Vulnerability Summary for the Week of September 13, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
4you-studio -- com_jphone | Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | 2010-09-16 | 7.5 | CVE-2010-3426 XF BID EXPLOIT-DB MISC |
adobe -- acrobat | Unspecified vulnerability in Adobe Flash Player 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris; Flash Player 10.1.92.10 for Android; Reader 9.3.4 for Windows, Macintosh and UNIX; and Acrobat 9.3.4 and earlier for Windows and Macintosh allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, as exploited in the wild in September 2010. | 2010-09-15 | 9.3 | CVE-2010-2884 CERT-VN XF VUPEN VUPEN CONFIRM SECUNIA SECUNIA SECUNIA |
apple -- safari | Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. | 2010-09-10 | 9.3 | CVE-2010-1806 BID CONFIRM APPLE |
apple -- safari | WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | 2010-09-10 | 9.3 | CVE-2010-1807 BID CONFIRM APPLE |
cisco -- wireless_lan_controller_software | Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653. | 2010-09-10 | 7.8 | CVE-2010-0574 CISCO CONFIRM |
cisco -- wireless_lan_controller_software | Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033. | 2010-09-10 | 9.0 | CVE-2010-2842 CISCO CONFIRM |
cisco -- wireless_lan_controller_software | Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033. | 2010-09-10 | 9.0 | CVE-2010-2843 CISCO CONFIRM |
cisco -- wireless_lan_controller_software | Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843. | 2010-09-10 | 9.0 | CVE-2010-3033 CISCO CONFIRM |
dm_computer_solutions -- ultraedit | Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file. | 2010-09-16 | 9.3 | CVE-2010-3402 BID SECUNIA OSVDB FULLDISC |
eshtery.she7ata -- eshtery_cms | Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx. | 2010-09-16 | 7.5 | CVE-2010-3404 XF BID EXPLOIT-DB |
freka -- yr_verdata | SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. | 2010-09-16 | 7.5 | CVE-2010-3423 CONFIRM CONFIRM XF OSVDB SECUNIA |
google -- chrome | Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs during parsing. | 2010-09-16 | 10.0 | CVE-2010-3408 CONFIRM CONFIRM |
google -- chrome | Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles. | 2010-09-16 | 10.0 | CVE-2010-3409 CONFIRM CONFIRM |
google -- chrome | Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. | 2010-09-16 | 10.0 | CVE-2010-3410 CONFIRM CONFIRM |
google -- chrome | Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors. | 2010-09-16 | 9.3 | CVE-2010-3412 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X. | 2010-09-16 | 10.0 | CVE-2010-3414 CONFIRM CONFIRM MISC |
google -- chrome | Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-09-16 | 10.0 | CVE-2010-3415 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-09-16 | 10.0 | CVE-2010-3416 CONFIRM CONFIRM |
haudenschilt -- family_connections_cms | Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php. | 2010-09-16 | 7.5 | CVE-2010-3419 XF EXPLOIT-DB MISC |
hp -- proliant_g6_lights-out_100_remote_management | Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors. | 2010-09-10 | 7.8 | CVE-2010-3006 SECTRACK HP HP |
hp -- data_protector_express | Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007. | 2010-09-13 | 7.2 | CVE-2010-3008 HP HP |
hp -- system_management_homepage | Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors. | 2010-09-15 | 9.0 | CVE-2010-3009 HP HP CONFIRM SECTRACK BID SECUNIA |
ibm -- lotus_sametime | Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. | 2010-09-15 | 10.0 | CVE-2010-3398 VUPEN BID CONFIRM |
ibm -- lotus_domino | Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V. | 2010-09-16 | 9.3 | CVE-2010-3407 XF MISC VUPEN BID BUGTRAQ EXPLOIT-DB MISC MISC MISC CONFIRM SECTRACK SECUNIA MISC CONFIRM |
intermesh -- group-office | SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action. | 2010-09-16 | 7.5 | CVE-2010-3428 MISC BID EXPLOIT-DB |
kingsoftsecurity -- kingsoft_antivirus | Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information. | 2010-09-15 | 7.2 | CVE-2010-3396 BID EXPLOIT-DB SECUNIA |
march-hare -- cvs_suite | perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance. | 2010-09-15 | 9.3 | CVE-2010-1326 VUPEN DEBIAN SECUNIA SECUNIA CONFIRM MISC CONFIRM |
microsoft -- windows_server_2003 | The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." | 2010-09-15 | 9.3 | CVE-2010-0818 MS |
microsoft -- windows_7 | Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability." | 2010-09-15 | 9.0 | CVE-2010-0820 MS |
microsoft -- windows_server_2003 | The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." | 2010-09-15 | 9.3 | CVE-2010-2563 MS |
microsoft -- windows_server_2003 | The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." | 2010-09-15 | 9.3 | CVE-2010-2567 MS |
microsoft -- outlook | Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." | 2010-09-15 | 9.3 | CVE-2010-2728 MS |
microsoft -- windows_7 | The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." | 2010-09-15 | 9.3 | CVE-2010-2729 MS |
microsoft -- iis | Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." | 2010-09-15 | 9.3 | CVE-2010-2730 MS |
microsoft -- office | The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." | 2010-09-15 | 9.3 | CVE-2010-2738 MS |
pgp -- desktop | Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file. | 2010-09-15 | 9.3 | CVE-2010-3397 BID BUGTRAQ SECUNIA |
qualcomm -- extensible_diagnostic_monitor | Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file. | 2010-09-16 | 9.3 | CVE-2010-3403 MISC SECUNIA OSVDB |
rim -- blackberry_desktop_software | Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. | 2010-09-15 | 9.3 | CVE-2010-2600 CONFIRM SECTRACK BID SECUNIA SECUNIA |
samba -- samba | Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. | 2010-09-15 | 7.5 | CVE-2010-3069 VUPEN XF UBUNTU SECTRACK BID CONFIRM CONFIRM SECUNIA SECUNIA FEDORA FEDORA FEDORA |
solventus -- com_jgen | SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | 2010-09-16 | 7.5 | CVE-2010-3422 BID EXPLOIT-DB |
tigris -- tortoisesvn | Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default. | 2010-09-10 | 9.3 | CVE-2010-3199 BUGTRAQ BUGTRAQ MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- traffic_server | Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response. | 2010-09-13 | 4.3 | CVE-2010-2952 CONFIRM XF BID BUGTRAQ MISC CONFIRM SECTRACK SECUNIA |
apache -- couchdb | Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory. | 2010-09-14 | 6.9 | CVE-2010-2953 VUPEN BID MLIST MLIST MLIST MLIST MISC DEBIAN SECUNIA CONFIRM |
apple -- safari | Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | 2010-09-10 | 6.9 | CVE-2010-1805 BID CONFIRM APPLE |
cisco -- wireless_lan_controller_software | Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034. | 2010-09-10 | 5.0 | CVE-2010-0575 CISCO CONFIRM |
cisco -- wireless_lan_controller_software | Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938. | 2010-09-10 | 6.8 | CVE-2010-2841 CISCO CONFIRM |
cisco -- wireless_lan_controller_software | Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575. | 2010-09-10 | 5.0 | CVE-2010-3034 CISCO CONFIRM |
dest-unreach -- socat | Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. | 2010-09-14 | 6.8 | CVE-2010-2799 CONFIRM CONFIRM CONFIRM DEBIAN CONFIRM CONFIRM |
djangoproject -- django | Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie. | 2010-09-14 | 4.3 | CVE-2010-3082 BID CONFIRM CONFIRM XF MLIST |
flock -- flock | Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark. | 2010-09-13 | 4.3 | CVE-2010-3202 BID MISC |
futomi -- access_analyzer_cgi | Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-13 | 4.3 | CVE-2010-2366 BID CONFIRM JVNDB JVN |
google -- chrome | Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors. | 2010-09-16 | 5.0 | CVE-2010-3411 CONFIRM CONFIRM |
google -- chrome | Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | 2010-09-16 | 5.0 | CVE-2010-3413 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors. | 2010-09-16 | 5.0 | CVE-2010-3417 CONFIRM CONFIRM |
hp -- insight_diagnostics | Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-10 | 4.3 | CVE-2010-3003 VUPEN MISC HP HP |
hp -- 3crevf100-73 | Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-15 | 4.3 | CVE-2010-3010 HP HP SECTRACK |
ibm -- filenet_content_manager | Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-13 | 4.3 | CVE-2010-3317 BID AIXAPAR SECUNIA |
ibm -- filenet_content_manager | IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | 2010-09-13 | 5.0 | CVE-2010-3318 BID AIXAPAR SECUNIA |
ibm -- filenet_content_manager | IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. | 2010-09-13 | 5.0 | CVE-2010-3319 BID AIXAPAR |
ibm -- filenet_content_manager | Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2010-09-13 | 6.8 | CVE-2010-3320 BID AIXAPAR SECUNIA |
ibm -- proventia_network_mail_security_system_virtual_appliance | Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters. | 2010-09-14 | 4.3 | CVE-2010-0152 MISC BUGTRAQ |
ibm -- proventia_network_mail_security_system_virtual_appliance | Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks. | 2010-09-14 | 6.8 | CVE-2010-0153 MISC BUGTRAQ |
ibm -- proventia_network_mail_security_system_virtual_appliance | Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability." | 2010-09-14 | 4.0 | CVE-2010-0154 MISC BUGTRAQ |
ibm -- vios | Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors. | 2010-09-16 | 6.8 | CVE-2010-3405 CONFIRM XF VUPEN BID AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR SECTRACK SECUNIA |
invisionpower -- invision_power_board | Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-16 | 4.3 | CVE-2010-3424 VUPEN BID CONFIRM SECUNIA |
mailenable -- mailenable | The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error." | 2010-09-15 | 5.0 | CVE-2010-2580 CONFIRM SECTRACK BID BUGTRAQ CONFIRM CONFIRM CONFIRM MISC SECUNIA |
microsoft -- windows_server_2003 | The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." | 2010-09-15 | 6.9 | CVE-2010-1891 MS |
microsoft -- iis | Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." | 2010-09-15 | 4.3 | CVE-2010-1899 MS |
microsoft -- iis | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." | 2010-09-15 | 6.8 | CVE-2010-2731 MS |
mozilla -- firefox | The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. | 2010-09-15 | 5.8 | CVE-2010-3171 MISC MISC BID BUGTRAQ |
mozilla -- firefox | The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. | 2010-09-15 | 5.8 | CVE-2010-3399 MISC MISC MISC BUGTRAQ |
mozilla -- firefox | The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. | 2010-09-15 | 5.8 | CVE-2010-3400 CONFIRM |
netartmedia -- car_portal | Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php. | 2010-09-16 | 4.3 | CVE-2010-3418 XF BID SECUNIA MISC OSVDB |
novell -- suse_linux_enterprise_desktop | Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 allow local users to gain privileges via unspecified vectors. NOTE: this might overlap CVE-2010-3110. | 2010-09-10 | 6.9 | CVE-2010-3278 SUSE |
open-classifieds -- open_classifieds | Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php. | 2010-09-16 | 4.3 | CVE-2010-3427 BID SECUNIA MISC OSVDB OSVDB |
phpmyadmin -- phpmyadmin | Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | 2010-09-10 | 4.3 | CVE-2010-3263 XF CONFIRM SECUNIA |
productcart -- productcart | Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information. | 2010-09-16 | 4.3 | CVE-2010-3421 MISC XF BID SECUNIA OSVDB |
quagga -- quagga_routing_software_suite | Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. | 2010-09-10 | 6.5 | CVE-2010-2948 CONFIRM VUPEN BID CONFIRM MLIST MLIST MANDRIVA DEBIAN SECUNIA SECUNIA CONFIRM |
quagga -- quagga_routing_software_suite | bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. | 2010-09-10 | 5.0 | CVE-2010-2949 CONFIRM VUPEN BID CONFIRM MLIST MLIST MANDRIVA DEBIAN SECUNIA SECUNIA CONFIRM |
scott_james_remnant -- mountall | mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file. | 2010-09-14 | 6.9 | CVE-2010-2961 CONFIRM VUPEN UBUNTU OSVDB SECUNIA |
smartertools -- smarterstats | Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2010-09-16 | 4.3 | CVE-2010-3425 XF OSVDB SECUNIA MISC |
splunk -- splunk | The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors. | 2010-09-14 | 6.0 | CVE-2010-3322 CONFIRM |
splunk -- splunk | Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter. | 2010-09-14 | 4.6 | CVE-2010-3323 CONFIRM |
todd_miller -- sudo | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | 2010-09-10 | 6.2 | CVE-2010-2956 CONFIRM VUPEN VUPEN VUPEN VUPEN UBUNTU CONFIRM SECTRACK BID REDHAT MANDRIVA GENTOO SECUNIA SECUNIA FEDORA |
webassist -- powerstore | Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter. | 2010-09-16 | 4.3 | CVE-2010-3420 XF SECUNIA MISC OSVDB |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
gnu -- mailman | Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. | 2010-09-15 | 3.5 | CVE-2010-3089 CONFIRM CONFIRM CONFIRM SECUNIA MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
ibm -- proventia_network_mail_security_system_virtual_appliance | CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. | 2010-09-14 | 3.5 | CVE-2010-0155 MISC BUGTRAQ |
ibm -- aix | Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors. | 2010-09-16 | 1.7 | CVE-2010-3406 CONFIRM XF VUPEN BID AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR SECUNIA |
s9y -- serendipity | Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-10 | 2.6 | CVE-2010-2957 CONFIRM MLIST MLIST MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.