the Week of April 19, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- acrobat | Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. | 2010-04-22 | 9.3 | CVE-2010-1278 CONFIRM MISC BUGTRAQ |
blizzard -- warcraft_3_the_frozen_throne | Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information. | 2010-04-20 | 9.3 | CVE-2009-4768 XF BID SECUNIA CONFIRM |
cisco -- pvc2300 | The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726. | 2010-04-22 | 9.0 | CVE-2010-0593 CISCO |
cognos_8_business_intelligence -- 8.4.1 | Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors. | 2010-04-21 | 10.0 | CVE-2010-1490 XF VUPEN BID AIXAPAR SECUNIA |
community_cms -- community_cms | Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php. | 2010-04-22 | 7.5 | CVE-2009-4794 BID BUGTRAQ |
diskos -- diskos_cms | Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature. | 2010-04-22 | 7.5 | CVE-2009-4798 XF XF BID MILW0RM SECUNIA |
focusdev -- com_mv_restaurantmenumanager | SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php. | 2010-04-19 | 7.5 | CVE-2010-1468 MISC BID MISC SECUNIA MISC |
glfusion -- glfusion | Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php. | 2010-04-22 | 7.5 | CVE-2009-4796 XF BID BUGTRAQ MILW0RM CONFIRM SECUNIA OSVDB |
grayscale -- bandsite_cms | SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php. | 2010-04-22 | 7.5 | CVE-2009-4792 BID MILW0RM SECUNIA |
hitachi -- cosminexus/opentp1_web_web_front-endset | Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. | 2010-04-21 | 9.3 | CVE-2009-4776 VUPEN BID CONFIRM SECUNIA OSVDB |
hp -- operations_manager | Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. | 2010-04-21 | 9.3 | CVE-2010-1033 XF VUPEN BID MISC MISC SECTRACK SECUNIA MISC HP HP |
ibm -- lotus_notes | IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. | 2010-04-20 | 7.2 | CVE-2010-1487 BID SECUNIA |
jasper -- httpdx | Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. | 2010-04-20 | 9.3 | CVE-2009-4769 VUPEN MISC MISC OSVDB OSVDB |
jasper -- httpdx | The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | 2010-04-20 | 7.5 | CVE-2009-4770 MISC |
joaktree -- joaktree | SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. | 2010-04-21 | 7.5 | CVE-2009-4784 BID SECUNIA MISC |
jobhut.spranger -- jobhut | SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter. | 2010-04-22 | 7.5 | CVE-2009-4797 BID MILW0RM SECUNIA MISC |
linux -- kernel | The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. | 2010-04-20 | 7.2 | CVE-2010-1162 CONFIRM CONFIRM MLIST MLIST MLIST MLIST CONFIRM |
martin_hess -- com_sermonspeaker | SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php. | 2010-04-19 | 7.5 | CVE-2010-1477 BID MISC SECUNIA MISC CONFIRM CONFIRM |
mntechsolutions -- theeta_cms | Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php. | 2010-04-21 | 7.5 | CVE-2009-4783 BUGTRAQ SECUNIA MISC |
mojoblog -- mojoblog | Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. | 2010-04-21 | 7.5 | CVE-2009-4789 BID MISC |
quick_news -- quick_news | SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. | 2010-04-21 | 7.5 | CVE-2009-4785 BID MISC |
realnetworks -- helix_dna_server | Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data. | 2010-04-20 | 7.5 | CVE-2010-1317 VUPEN BID CONFIRM SECUNIA |
realnetworks -- helix_mobile_server | Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. | 2010-04-20 | 10.0 | CVE-2010-1318 VUPEN BID CONFIRM SECUNIA |
realnetworks -- helix_mobile_server | Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length. | 2010-04-20 | 10.0 | CVE-2010-1319 VUPEN BID CONFIRM SECUNIA |
rim -- blackberry_enterprise_server | Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. | 2010-04-21 | 9.3 | CVE-2009-4778 VUPEN CONFIRM SECTRACK BID SECUNIA |
robert_garrigos -- nukehall | Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/. | 2010-04-21 | 7.5 | CVE-2009-4779 XF MISC |
rockettheme -- com_rokmodule | SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. | 2010-04-19 | 7.5 | CVE-2010-1479 BID CONFIRM CONFIRM MISC SECUNIA MISC |
rockettheme -- com_rokmodule | SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-04-19 | 7.5 | CVE-2010-1480 MISC MISC SECUNIA |
ryan_haudenschilt -- family_connections | Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php. | 2010-04-22 | 7.5 | CVE-2009-4791 BID BUGTRAQ MILW0RM CONFIRM CONFIRM SECUNIA |
sun -- jdk | Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-20 | 10.0 | CVE-2010-0886 CONFIRM |
sun -- java | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-20 | 10.0 | CVE-2010-0887 CONFIRM |
sysax -- multi_server | Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-04-22 | 9.0 | CVE-2009-4790 SECUNIA |
tukeva -- password_reminder | TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection. | 2010-04-21 | 7.2 | CVE-2009-4781 CONFIRM MISC SECUNIA |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alphaplug -- com_alphauserpoints | Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. | 2010-04-19 | 6.8 | CVE-2010-1476 BID MISC CONFIRM SECUNIA MISC |
alvaro -- alvaros_messenger | aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate. | 2010-04-20 | 5.8 | CVE-2010-0744 MLIST MLIST CONFIRM SECUNIA BUGTRAQ MISC CONFIRM CONFIRM CONFIRM CONFIRM |
amsn -- amsn | login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. | 2010-04-20 | 4.6 | CVE-2008-7255 CONFIRM CONFIRM CONFIRM |
apache -- apache_http_server | Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials. | 2010-04-20 | 6.8 | CVE-2010-1151 CONFIRM VUPEN MANDRIVA |
atlassian -- jira | Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010. | 2010-04-20 | 4.3 | CVE-2010-1164 CONFIRM CONFIRM XF XF BID MLIST MLIST SECUNIA CONFIRM |
atlassian -- jira | Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. | 2010-04-20 | 6.5 | CVE-2010-1165 CONFIRM CONFIRM XF BID MLIST MLIST SECUNIA CONFIRM |
b_elektro -- com_addressbook | Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 5.0 | CVE-2010-1471 VUPEN MISC SECUNIA MISC |
cactushop -- cactushop | Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. | 2010-04-22 | 4.3 | CVE-2010-1486 BID MISC |
com_advertising -- com_advertising | Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 6.8 | CVE-2010-1473 MISC SECUNIA MISC |
diskos -- diskos_cms | Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | 2010-04-22 | 5.0 | CVE-2009-4799 XF MILW0RM SECUNIA |
e107 -- e107 | Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required. | 2010-04-20 | 6.0 | CVE-2010-0996 CONFIRM XF VUPEN BID BUGTRAQ MISC SECUNIA MISC |
e107 -- e107 | Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. | 2010-04-20 | 4.3 | CVE-2010-0997 CONFIRM XF VUPEN BID BUGTRAQ MISC SECUNIA MISC |
enlightenment -- imlib2 | Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h. | 2010-04-22 | 6.8 | CVE-2010-0991 VUPEN BUGTRAQ MISC SECUNIA |
hitachi -- jp1_integrated_management_service_support | Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file." | 2010-04-21 | 4.3 | CVE-2009-4777 XF VUPEN BID CONFIRM SECUNIA OSVDB |
hp -- hp-ux | Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors. | 2010-04-21 | 4.9 | CVE-2010-1032 VUPEN HP HP |
ipswitch -- ws_ftp | Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | 2010-04-21 | 4.3 | CVE-2009-4775 XF BID MISC MILW0RM CONFIRM |
karl_core -- bandsite_cms | Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information. | 2010-04-22 | 6.0 | CVE-2009-4793 MILW0RM SECUNIA |
kazulah -- com_horoscope | Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 5.0 | CVE-2010-1472 VUPEN MISC SECUNIA MISC |
mediawiki -- mediawiki | MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue. | 2010-04-20 | 6.0 | CVE-2010-1150 MLIST CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM |
microsoft -- ie | The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. | 2010-04-20 | 4.3 | CVE-2010-1489 MISC MISC CONFIRM |
mit -- kerberos | Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. | 2010-04-22 | 4.0 | CVE-2010-1320 BID BUGTRAQ CONFIRM SECTRACK CONFIRM |
mntechsolutions -- theeta_cms | Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum.php; and (6) start parameter to blog/index.php. | 2010-04-21 | 4.3 | CVE-2009-4782 BUGTRAQ SECUNIA MISC |
perl -- perl | Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. | 2010-04-20 | 5.0 | CVE-2010-1158 MISC MLIST MLIST CONFIRM MISC |
phpmyfaq -- phpmyfaq | Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-04-21 | 4.3 | CVE-2009-4780 BID SECUNIA |
pligg -- pligg_cms | Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. | 2010-04-21 | 4.3 | CVE-2009-4786 CONFIRM SECUNIA MISC |
pligg -- pligg_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | 2010-04-21 | 6.8 | CVE-2009-4787 CONFIRM SECUNIA MISC |
pligg -- pligg_cms | Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. | 2010-04-21 | 4.3 | CVE-2009-4788 CONFIRM SECUNIA MISC |
plohni -- shoutbox | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information. | 2010-04-20 | 4.3 | CVE-2009-4767 XF MISC SECUNIA OSVDB |
sun -- opensolaris | Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225. | 2010-04-21 | 4.0 | CVE-2009-4774 SUNALERT VUPEN BID SECUNIA |
supachai_teasakul -- com_sweetykeeper | Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 6.8 | CVE-2010-1474 XF BID MISC SECUNIA MISC |
sysax -- multi_server | Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command. | 2010-04-22 | 4.0 | CVE-2009-4800 XF BID MILW0RM SECUNIA OSVDB |
ternaria -- com_jprojectmanager | Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 6.8 | CVE-2010-1469 BID MISC SECUNIA MISC |
ternaria -- com_preventive | Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 6.8 | CVE-2010-1475 XF BID MISC SECUNIA MISC |
ternaria -- com_jfeedback | Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 6.8 | CVE-2010-1478 BID MISC SECUNIA MISC |
tweakfs -- tweakfs_zip_utility | Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive. | 2010-04-20 | 6.8 | CVE-2010-1458 XF BID OSVDB MISC MISC SECUNIA FULLDISC |
typo3 -- typo3 | PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. | 2010-04-20 | 6.8 | CVE-2010-1153 MLIST CONFIRM MLIST |
ubercart -- ubercart | The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. | 2010-04-20 | 5.0 | CVE-2009-4771 XF BID SECUNIA OSVDB CONFIRM |
ubercart -- ubercart | Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. | 2010-04-20 | 4.3 | CVE-2009-4772 BID CONFIRM XF SECUNIA OSVDB |
ubercart -- ubercart | Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-04-20 | 6.8 | CVE-2009-4773 BID CONFIRM XF SECUNIA OSVDB |
webtv -- com_webtv | Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-19 | 6.8 | CVE-2010-1470 VUPEN MISC SECUNIA MISC |
xlightftpd -- xlight_ftp_server | Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command. | 2010-04-22 | 6.8 | CVE-2009-4795 BID XF CONFIRM MISC SECUNIA |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
linux -- kernel | The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation. | 2010-04-20 | 2.1 | CVE-2010-1488 CONFIRM MLIST CONFIRM CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.