Vulnerability Summary for the Week of June 21, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
activewebsoftwares -- ewebquiz | SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706. | 2010-06-21 | 7.5 | CVE-2010-2359 XF VUPEN BID |
adobe -- indesign_cs3 | Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file. | 2010-06-18 | 9.3 | CVE-2010-2321 XF MISC VUPEN BID OSVDB EXPLOIT-DB SECUNIA |
anecms -- anecms_blog | SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | 2010-06-24 | 7.5 | CVE-2010-2436 XF BID BUGTRAQ MISC |
apache -- axis2 | Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. | 2010-06-22 | 7.5 | CVE-2010-1632 CONFIRM CONFIRM VUPEN VUPEN CONFIRM SECUNIA SECUNIA MISC |
apple -- itunes | Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. | 2010-06-18 | 10.0 | CVE-2010-1387 XF VUPEN BID CONFIRM CONFIRM SECTRACK SECUNIA APPLE APPLE |
apple -- itunes | Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. | 2010-06-18 | 10.0 | CVE-2010-1763 XF VUPEN CONFIRM SECTRACK SECUNIA APPLE |
apple -- itunes | WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. | 2010-06-18 | 10.0 | CVE-2010-1769 XF VUPEN BID CONFIRM CONFIRM SECTRACK SECUNIA APPLE APPLE |
dennisre -- audio_converter | Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file. | 2010-06-21 | 9.3 | CVE-2010-2343 XF VUPEN BID EXPLOIT-DB EXPLOIT-DB MISC SECUNIA OSVDB |
dmxready -- online_notebook_manager | SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | 2010-06-21 | 7.5 | CVE-2010-2342 BID EXPLOIT-DB |
eicrasoft -- eicra_realestate_script | SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information. | 2010-06-21 | 7.5 | CVE-2010-2357 XF BID EXPLOIT-DB SECUNIA OSVDB |
ezpx -- ezpx_photoblog | PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter. | 2010-06-18 | 7.5 | CVE-2010-2341 XF VUPEN BID EXPLOIT-DB MISC |
freesoftwaretoolbox -- batch_audio_converter | Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file. | 2010-06-21 | 9.3 | CVE-2010-2348 XF BID EXPLOIT-DB SECUNIA |
ibm -- websphere_application_server | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. | 2010-06-18 | 7.5 | CVE-2010-2324 VUPEN AIXAPAR SECUNIA |
laubrotel -- g.cms_generator | SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php. | 2010-06-24 | 7.5 | CVE-2010-2438 XF EXPLOIT-DB |
moreforge -- moreamp | Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file). | 2010-06-24 | 9.3 | CVE-2010-2439 XF EXPLOIT-DB EXPLOIT-DB |
mozilla -- firefox | Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. | 2010-06-24 | 9.3 | CVE-2010-0183 CONFIRM BID CONFIRM |
mozilla -- firefox | Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. | 2010-06-24 | 9.3 | CVE-2010-1196 CONFIRM BID CONFIRM |
mozilla -- firefox | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. | 2010-06-24 | 9.3 | CVE-2010-1198 CONFIRM BID CONFIRM |
mozilla -- firefox | Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. | 2010-06-24 | 9.3 | CVE-2010-1199 CONFIRM BID CONFIRM |
mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-06-24 | 9.3 | CVE-2010-1200 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM BID CONFIRM |
mozilla -- firefox | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-06-24 | 9.3 | CVE-2010-1201 CONFIRM BID CONFIRM |
mozilla -- firefox | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-06-24 | 9.3 | CVE-2010-1202 CONFIRM CONFIRM CONFIRM CONFIRM BID CONFIRM |
mozilla -- firefox | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-06-24 | 9.3 | CVE-2010-1203 CONFIRM CONFIRM BID CONFIRM |
novell -- access_manager | Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. | 2010-06-18 | 10.0 | CVE-2010-0284 XF VUPEN SECTRACK BID CONFIRM SECUNIA |
novell -- netware | Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. | 2010-06-21 | 10.0 | CVE-2010-2351 CONFIRM XF VUPEN MISC BID EXPLOIT-DB SECUNIA |
opera -- opera_browser | Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues. | 2010-06-22 | 10.0 | CVE-2010-2421 VUPEN BID CONFIRM CONFIRM SECUNIA |
php -- php | Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. | 2010-06-24 | 7.5 | CVE-2010-2225 MISC XF BID MISC MISC MISC |
pilotgroup -- elms_pro | SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter. | 2010-06-21 | 7.5 | CVE-2010-2354 XF BID EXPLOIT-DB SECUNIA OSVDB |
rafael_garcia-suarez -- safe | The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." | 2010-06-21 | 7.5 | CVE-2010-1168 CONFIRM REDHAT REDHAT MLIST MANDRIVA MANDRIVA SECTRACK SECUNIA SECUNIA CONFIRM CONFIRM |
rosoftengineering -- rosoft_audio_converter | Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file. | 2010-06-18 | 9.3 | CVE-2010-2329 XF BID EXPLOIT-DB SECUNIA MISC OSVDB |
subdreamer -- subdreamer | SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action. | 2010-06-18 | 7.5 | CVE-2010-2339 XF VUPEN BID BUGTRAQ MISC MISC |
upredsun -- isharer_file_sharing_wizard | Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header. | 2010-06-18 | 9.3 | CVE-2010-2330 XF VUPEN BID MISC EXPLOIT-DB SECUNIA OSVDB |
upredsun -- isharer_file_sharing_wizard | Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request. | 2010-06-18 | 9.3 | CVE-2010-2331 BID EXPLOIT-DB SECUNIA |
upredsun -- subtitle_translation_wizard | Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information. | 2010-06-24 | 9.3 | CVE-2010-2440 BID EXPLOIT-DB SECUNIA OSVDB |
vunet -- vu_web_visitor_analyst | Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information. | 2010-06-18 | 7.5 | CVE-2010-2338 XF VUPEN EXPLOIT-DB SECUNIA MISC OSVDB |
yamamah -- yamamah | SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter. | 2010-06-18 | 7.5 | CVE-2010-2335 MISC EXPLOIT-DB |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
anecms -- anecms_blog | Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php. | 2010-06-24 | 4.3 | CVE-2010-2437 XF BID BUGTRAQ MISC |
apache -- http_server | mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. | 2010-06-18 | 4.3 | CVE-2010-2068 VUPEN CONFIRM CONFIRM CONFIRM XF BID BUGTRAQ SECTRACK SECUNIA MLIST |
apple -- cups | The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. | 2010-06-21 | 6.8 | CVE-2010-0542 CONFIRM CONFIRM CONFIRM BID SECTRACK CONFIRM |
apple -- iphone_os | WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | 2010-06-22 | 4.3 | CVE-2010-1407 XF BID CONFIRM APPLE |
apple -- iphone_os | Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. | 2010-06-22 | 5.0 | CVE-2010-1751 XF BID CONFIRM APPLE |
apple -- iphone_os | Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. | 2010-06-22 | 6.8 | CVE-2010-1752 XF BID CONFIRM APPLE |
apple -- iphone_os | ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. | 2010-06-22 | 6.8 | CVE-2010-1753 XF BID CONFIRM APPLE |
apple -- iphone_os | Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. | 2010-06-22 | 6.9 | CVE-2010-1754 XF BID CONFIRM APPLE |
apple -- iphone_os | Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. | 2010-06-22 | 4.3 | CVE-2010-1755 XF BID CONFIRM APPLE |
apple -- iphone_os | The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. | 2010-06-22 | 5.8 | CVE-2010-1756 BID CONFIRM APPLE |
apple -- iphone_os | WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. | 2010-06-22 | 6.4 | CVE-2010-1757 BID BID CONFIRM APPLE |
apple -- cups | The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. | 2010-06-22 | 6.9 | CVE-2010-2431 CONFIRM CONFIRM |
apple -- cups | The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. | 2010-06-22 | 5.0 | CVE-2010-2432 CONFIRM CONFIRM |
apple -- webkit | WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. | 2010-06-24 | 4.3 | CVE-2010-2441 MISC |
arabportal -- arab_portal | SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action. | 2010-06-18 | 6.8 | CVE-2010-2340 BID SECUNIA MISC OSVDB |
daniel_mealha_cabrita -- ziproxy | Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file. | 2010-06-21 | 6.8 | CVE-2010-2350 VUPEN CONFIRM XF SECUNIA |
fenrir-inc -- activegeckobrowser | Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine. | 2010-06-22 | 6.8 | CVE-2010-2420 XF CONFIRM JVNDB JVN |
horde -- horde | The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. | 2010-06-22 | 5.0 | CVE-2010-1638 MLIST MLIST |
ibm -- websphere_application_server | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. | 2010-06-18 | 5.0 | CVE-2010-2323 VUPEN AIXAPAR AIXAPAR SECUNIA |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | 2010-06-18 | 4.3 | CVE-2010-2325 VUPEN AIXAPAR SECUNIA |
ibm -- websphere_application_server | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file. | 2010-06-18 | 4.3 | CVE-2010-2326 VUPEN BID OSVDB AIXAPAR AIXAPAR SECUNIA |
ibm -- websphere_application_server | mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. | 2010-06-18 | 4.3 | CVE-2010-2327 VUPEN OSVDB AIXAPAR AIXAPAR SECUNIA |
ibm -- websphere_application_server | The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression. | 2010-06-18 | 5.0 | CVE-2010-2328 AIXAPAR AIXAPAR |
ibm -- websphere_ilog_jrules | Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/. | 2010-06-24 | 4.3 | CVE-2010-2433 XF BID AIXAPAR SECUNIA |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-06-24 | 4.3 | CVE-2010-0778 XF |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-06-24 | 4.3 | CVE-2010-0779 XF |
impactfinancials -- impact_pdf_reader | Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request. | 2010-06-18 | 5.0 | CVE-2010-2332 XF BID EXPLOIT-DB |
jeffkilroy -- nakid_cms | PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information. | 2010-06-21 | 5.1 | CVE-2010-2358 XF VUPEN BID EXPLOIT-DB SECUNIA |
karen_stevenson -- cck | The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. | 2010-06-21 | 5.0 | CVE-2010-2352 CONFIRM XF VUPEN SECUNIA SECUNIA OSVDB FEDORA FEDORA FEDORA |
litespeedtech -- litespeed_web_server | LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. | 2010-06-18 | 5.0 | CVE-2010-2333 CONFIRM MISC EXPLOIT-DB SECUNIA FULLDISC OSVDB |
malcom_box -- lxr_cross_referencer | Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625. | 2010-06-24 | 4.3 | CVE-2010-1448 CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
malcom_box -- lxr_cross_referencer | Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448. | 2010-06-24 | 4.3 | CVE-2010-1625 MLIST MLIST MLIST CONFIRM MLIST MLIST |
matthias_klose -- fastjar | Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | 2010-06-18 | 5.8 | CVE-2010-0831 CONFIRM CONFIRM CONFIRM OSVDB CONFIRM MLIST MLIST MLIST |
microsoft -- ie | Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." | 2010-06-24 | 4.3 | CVE-2010-2442 MISC |
mozilla -- firefox | Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. | 2010-06-24 | 4.3 | CVE-2010-1197 CONFIRM BID CONFIRM |
muscle -- pcsc-lite | Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407. | 2010-06-18 | 6.8 | CVE-2009-4902 CONFIRM VUPEN VUPEN BID DEBIAN CONFIRM SECUNIA SECUNIA FEDORA FEDORA |
muscle -- pcsc-lite | Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled. | 2010-06-18 | 6.8 | CVE-2010-0407 CONFIRM BID DEBIAN VUPEN VUPEN CONFIRM SECUNIA SECUNIA FEDORA FEDORA |
odcms -- odcms | Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php. | 2010-06-21 | 4.3 | CVE-2010-2344 XF BID OSVDB OSVDB OSVDB OSVDB OSVDB SECUNIA MISC |
odcms -- odcms | Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests. | 2010-06-21 | 6.8 | CVE-2010-2345 XF OSVDB SECUNIA MISC |
pilotgroup -- elms_pro | Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-06-21 | 4.3 | CVE-2010-2355 XF BID OSVDB SECUNIA |
pilotgroup -- elms_pro | Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter. | 2010-06-21 | 4.3 | CVE-2010-2356 XF BID EXPLOIT-DB |
plone -- plone | Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform. | 2010-06-24 | 4.3 | CVE-2010-2422 CONFIRM BID SECUNIA |
remotesensing -- libtiff | Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. | 2010-06-24 | 6.8 | CVE-2010-2065 CONFIRM CONFIRM UBUNTU MISC SECUNIA |
remotesensing -- libtiff | Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. | 2010-06-24 | 6.8 | CVE-2010-2067 CONFIRM UBUNTU CONFIRM SECUNIA OSVDB CONFIRM |
remotesensing -- libtiff | Unspecified vulnerability in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) via an OJPEG image with undefined strip offsets. | 2010-06-24 | 5.0 | CVE-2010-2443 CONFIRM |
salvo_tomaselli -- weborf_http_server | Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers. | 2010-06-24 | 5.0 | CVE-2010-2435 BID BUGTRAQ SECUNIA CONFIRM |
sap -- j2ee_engine_core | The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. | 2010-06-21 | 4.9 | CVE-2010-2347 MISC XF SECTRACK BID BUGTRAQ MISC SECUNIA FULLDISC |
southrivertech -- titan_ftp_server | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. | 2010-06-24 | 6.5 | CVE-2010-2425 BID BUGTRAQ OSVDB SECUNIA |
southrivertech -- titan_ftp_server | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | 2010-06-24 | 4.0 | CVE-2010-2426 XF BID BUGTRAQ SECUNIA OSVDB |
splunk -- splunk | Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. | 2010-06-24 | 4.3 | CVE-2010-2429 CONFIRM XF OSVDB SECUNIA |
springsource -- spring_framework | SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. | 2010-06-21 | 5.1 | CVE-2010-1622 CONFIRM BID BUGTRAQ EXPLOIT-DB |
squirrelmail -- squirrelmail | The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | 2010-06-22 | 4.0 | CVE-2010-1637 MLIST MISC CONFIRM BID MLIST MLIST MISC |
timhillone -- h264webcam | H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | 2010-06-21 | 5.0 | CVE-2010-2349 EXPLOIT-DB SECUNIA |
wftpserver -- wing_ftp_server | Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. | 2010-06-24 | 4.3 | CVE-2010-2428 XF BID OSVDB FULLDISC FULLDISC MISC BUGTRAQ |
yamamah -- yamamah | Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. | 2010-06-18 | 5.0 | CVE-2010-2334 CONFIRM EXPLOIT-DB SECUNIA OSVDB |
yamamah -- yamamah | index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter. | 2010-06-18 | 5.0 | CVE-2010-2336 MISC EXPLOIT-DB |
yves_chedemois -- cck | The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes. | 2010-06-21 | 5.0 | CVE-2010-2353 CONFIRM XF VUPEN SECUNIA SECUNIA OSVDB FEDORA FEDORA FEDORA |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- iphone_os | Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | 2010-06-22 | 1.9 | CVE-2010-1775 XF BID CONFIRM APPLE |
matthias_klose -- fastjar | Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | 2010-06-18 | 2.6 | CVE-2010-2322 CONFIRM CONFIRM CONFIRM OSVDB CONFIRM MLIST |
muscle -- pcsc-lite | The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. | 2010-06-18 | 2.1 | CVE-2009-4901 CONFIRM BID DEBIAN VUPEN VUPEN CONFIRM SECUNIA SECUNIA FEDORA FEDORA |
quicksketch -- filefield | Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). | 2010-06-21 | 2.1 | CVE-2010-1958 BID CONFIRM XF MISC SECUNIA OSVDB |
redhat -- enterprise_virtualization_hypervisor | Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | 2010-06-24 | 2.1 | CVE-2010-2223 REDHAT REDHAT CONFIRM BID SECTRACK |
redhat -- enterprise_virtualization_manager | The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | 2010-06-24 | 2.1 | CVE-2010-2224 REDHAT CONFIRM BID |
vincent_fourmond -- pmount | The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. | 2010-06-18 | 1.9 | CVE-2010-2192 DEBIAN VUPEN BID CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.