Vulnerability Summary for the Week of July 5, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2daybiz -- job_search_engine_script | SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 2010-07-02 | 7.5 | CVE-2010-2609 XF VUPEN BID OSVDB EXPLOIT-DB SECUNIA MISC |
2daybiz -- job_site_script | Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php. | 2010-07-02 | 7.5 | CVE-2010-2610 XF BID EXPLOIT-DB SECUNIA OSVDB OSVDB OSVDB |
alanzard -- tsoka:cms | SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action. | 2010-07-08 | 7.5 | CVE-2010-2674 XF EXPLOIT-DB SECUNIA MISC OSVDB |
alexander_v._lukyanov -- lftp | The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | 2010-07-06 | 7.5 | CVE-2010-2251 CONFIRM CONFIRM VUPEN MISC SECUNIA MLIST MLIST MLIST MLIST FEDORA CONFIRM |
brotherscripts -- recipe_website | SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-07-08 | 7.5 | CVE-2010-2670 XF VUPEN BID EXPLOIT-DB |
cisco -- content_services_switch_11500 | The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. | 2010-07-06 | 7.5 | CVE-2010-1575 MISC BID BUGTRAQ SECTRACK |
cisco -- ace_4710 | The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. | 2010-07-06 | 7.5 | CVE-2010-1576 MISC BID BUGTRAQ SECTRACK SECTRACK |
cisco -- ace_4710 | The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. | 2010-07-06 | 7.5 | CVE-2010-2629 MISC BID BUGTRAQ SECTRACK SECTRACK |
cisco -- ios | IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. | 2010-07-08 | 10.0 | CVE-2010-1574 XF BID CISCO SECTRACK SECUNIA |
devana -- devana | SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-07-08 | 7.5 | CVE-2010-2673 EXPLOIT-DB SECUNIA MISC OSVDB |
ez -- ez_publish | Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. | 2010-07-08 | 7.5 | CVE-2010-2672 CONFIRM CONFIRM CONFIRM MISC BID SECUNIA OSVDB OSVDB |
freeciv -- freeciv | freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions. | 2010-07-08 | 10.0 | CVE-2010-2445 CONFIRM OSVDB MLIST MLIST |
google -- chrome | Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. | 2010-07-06 | 9.3 | CVE-2010-2646 CONFIRM CONFIRM CONFIRM |
google -- chrome | Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. | 2010-07-06 | 9.3 | CVE-2010-2647 CONFIRM CONFIRM |
google -- chrome | The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-07-06 | 9.3 | CVE-2010-2648 CONFIRM CONFIRM |
google -- chrome | Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." | 2010-07-06 | 9.3 | CVE-2010-2650 CONFIRM CONFIRM |
google -- chrome | The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-07-06 | 9.3 | CVE-2010-2651 CONFIRM CONFIRM |
grafik-power -- grafik_cms | SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action. | 2010-07-02 | 7.5 | CVE-2010-2614 VUPEN BUGTRAQ MISC |
guillermo_vargas -- com_xmap | SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 2010-07-08 | 7.5 | CVE-2010-2678 BID BUGTRAQ |
hitachi -- jp1/_serverconductor_/_deployment_manager | Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors. | 2010-07-02 | 7.8 | CVE-2010-2625 VUPEN CONFIRM SECUNIA OSVDB |
i-netsolution -- job_search_engine_script | SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 2010-07-02 | 7.5 | CVE-2010-2611 XF VUPEN EXPLOIT-DB MISC |
internetdm -- bed_and_breakfast | SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter. | 2010-07-02 | 7.5 | CVE-2010-2623 XF VUPEN BID EXPLOIT-DB |
iscripts -- easysnaps | Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php. | 2010-07-02 | 7.5 | CVE-2010-2624 XF BID BUGTRAQ MISC EXPLOIT-DB SECUNIA |
joomanager -- joomanager | SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 2010-07-02 | 7.5 | CVE-2010-2622 XF BID EXPLOIT-DB |
joomla -- joomla! | SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | 2010-07-08 | 7.5 | CVE-2010-2679 BID BUGTRAQ MISC |
libtiff -- libtiff | tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." | 2010-07-02 | 7.5 | CVE-2010-2233 CONFIRM CONFIRM MISC SECTRACK SECUNIA MLIST CONFIRM |
mahara -- mahara | SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-07-06 | 7.5 | CVE-2010-1669 BID XF CONFIRM CONFIRM SECUNIA |
mahara -- mahara | Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. | 2010-07-06 | 7.5 | CVE-2010-1670 BID CONFIRM CONFIRM CONFIRM SECUNIA |
miyabi-seo -- cgi_tools_seo_links | index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information. | 2010-07-02 | 7.5 | CVE-2010-2626 XF BID SECUNIA OSVDB FULLDISC FULLDISC |
open-ftpd -- open-ftpd | Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first. | 2010-07-02 | 9.3 | CVE-2010-2620 EXPLOIT-DB SECUNIA |
opera -- opera_browser | Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. | 2010-07-08 | 9.3 | CVE-2010-2657 VUPEN CONFIRM CONFIRM CONFIRM SECUNIA |
opera -- opera_browser | Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. | 2010-07-08 | 9.3 | CVE-2010-2666 VUPEN BID CONFIRM CONFIRM CONFIRM SECUNIA |
ordasoft -- com_booklibrary | Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. | 2010-07-02 | 7.5 | CVE-2010-1522 MISC MISC XF BID BUGTRAQ MISC SECUNIA OSVDB |
paul_mcenery -- php_bible_search | SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter. | 2010-07-02 | 7.5 | CVE-2010-2616 XF BID MISC |
tornadostore -- tornadostore | Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3. | 2010-07-06 | 7.5 | CVE-2010-1327 XF BID MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adaptivedisplays -- alpha_ethernet_adapter_ii_web_manager | Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | 2010-07-08 | 6.4 | CVE-2010-2668 BID BUGTRAQ SECUNIA OSVDB FULLDISC |
alanzard -- tsoka:cms | Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action. | 2010-07-08 | 4.3 | CVE-2010-2675 EXPLOIT-DB MISC |
arne_redlich_&_ross_walker -- iscsitarget | Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. | 2010-07-08 | 5.0 | CVE-2010-2221 CONFIRM BID OSVDB OSVDB OSVDB MLIST SECUNIA SECUNIA SECUNIA CONFIRM CONFIRM MLIST FULLDISC BUGTRAQ |
bogofilter -- bogofilter | Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. | 2010-07-08 | 5.0 | CVE-2010-2494 MLIST CONFIRM CONFIRM BID OSVDB SECUNIA MLIST MLIST MLIST CONFIRM CONFIRM |
cerberusftp -- ftp_server | Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. | 2010-07-02 | 4.0 | CVE-2004-2769 BID CONFIRM CONFIRM SECUNIA |
dan_pascu -- python-cjson | Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function. | 2010-07-02 | 6.8 | CVE-2010-1666 CONFIRM SECUNIA |
dan_pascu -- python-cjson | Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. | 2010-07-02 | 4.3 | CVE-2009-4924 MISC MISC |
ea -- battlefield_2 | Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via ".." (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL. | 2010-07-02 | 6.8 | CVE-2010-2627 BID SECUNIA OSVDB MISC |
ez -- ez_publish | Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. | 2010-07-08 | 4.3 | CVE-2010-2671 CONFIRM CONFIRM CONFIRM MISC BID SECUNIA OSVDB |
gnu -- wget | GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | 2010-07-06 | 6.8 | CVE-2010-2252 CONFIRM CONFIRM MISC MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
google -- chrome | Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. | 2010-07-06 | 4.3 | CVE-2010-2645 CONFIRM CONFIRM |
google -- chrome | Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image. | 2010-07-06 | 4.3 | CVE-2010-2649 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. | 2010-07-06 | 5.0 | CVE-2010-2652 CONFIRM CONFIRM |
grafik-power -- grafik_cms | Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action. | 2010-07-02 | 4.3 | CVE-2010-2615 VUPEN BUGTRAQ MISC MISC |
harmistechnology -- com_awd_song | Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. | 2010-07-02 | 4.3 | CVE-2010-2613 XF BID EXPLOIT-DB MISC |
htmlpurifier -- htmlpurifier | Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-07-06 | 4.3 | CVE-2010-2479 BID CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA SECUNIA CONFIRM |
ibm -- advanced_management_module | Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php. | 2010-07-08 | 4.3 | CVE-2010-2654 BID EXPLOIT-DB MISC |
ibm -- advanced_management_module | Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter. | 2010-07-08 | 4.0 | CVE-2010-2655 BID EXPLOIT-DB MISC |
ibm -- advanced_management_module | The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz. | 2010-07-08 | 5.0 | CVE-2010-2656 BID EXPLOIT-DB MISC |
insanevisions -- adapcms | PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | 2010-07-02 | 6.8 | CVE-2010-2618 XF BID EXPLOIT-DB MISC |
intersect_alliance -- snare_agent | Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. | 2010-07-02 | 6.8 | CVE-2010-2594 CERT-VN BID SECUNIA MISC |
libtiff -- libtiff | The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." | 2010-07-02 | 4.3 | CVE-2010-2595 CONFIRM SECUNIA MLIST CONFIRM |
libtiff -- libtiff | The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." | 2010-07-02 | 4.3 | CVE-2010-2596 CONFIRM SECUNIA MLIST CONFIRM |
libtiff -- libtiff | The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | 2010-07-02 | 4.3 | CVE-2010-2597 CONFIRM CONFIRM CONFIRM SECUNIA CONFIRM |
libtiff -- libtiff | The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. | 2010-07-06 | 4.3 | CVE-2010-2481 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST |
libtiff -- libtiff | LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. | 2010-07-06 | 4.3 | CVE-2010-2482 CONFIRM CONFIRM CONFIRM MLIST SECUNIA MLIST MLIST MLIST CONFIRM |
libtiff -- libtiff | The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. | 2010-07-06 | 4.3 | CVE-2010-2483 CONFIRM CONFIRM MLIST SECUNIA MLIST MLIST MLIST MLIST MLIST CONFIRM |
libtiff -- libtiff | The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | 2010-07-06 | 4.3 | CVE-2010-2630 CONFIRM CONFIRM |
libtiff -- libtiff | LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | 2010-07-06 | 4.3 | CVE-2010-2631 CONFIRM |
mahara -- mahara | Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-07-06 | 4.3 | CVE-2010-1667 BID XF CONFIRM CONFIRM CONFIRM SECUNIA |
mahara -- mahara | Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-07-06 | 6.8 | CVE-2010-1668 XF BID CONFIRM CONFIRM CONFIRM SECUNIA |
makotemplates -- mako | Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. | 2010-07-02 | 4.3 | CVE-2010-2480 CONFIRM SECUNIA MISC |
microsoft -- windows_server_2008 | Use-after-free vulnerability in Microsoft Windows Vista and Server 2008 allows local users to cause a denial of service (crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, which causes a process object to be deleted while it is still in use. | 2010-07-02 | 4.9 | CVE-2010-2549 BID EXPLOIT-DB FULLDISC |
nokia -- qt | The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. | 2010-07-02 | 5.0 | CVE-2010-2621 VUPEN BID SECUNIA OSVDB MISC MISC |
novo-ws -- orbis_cms | Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 2010-07-08 | 4.3 | CVE-2010-2669 XF BID SECUNIA OSVDB MISC |
openwebanalytics -- open_web_analytics | Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. | 2010-07-08 | 5.0 | CVE-2010-2676 MISC XF MISC EXPLOIT-DB MISC |
openwebanalytics -- open_web_analytics | PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. | 2010-07-08 | 6.8 | CVE-2010-2677 CONFIRM XF MISC EXPLOIT-DB SECUNIA MISC OSVDB |
opera -- opera_browser | Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. | 2010-07-08 | 4.3 | CVE-2010-2658 VUPEN VUPEN CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
opera -- opera_browser | Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. | 2010-07-08 | 4.3 | CVE-2010-2659 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM |
opera -- opera_browser | Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. | 2010-07-08 | 4.3 | CVE-2010-2660 VUPEN VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
opera -- opera_browser | Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. | 2010-07-08 | 4.3 | CVE-2010-2661 VUPEN VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
opera -- opera_browser | Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click." | 2010-07-08 | 4.3 | CVE-2010-2662 CONFIRM CONFIRM CONFIRM |
opera -- opera_browser | Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element. | 2010-07-08 | 4.3 | CVE-2010-2663 CONFIRM CONFIRM CONFIRM |
opera -- opera_browser | Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning. | 2010-07-08 | 4.3 | CVE-2010-2664 CONFIRM CONFIRM CONFIRM |
opera -- opera_browser | Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." | 2010-07-08 | 4.3 | CVE-2010-2665 VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
paul_mcenery -- php_bible_search | Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. | 2010-07-02 | 4.3 | CVE-2010-2617 XF BID MISC |
redhat -- enterprise_linux | LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." | 2010-07-02 | 4.3 | CVE-2010-2598 CONFIRM |
search.cpan -- libwww-perl | lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | 2010-07-06 | 6.8 | CVE-2010-2253 CONFIRM CONFIRM MISC MLIST MLIST CONFIRM |
tornadostore -- tornadostore | Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section. | 2010-07-06 | 4.3 | CVE-2010-1328 XF BID MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
avahi -- avahi | The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. | 2010-07-08 | 2.9 | CVE-2010-2244 CONFIRM MLIST MLIST FEDORA FEDORA |
citrix -- xenserver | Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." | 2010-07-02 | 1.9 | CVE-2010-2619 CONFIRM VUPEN SECTRACK SECUNIA |
hp -- openvms | Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors. | 2010-07-02 | 2.1 | CVE-2010-2612 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM BID SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.