Vulnerability Summary for the Week of June 28, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2daybiz -- video_community_portal_script | SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. | 2010-06-25 | 7.5 | CVE-2010-2459 XF BID EXPLOIT-DB MISC |
2daybiz -- video_community_portal_script | SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 2010-06-28 | 7.5 | CVE-2010-2508 BID EXPLOIT-DB SECUNIA |
2daybiz -- web_template_software | SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter. | 2010-06-28 | 7.5 | CVE-2010-2510 EXPLOIT-DB SECUNIA |
2daybiz -- multi_level_marketing_software | SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. | 2010-06-28 | 7.5 | CVE-2010-2511 BID EXPLOIT-DB SECUNIA |
2daybiz -- matrimonial_script | SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-06-28 | 7.5 | CVE-2010-2512 BID OSVDB EXPLOIT-DB SECUNIA |
2daybiz -- multi_level_marketing_software | Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-06-29 | 7.5 | CVE-2010-2516 SECUNIA |
2daybiz -- job_search_engine_script | SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 2010-07-02 | 7.5 | CVE-2010-2609 XF VUPEN BID OSVDB EXPLOIT-DB SECUNIA MISC |
2daybiz -- job_site_script | Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php. | 2010-07-02 | 7.5 | CVE-2010-2610 XF BID EXPLOIT-DB SECUNIA OSVDB OSVDB OSVDB |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-2168 and CVE-2010-2201. | 2010-06-30 | 9.3 | CVE-2010-1285 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. | 2010-06-30 | 9.3 | CVE-2010-1295 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-1285 and CVE-2010-2201. | 2010-06-30 | 9.3 | CVE-2010-2168 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-1285 and CVE-2010-2168. | 2010-06-30 | 9.3 | CVE-2010-2201 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. | 2010-06-30 | 9.3 | CVE-2010-2202 CONFIRM |
adobe -- acrobat | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | 2010-06-30 | 9.3 | CVE-2010-2204 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. | 2010-06-30 | 9.3 | CVE-2010-2205 CONFIRM |
adobe -- acrobat | Array index error in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors. | 2010-06-30 | 9.3 | CVE-2010-2206 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. | 2010-06-30 | 9.3 | CVE-2010-2207 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. | 2010-06-30 | 9.3 | CVE-2010-2208 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. | 2010-06-30 | 9.3 | CVE-2010-2209 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. | 2010-06-30 | 9.3 | CVE-2010-2210 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212. | 2010-06-30 | 9.3 | CVE-2010-2211 CONFIRM |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211. | 2010-06-30 | 9.3 | CVE-2010-2212 CONFIRM |
cisco -- asa_5580 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958. | 2010-06-29 | 7.8 | CVE-2009-4911 CONFIRM |
cisco -- asa_5580 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. | 2010-06-29 | 10.0 | CVE-2009-4912 CONFIRM |
cisco -- asa_5580 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879. | 2010-06-29 | 7.8 | CVE-2009-4914 CONFIRM |
cisco -- asa_5580 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection stress test," aka Bug ID CSCsq68451. | 2010-06-29 | 7.8 | CVE-2009-4915 CONFIRM |
cisco -- asa_5580 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901. | 2010-06-29 | 7.8 | CVE-2009-4917 CONFIRM |
cisco -- asa_5580 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. | 2010-06-29 | 7.8 | CVE-2009-4918 CONFIRM |
cisco -- asa_5580 | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. | 2010-06-29 | 10.0 | CVE-2009-4919 CONFIRM |
cisco -- asa_5580 | Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412. | 2010-06-29 | 7.8 | CVE-2009-4920 CONFIRM |
cisco -- asa_5580 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110. | 2010-06-29 | 7.8 | CVE-2009-4921 CONFIRM |
cisco -- asa_5580 | Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162. | 2010-06-29 | 7.8 | CVE-2009-4923 CONFIRM |
codelib -- linker_img | Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate. | 2010-06-25 | 7.5 | CVE-2010-2456 XF VUPEN EXPLOIT-DB VIM MISC |
grafik-power -- grafik_cms | SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action. | 2010-07-02 | 7.5 | CVE-2010-2614 VUPEN BUGTRAQ MISC |
harmistechnology -- com_jeajaxeventcalendar | SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | 2010-06-28 | 7.5 | CVE-2010-2513 BID EXPLOIT-DB MISC |
i-netsolution -- job_search_engine_script | SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 2010-07-02 | 7.5 | CVE-2010-2611 XF VUPEN EXPLOIT-DB MISC |
ibm -- rational_clearquest | Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. | 2010-06-30 | 7.5 | CVE-2010-2517 VUPEN BID AIXAPAR SECUNIA |
ibm -- p8_content_engine | Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information. | 2010-06-30 | 7.5 | CVE-2010-2518 XF VUPEN BID OSVDB CONFIRM SECUNIA |
jce-tech -- shareasale_script | SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter. | 2010-06-25 | 7.5 | CVE-2010-2460 XF BID EXPLOIT-DB |
jce-tech -- overstock_script | SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter. | 2010-06-25 | 7.5 | CVE-2010-2461 XF BID EXPLOIT-DB MISC |
kvirc -- kvirc | Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. | 2010-06-29 | 10.0 | CVE-2010-2451 BID DEBIAN VUPEN SECUNIA SECUNIA MLIST |
kvirc -- kvirc | Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors. | 2010-06-29 | 9.3 | CVE-2010-2452 BID DEBIAN VUPEN SECUNIA SECUNIA MLIST |
libpng -- libpng | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | 2010-06-30 | 7.5 | CVE-2010-1205 CONFIRM BID XF VUPEN CONFIRM SECUNIA CONFIRM |
libtiff -- libtiff | tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." | 2010-07-02 | 7.5 | CVE-2010-2233 CONFIRM CONFIRM MISC SECTRACK CONFIRM |
linearcorp -- emerge_50 | The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. | 2010-06-25 | 10.0 | CVE-2010-2468 MISC MISC MISC MISC |
novell -- imanager | Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. | 2010-06-28 | 9.0 | CVE-2010-1929 XF VUPEN BID BUGTRAQ OSVDB EXPLOIT-DB MISC SECTRACK SECUNIA |
ordasoft -- com_booklibrary | Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. | 2010-07-02 | 7.5 | CVE-2010-1522 MISC MISC MISC SECUNIA |
paul_mcenery -- php_bible_search | SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter. | 2010-07-02 | 7.5 | CVE-2010-2616 XF BID MISC |
ponsoftware -- explzh | Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion. | 2010-06-25 | 9.3 | CVE-2010-2434 XF BID CONFIRM SECUNIA OSVDB JVNDB JVN |
splunk -- splunk | Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067. | 2010-06-28 | 7.5 | CVE-2010-2502 CONFIRM |
taskfreak -- taskfreak! | SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php. | 2010-06-30 | 7.5 | CVE-2010-1521 CONFIRM BID BUGTRAQ MISC SECUNIA |
tomacero -- orohyip | SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action. | 2010-06-25 | 7.5 | CVE-2010-2462 XF BID EXPLOIT-DB MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2daybiz -- video_community_portal_script | Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. | 2010-06-25 | 4.3 | CVE-2010-2458 XF BID EXPLOIT-DB SECUNIA MISC OSVDB |
2daybiz -- web_template_software | Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php. | 2010-06-28 | 4.3 | CVE-2010-2509 EXPLOIT-DB SECUNIA |
accscripts -- acc_statistics | Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses. | 2010-06-25 | 6.8 | CVE-2009-4905 VUPEN EXPLOIT-DB SECUNIA |
accscripts -- acc_php_email | Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | 2010-06-25 | 6.8 | CVE-2009-4906 VUPEN EXPLOIT-DB SECUNIA MISC |
adobe -- acrobat | Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2010-06-30 | 6.8 | CVE-2010-2203 CONFIRM |
apple -- safari | Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | 2010-06-25 | 4.3 | CVE-2010-2454 MISC MISC |
cisco -- asa_5580 | CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | 2010-06-29 | 4.3 | CVE-2008-7257 BID BUGTRAQ MISC CONFIRM SECTRACK |
cisco -- asa_5580 | Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. | 2010-06-29 | 4.3 | CVE-2009-4910 CONFIRM |
cisco -- asa_5580 | The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. | 2010-06-29 | 5.0 | CVE-2009-4913 CONFIRM |
cisco -- asa_5580 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095. | 2010-06-29 | 4.0 | CVE-2009-4916 CONFIRM |
cisco -- asa_5580 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583. | 2010-06-29 | 6.8 | CVE-2009-4922 CONFIRM |
dacian_strain -- com_jfaq | Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. | 2010-06-28 | 4.3 | CVE-2010-2514 BID SECUNIA MISC OSVDB |
dacian_strain -- com_jfaq | Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. | 2010-06-28 | 6.8 | CVE-2010-2515 BID SECUNIA MISC OSVDB |
dan_pascu -- python-cjson | Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function. | 2010-07-02 | 6.8 | CVE-2010-1666 CONFIRM SECUNIA |
dootzky -- oblog | Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-06-25 | 4.3 | CVE-2009-4903 XF OSVDB SECUNIA |
dootzky -- oblog | article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action. | 2010-06-25 | 5.0 | CVE-2009-4904 MISC |
dootzky -- oblog | Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog. | 2010-06-25 | 6.8 | CVE-2009-4907 XF SECUNIA MISC OSVDB |
dootzky -- oblog | Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php. | 2010-06-25 | 4.3 | CVE-2009-4908 XF SECUNIA MISC OSVDB |
dootzky -- oblog | admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests. | 2010-06-25 | 6.8 | CVE-2009-4909 MISC |
grafik-power -- grafik_cms | Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action. | 2010-07-02 | 4.3 | CVE-2010-2615 VUPEN BUGTRAQ MISC MISC |
harmistechnology -- com_awd_song | Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. | 2010-07-02 | 4.3 | CVE-2010-2613 XF BID EXPLOIT-DB MISC |
insanevisions -- adapcms | PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | 2010-07-02 | 6.8 | CVE-2010-2618 XF BID EXPLOIT-DB MISC |
intersect_alliance -- snare_agent | Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. | 2010-07-02 | 6.8 | CVE-2010-2594 CERT-VN BID SECUNIA MISC |
jamroom -- jamroom | Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action. | 2010-06-25 | 4.3 | CVE-2010-2463 BID CONFIRM MISC SECUNIA |
libpng -- libpng | Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | 2010-06-30 | 5.0 | CVE-2010-2249 CONFIRM BID CONFIRM XF VUPEN SECUNIA CONFIRM |
libtiff -- libtiff | The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." | 2010-07-02 | 4.3 | CVE-2010-2595 CONFIRM CONFIRM |
libtiff -- libtiff | The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." | 2010-07-02 | 4.3 | CVE-2010-2596 CONFIRM CONFIRM |
libtiff -- libtiff | The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | 2010-07-02 | 4.3 | CVE-2010-2597 CONFIRM CONFIRM CONFIRM CONFIRM |
linearcorp -- emerge_50 | The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. | 2010-06-25 | 5.0 | CVE-2010-2465 CERT-VN MISC MISC BID CONFIRM MISC MISC |
linearcorp -- emerge_50 | The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. | 2010-06-25 | 5.0 | CVE-2010-2466 CERT-VN MISC MISC MISC MISC |
linearcorp -- emerge_50 | The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests. | 2010-06-25 | 5.0 | CVE-2010-2467 MISC MISC MISC MISC |
linearcorp -- emerge_50 | The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device. | 2010-06-25 | 5.0 | CVE-2010-2469 MISC MISC MISC MISC |
makotemplates -- makotemplates | Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. | 2010-07-02 | 4.3 | CVE-2010-2480 CONFIRM SECUNIA MISC |
maradns -- maradns | parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file. | 2010-06-25 | 4.3 | CVE-2010-2444 MLIST CONFIRM MLIST |
masselink -- com_picasa2gallery | Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-06-28 | 6.8 | CVE-2010-2507 XF BID EXPLOIT-DB SECUNIA MISC OSVDB |
microsoft -- server | Use-after-free vulnerability in Microsoft Windows Vista and Server 2008 allows local users to cause a denial of service (crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, which causes a process object to be deleted while it is still in use. | 2010-07-02 | 4.9 | CVE-2010-2549 BID EXPLOIT-DB FULLDISC |
moodle -- moodle | Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. | 2010-06-28 | 4.3 | CVE-2010-2228 CONFIRM VUPEN VUPEN MLIST CONFIRM SECUNIA SECUNIA CONFIRM FEDORA FEDORA FEDORA CONFIRM CONFIRM |
moodle -- moodle | Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2010-06-28 | 4.3 | CVE-2010-2229 VUPEN CONFIRM CONFIRM CONFIRM VUPEN MLIST CONFIRM SECUNIA SECUNIA CONFIRM FEDORA FEDORA FEDORA CONFIRM CONFIRM |
moodle -- moodle | The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input. | 2010-06-28 | 4.0 | CVE-2010-2230 CONFIRM CONFIRM CONFIRM VUPEN VUPEN MLIST CONFIRM SECUNIA SECUNIA CONFIRM FEDORA FEDORA FEDORA CONFIRM CONFIRM |
moodle -- moodle | Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | 2010-06-28 | 6.8 | CVE-2010-2231 VUPEN CONFIRM CONFIRM VUPEN MLIST CONFIRM SECUNIA SECUNIA CONFIRM FEDORA FEDORA FEDORA CONFIRM CONFIRM |
mozilla -- firefox | The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox before 3.6.6 does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. | 2010-06-25 | 4.3 | CVE-2010-1206 CONFIRM CONFIRM SECUNIA MISC |
mozilla -- bugzilla | Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." | 2010-06-28 | 5.0 | CVE-2010-1204 CONFIRM VUPEN BID CONFIRM SECUNIA |
novell -- imanager | Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. | 2010-06-28 | 5.0 | CVE-2010-1930 XF VUPEN BID BUGTRAQ OSVDB EXPLOIT-DB MISC SECTRACK SECUNIA |
opera -- opera_browser | Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | 2010-06-25 | 4.3 | CVE-2010-2455 MISC |
paul_mcenery -- php_bible_search | Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. | 2010-07-02 | 4.3 | CVE-2010-2617 XF BID MISC |
qsoft-inc -- k-search | Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter. | 2010-06-25 | 4.3 | CVE-2010-2457 BID EXPLOIT-DB SECUNIA |
redhat -- enterprise_linux | LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." | 2010-07-02 | 4.3 | CVE-2010-2598 CONFIRM |
rsjoomla -- com_rscomments | Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. | 2010-06-25 | 4.3 | CVE-2010-2464 XF BID MISC EXPLOIT-DB SECUNIA MISC |
saschart -- sascam_webcam_server | Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request. | 2010-06-28 | 5.0 | CVE-2010-2505 OSVDB EXPLOIT-DB SECUNIA |
splunk -- splunk | Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085. | 2010-06-28 | 4.3 | CVE-2010-2503 CONFIRM |
splunk -- splunk | Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066. | 2010-06-28 | 6.0 | CVE-2010-2504 CONFIRM |
taskfreak -- taskfreak! | Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. | 2010-06-30 | 4.3 | CVE-2010-1520 CONFIRM BID BUGTRAQ MISC SECUNIA |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco -- linksys_wap54g | Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. | 2010-06-28 | 2.9 | CVE-2010-2506 XF BUGTRAQ |
hp -- openvms | Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors. | 2010-07-02 | 2.1 | CVE-2010-2612 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM BID SECUNIA |
mozilla -- bugzilla | Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. | 2010-06-28 | 1.9 | CVE-2010-0180 CONFIRM VUPEN BID CONFIRM SECUNIA |
mozilla -- bugzilla | Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. | 2010-06-28 | 1.9 | CVE-2010-2470 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.