Vulnerability Summary for the Week of April 26, 2010
Released
May 03, 2010
Document ID
SB10-123
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bluestrikeweb -- phpraincheck | SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-04-26 | 7.5 | CVE-2010-1538 XF BID MISC MISC |
| francois_bissonnette -- phpcdb | Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php, (2) newfolder.php, (3) showfolders.php, (4) newlang.php, (5) showinnerfolder.php, (6) writecode.php, and (7) showcode.php. | 2010-04-26 | 7.5 | CVE-2010-1537 XF BID MISC MISC |
| freestyle -- faqs_lite | SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php. | 2010-04-26 | 7.5 | CVE-2010-1529 XF BID MISC SECUNIA MISC |
| kolab -- kolab_server | Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form." | 2010-04-27 | 7.5 | CVE-2009-4824 SECUNIA OSVDB CONFIRM |
| martin_hess -- com_sermonspeaker | SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information. | 2010-04-27 | 7.5 | CVE-2010-1559 SECUNIA CONFIRM CONFIRM |
| openx -- openx | Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. | 2010-04-27 | 10.0 | CVE-2009-4830 MISC CONFIRM BID SECUNIA OSVDB |
| uiga -- proxy | PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | 2010-04-26 | 7.5 | CVE-2010-1528 XF BID OSVDB MISC SECUNIA |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 8pixel.net -- simple_blog | 8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb. | 2010-04-27 | 5.0 | CVE-2009-4825 XF MISC SECUNIA OSVDB |
| acme -- micro_httpd | micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80. | 2010-04-26 | 5.0 | CVE-2010-1544 BID SECUNIA MISC |
| andy_stedemos -- the_uploader | Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | 2010-04-27 | 5.0 | CVE-2009-4816 XF MISC SECUNIA OSVDB |
| apple -- mac_os_x | The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions. | 2010-04-27 | 4.9 | CVE-2010-0105 BID SREASONRES |
| aspindir -- angelo-emlak | Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | 2010-04-27 | 5.0 | CVE-2009-4820 XF MISC SECUNIA OSVDB |
| cpanel -- cpanel | Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. | 2010-04-27 | 4.3 | CVE-2009-4823 VUPEN BID MISC SECUNIA OSVDB |
| dlink -- dir-615 | The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. | 2010-04-27 | 5.0 | CVE-2009-4821 BID MISC SECUNIA |
| dragonfrugal -- dfd_cart | Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php. | 2010-04-26 | 4.3 | CVE-2010-1541 BID SECUNIA OSVDB OSVDB MISC |
| dragonfrugal -- dfd_cart | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings. | 2010-04-26 | 6.8 | CVE-2010-1542 SECUNIA OSVDB MISC |
| element-it -- ultimate_uploader | Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/. | 2010-04-27 | 6.8 | CVE-2009-4817 XF MISC SECUNIA OSVDB |
| etracker -- etracker | Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site. | 2010-04-26 | 4.3 | CVE-2010-1543 CONFIRM XF BID SECUNIA CONFIRM |
| givesight -- com_powermail | Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-26 | 5.0 | CVE-2010-1532 BID MISC SECUNIA MISC |
| ibm -- websphere_mq | Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data." | 2010-04-27 | 4.0 | CVE-2010-0772 XF |
| ibm -- db2 | Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. | 2010-04-27 | 4.0 | CVE-2010-1560 CONFIRM VUPEN AIXAPAR SECUNIA |
| joomla.batjo -- com_shoutbox | Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-26 | 5.0 | CVE-2010-1534 XF BID MISC SECUNIA OSVDB |
| kasseler-cms -- kasseler_cms | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters. | 2010-04-27 | 4.3 | CVE-2009-4822 XF BID MISC |
| mybboard -- mybb | Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action. | 2010-04-27 | 4.3 | CVE-2009-4813 BID MISC SECUNIA OSVDB |
| myblog -- myblog | Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information. | 2010-04-26 | 5.0 | CVE-2010-1540 BID MISC SECUNIA |
| peter_hocherl -- tweetla | Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-26 | 5.0 | CVE-2010-1533 MISC SECUNIA |
| peter_hocherl -- travelbook | Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-04-26 | 5.0 | CVE-2010-1535 MISC SECUNIA |
| php_web_scripts -- ad_manager_pro | Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information. | 2010-04-27 | 6.8 | CVE-2009-4828 VUPEN MISC SECUNIA |
| phpsimplicity -- simplicity_of_upload | Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. | 2010-04-27 | 6.8 | CVE-2009-4818 XF BID MISC |
| redcomponent -- redshop | Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | 2010-04-26 | 5.0 | CVE-2010-1531 XF BID OSVDB MISC SECUNIA MISC MISC |
| scriptez -- mini_hosting_panel | Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action. | 2010-04-27 | 6.8 | CVE-2009-4826 VUPEN MISC SECUNIA |
| scriptez -- mail_manager_pro | Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action. | 2010-04-27 | 6.8 | CVE-2009-4827 VUPEN MISC SECUNIA |
| serv-u -- serv-u | Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2010-04-27 | 4.0 | CVE-2009-4815 XF VUPEN CONFIRM BID SECUNIA |
| stoverud -- phphotoalbum | Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/. | 2010-04-27 | 6.8 | CVE-2009-4819 XF BID MISC |
| vmware -- ace | VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a x25x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. | 2010-04-27 | 5.0 | CVE-2009-4811 MISC MLIST BID MISC MISC FULLDISC BUGTRAQ |
| wolfram -- webmathematica | Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message. | 2010-04-27 | 5.0 | CVE-2009-4812 FULLDISC |
| wolfram -- webmathematica | Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script. | 2010-04-27 | 4.3 | CVE-2009-4814 XF BID SECUNIA OSVDB FULLDISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| james_glasgow -- autologout | Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. | 2010-04-27 | 2.1 | CVE-2009-4829 BID CONFIRM CONFIRM CONFIRM VUPEN SECUNIA OSVDB |
| john_vandyk -- workflow | Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. | 2010-04-26 | 2.1 | CVE-2010-1539 BID CONFIRM CONFIRM CONFIRM XF SECUNIA |
| mearra -- addthis | Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. | 2010-04-26 | 2.1 | CVE-2010-1536 BID CONFIRM CONFIRM CONFIRM SECUNIA |
| reyero -- i18n | Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input. | 2010-04-26 | 2.1 | CVE-2010-1530 BID CONFIRM CONFIRM SECUNIA OSVDB |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.