Vulnerability Summary for the Week of May 31, 2010
Released
Jun 07, 2010
Document ID
SB10-158
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bartels-schoene -- conpresso | SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-06-01 | 7.5 | CVE-2010-2124 XF BID MISC MISC |
| danny_ho -- oes | Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. | 2010-06-02 | 7.5 | CVE-2010-2132 XF BID MISC |
| emc -- avamar | Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP. | 2010-05-28 | 7.1 | CVE-2010-1919 VUPEN BID MISC SECTRACK SECUNIA BUGTRAQ |
| giaard -- proman | PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 2010-06-02 | 7.5 | CVE-2010-2137 XF MISC MISC |
| gnu -- glibc | The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. | 2010-06-01 | 7.2 | CVE-2010-0296 CONFIRM VUPEN UBUNTU CONFIRM SECTRACK SECUNIA CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors. | 2010-05-28 | 10.0 | CVE-2010-2105 CONFIRM CONFIRM |
| google -- chrome | Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers. | 2010-05-28 | 10.0 | CVE-2010-2106 CONFIRM CONFIRM |
| google -- chrome | Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality. | 2010-05-28 | 10.0 | CVE-2010-2107 CONFIRM CONFIRM |
| google -- chrome | Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. | 2010-05-28 | 10.0 | CVE-2010-2108 CONFIRM CONFIRM |
| google -- chrome | Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality. | 2010-05-28 | 9.3 | CVE-2010-2109 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. | 2010-05-28 | 10.0 | CVE-2010-2110 CONFIRM CONFIRM |
| graviton-mediatech -- visitor_logger | PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. | 2010-06-03 | 7.5 | CVE-2010-2146 VUPEN BID MISC |
| harmistechnology -- com_jequoteform | Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. | 2010-06-01 | 7.5 | CVE-2010-2128 XF BID OSVDB MISC SECUNIA |
| hazelpress -- hazelpress | Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields. | 2010-06-02 | 7.5 | CVE-2010-2135 XF MISC MISC |
| http-solution -- project_man | Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | 2010-06-02 | 7.5 | CVE-2010-2134 XF MISC |
| intervations -- filecopa | Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-05-28 | 8.8 | CVE-2010-2112 SECUNIA OSVDB |
| justsystems -- ichitaro | Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document. | 2010-06-03 | 9.3 | CVE-2010-2152 CONFIRM XF VUPEN BID MISC SECUNIA OSVDB JVNDB JVN |
| jv2design -- jv2_folder_gallery | PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | 2010-06-01 | 7.5 | CVE-2010-2127 XF BID MISC MISC |
| mario_matzulla -- cal | SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. | 2010-06-02 | 7.5 | CVE-2010-2131 CONFIRM CONFIRM BID SECUNIA OSVDB |
| multishopcms -- multishop_cms | SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-06-02 | 7.5 | CVE-2010-2139 SECUNIA |
| multishopcms -- multishop_cms | SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-06-02 | 7.5 | CVE-2010-2140 SECUNIA |
| murat_ersoy -- cyberhost | SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-06-02 | 7.5 | CVE-2010-2142 XF BID MISC |
| mylittleforum -- my_little_forum | SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942. | 2010-06-02 | 7.5 | CVE-2010-2133 XF BID MISC MISC |
| nitropowered -- nitro_web_gallery | SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. | 2010-06-02 | 7.5 | CVE-2010-2141 XF BID MISC MISC |
| nrl -- opie | Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. | 2010-05-28 | 9.3 | CVE-2010-1938 BID MISC SECTRACK SREASON SREASONRES FREEBSD SECUNIA SECUNIA MISC |
| openssl -- openssl | The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. | 2010-06-03 | 7.5 | CVE-2010-0742 VUPEN CONFIRM BID CONFIRM SECUNIA SECUNIA CONFIRM CONFIRM CONFIRM |
| richrumble -- clearsite | Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error. | 2010-06-03 | 7.5 | CVE-2010-2145 BID BUGTRAQ |
| snipegallery -- snipe_gallery | Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php. | 2010-06-01 | 7.5 | CVE-2010-2126 XF BID MISC MISC |
| symphony-cms -- symphony_cms | Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter. | 2010-06-03 | 7.5 | CVE-2010-2143 VUPEN BID MISC MISC |
| unisoft -- com_mycar | SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. | 2010-06-03 | 7.5 | CVE-2010-2148 XF MISC VUPEN BID MISC SECUNIA OSVDB |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arisglobal -- arisg | Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. | 2010-06-02 | 4.3 | CVE-2010-2130 BID BUGTRAQ BUGTRAQ SECUNIA MISC OSVDB |
| articlefriendly -- article_friendly | Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | 2010-06-02 | 6.8 | CVE-2010-2136 XF BID MISC SECUNIA OSVDB |
| cmscout -- cmscout | Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information. | 2010-06-03 | 4.3 | CVE-2010-2154 XF VUPEN MISC SECUNIA OSVDB |
| freebsd -- freebsd | sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request. | 2010-05-28 | 6.9 | CVE-2010-2020 SECTRACK FREEBSD |
| fujitsu -- e-pares | Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. | 2010-06-03 | 4.0 | CVE-2010-2149 BID CONFIRM SECUNIA JVNDB JVN |
| fujitsu -- e-pares | Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-06-03 | 4.3 | CVE-2010-2150 BID CONFIRM SECUNIA JVNDB JVN |
| giaard -- proman | Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php. | 2010-06-02 | 6.8 | CVE-2010-2138 XF MISC MISC |
| gnu -- glibc | Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. | 2010-06-01 | 5.0 | CVE-2009-4880 BID MISC VUPEN UBUNTU CONFIRM CONFIRM SREASONRES SECUNIA |
| gnu -- glibc | Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. | 2010-06-01 | 5.0 | CVE-2009-4881 CONFIRM CONFIRM |
| gnu -- glibc | Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. | 2010-06-01 | 5.1 | CVE-2010-0830 BID XF VUPEN UBUNTU CONFIRM SECTRACK SECUNIA CONFIRM MISC |
| google -- chrome | Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. | 2010-06-01 | 4.3 | CVE-2010-2120 BUGTRAQ MISC |
| harmistechnology -- com_jeajaxeventcalendar | Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-06-01 | 6.8 | CVE-2010-2129 XF MISC BID OSVDB MISC SECUNIA MISC |
| joelrowley -- com_simpledownload | Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | 2010-06-01 | 6.8 | CVE-2010-2122 CONFIRM XF BID BUGTRAQ OSVDB MISC SECUNIA MISC |
| linux -- kernel | The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. | 2010-06-01 | 4.6 | CVE-2010-1641 CONFIRM MLIST CONFIRM XF BID MLIST MLIST MLIST CONFIRM |
| mcafee -- secure_mail | The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. | 2010-05-28 | 6.5 | CVE-2010-2116 VUPEN SECTRACK MISC SECUNIA OSVDB |
| microsoft -- ie | Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. | 2010-06-01 | 4.3 | CVE-2010-2118 BUGTRAQ MISC |
| microsoft -- ie | Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. | 2010-06-01 | 4.3 | CVE-2010-2119 BUGTRAQ MISC |
| mozilla -- firefox | Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | 2010-06-01 | 4.3 | CVE-2010-2117 BUGTRAQ MISC |
| openssl -- openssl | RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. | 2010-06-03 | 6.4 | CVE-2010-1633 VUPEN CONFIRM BID CONFIRM SECUNIA CONFIRM CONFIRM |
| opera -- opera_browser | Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | 2010-06-01 | 4.3 | CVE-2010-2121 BUGTRAQ MISC |
| pacifictimesheet -- pacific_timesheet | Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action. | 2010-05-28 | 4.3 | CVE-2010-2111 XF SECUNIA OSVDB MISC |
| solarwinds -- tftp_server | SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request. | 2010-05-28 | 5.0 | CVE-2010-2115 SECTRACK MISC SECUNIA OSVDB |
| tecnick -- tcexam | Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | 2010-06-03 | 6.8 | CVE-2010-2153 VUPEN BID MISC SECUNIA OSVDB MISC |
| unisoft -- com_mycar | Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. | 2010-06-03 | 4.3 | CVE-2010-2147 XF MISC VUPEN BID MISC SECUNIA OSVDB |
| zeeways -- ebay_clone_auction_script | Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. | 2010-06-03 | 4.3 | CVE-2010-2144 VUPEN BID MISC SECUNIA MISC OSVDB |
| zonecheck -- zonecheck | Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi. | 2010-06-02 | 4.3 | CVE-2009-4882 CONFIRM CONFIRM MISC SECUNIA CONFIRM MISC |
| zonecheck -- zonecheck | Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882. | 2010-06-03 | 4.3 | CVE-2010-2155 CONFIRM CONFIRM CONFIRM MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| brekeke -- pbx | Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. | 2010-05-28 | 2.6 | CVE-2010-2114 SECUNIA OSVDB MISC |
| freebsd -- freebsd | jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations. | 2010-05-28 | 3.3 | CVE-2010-2022 VUPEN BID SECTRACK FREEBSD |
| fujitsu -- e-pares | Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. | 2010-06-03 | 2.6 | CVE-2010-2151 BID CONFIRM SECUNIA JVNDB JVN |
| linux -- kernel | mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643. | 2010-06-03 | 1.2 | CVE-2008-7256 CONFIRM MLIST CONFIRM CONFIRM |
| linux -- kernel | mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. | 2010-06-03 | 1.9 | CVE-2010-1643 CONFIRM XF BID MLIST MLIST CONFIRM MISC CONFIRM |
| speedtech -- storm | Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information. | 2010-06-01 | 2.1 | CVE-2010-2123 BID CONFIRM XF OSVDB SECUNIA FULLDISC |
| systemseed -- rotor | Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. | 2010-06-01 | 2.1 | CVE-2010-2125 CONFIRM XF OSVDB SECUNIA |
| uniformserver -- uniformserver | Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php. | 2010-05-28 | 3.5 | CVE-2010-2113 XF SECUNIA OSVDB MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.