Vulnerability Summary for the Week of November 15, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
LANdesk | gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack. | 2010-11-15 | 8.5 | CVE-2010-2892 VUPEN BID BUGTRAQ EXPLOIT-DB MISC SECTRACK SECUNIA CONFIRM |
accimoveis -- descargarvista_acc_imoveis | SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-11-16 | 7.5 | CVE-2010-4273 XF BID EXPLOIT-DB MISC |
apple -- mac_os_x | OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. | 2010-11-15 | 7.5 | CVE-2010-1378 CONFIRM APPLE |
apple -- mac_os_x | Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 2010-11-15 | 7.5 | CVE-2010-1840 CONFIRM APPLE |
apple -- mac_os_x | Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image. | 2010-11-15 | 9.3 | CVE-2010-1841 CONFIRM APPLE |
apple -- mac_os_x | Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation. | 2010-11-15 | 9.3 | CVE-2010-1842 CONFIRM APPLE |
apple -- mac_os_x | Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet. | 2010-11-16 | 7.8 | CVE-2010-1843 CONFIRM APPLE |
apple -- mac_os_x | Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. | 2010-11-16 | 7.1 | CVE-2010-1844 CONFIRM APPLE |
camtron -- cmnc-200_firmware | Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method. | 2010-11-16 | 9.3 | CVE-2010-4230 MISC BUGTRAQ EXPLOIT-DB |
camtron -- cmnc-200_firmware | Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | 2010-11-16 | 7.8 | CVE-2010-4231 MISC BUGTRAQ EXPLOIT-DB |
camtron -- cmnc-200_firmware | The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. | 2010-11-16 | 10.0 | CVE-2010-4232 MISC BUGTRAQ EXPLOIT-DB |
camtron -- cmnc-200_firmware | The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface. | 2010-11-16 | 10.0 | CVE-2010-4233 MISC BUGTRAQ EXPLOIT-DB |
camtron -- cmnc-200_firmware | The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval. | 2010-11-16 | 7.8 | CVE-2010-4234 MISC BUGTRAQ EXPLOIT-DB |
hp -- 9000 | The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. | 2010-11-17 | 7.8 | CVE-2010-4107 XF VUPEN HP HP SECTRACK SECUNIA |
ibm -- omnifind | Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password. | 2010-11-12 | 9.3 | CVE-2010-3894 VUPEN BID BUGTRAQ OSVDB EXPLOIT-DB MISC |
ibm -- omnifind | esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. | 2010-11-12 | 7.2 | CVE-2010-3895 VUPEN BID BUGTRAQ EXPLOIT-DB MISC |
ibm -- omnifind | The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | 2010-11-12 | 7.5 | CVE-2010-3896 VUPEN BID BUGTRAQ MISC |
impresscms -- impresscms | SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-11-16 | 7.5 | CVE-2010-4271 BID CONFIRM SECUNIA OSVDB |
o-dyn -- collabtive | SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action. | 2010-11-16 | 7.5 | CVE-2010-4269 XF EXPLOIT-DB MISC |
openssl -- openssl | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | 2010-11-17 | 7.6 | CVE-2010-3864 CONFIRM SECTRACK CONFIRM REDHAT SECUNIA |
pulseinfotech -- com_flipwall | SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 2010-11-16 | 7.5 | CVE-2010-4268 XF BID OSVDB EXPLOIT-DB SECUNIA MISC |
pulseinfotech -- com_sponsorwall | SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 2010-11-16 | 7.5 | CVE-2010-4272 XF BID OSVDB EXPLOIT-DB SECUNIA MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- mac_os_x | Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume. | 2010-11-15 | 4.3 | CVE-2010-1803 CONFIRM APPLE |
apple -- mac_os_x | AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets. | 2010-11-15 | 5.0 | CVE-2010-1828 CONFIRM APPLE |
apple -- mac_os_x | Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share. | 2010-11-15 | 6.0 | CVE-2010-1829 CONFIRM APPLE |
apple -- mac_os_x | AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors. | 2010-11-15 | 5.0 | CVE-2010-1830 CONFIRM APPLE |
apple -- mac_os_x | Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document. | 2010-11-15 | 6.8 | CVE-2010-1831 CONFIRM APPLE |
apple -- mac_os_x | Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document. | 2010-11-15 | 6.8 | CVE-2010-1832 CONFIRM APPLE |
apple -- mac_os_x | Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document. | 2010-11-15 | 6.8 | CVE-2010-1833 CONFIRM APPLE |
apple -- mac_os_x | CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address. | 2010-11-15 | 5.8 | CVE-2010-1834 CONFIRM APPLE |
apple -- mac_os_x | Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 2010-11-15 | 6.8 | CVE-2010-1836 CONFIRM APPLE |
apple -- mac_os_x | CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document. | 2010-11-15 | 6.8 | CVE-2010-1837 CONFIRM APPLE |
apple -- mac_os_x | Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | 2010-11-15 | 4.4 | CVE-2010-1838 CONFIRM APPLE |
apple -- mac_os_x | ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. | 2010-11-16 | 6.8 | CVE-2010-1845 CONFIRM APPLE |
apple -- mac_os_x | Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image. | 2010-11-16 | 6.8 | CVE-2010-1846 CONFIRM APPLE |
apple -- mac_os_x | The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors. | 2010-11-16 | 4.9 | CVE-2010-1847 CONFIRM APPLE |
apple -- mac_os_x_server | Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. | 2010-11-16 | 6.8 | CVE-2010-3783 CONFIRM APPLE |
apple -- mac_os_x | The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. | 2010-11-16 | 5.0 | CVE-2010-3784 CONFIRM APPLE |
apple -- mac_os_x | Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. | 2010-11-16 | 6.8 | CVE-2010-3785 CONFIRM APPLE |
apple -- mac_os_x | QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file. | 2010-11-16 | 6.8 | CVE-2010-3786 CONFIRM APPLE |
apple -- mac_os_x | Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. | 2010-11-16 | 6.8 | CVE-2010-3787 CONFIRM APPLE |
apple -- quicktime | QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. | 2010-11-16 | 6.8 | CVE-2010-3788 CONFIRM APPLE |
apple -- quicktime | QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file. | 2010-11-16 | 6.8 | CVE-2010-3789 CONFIRM APPLE |
apple -- quicktime | QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 2010-11-16 | 6.8 | CVE-2010-3790 CONFIRM APPLE |
apple -- quicktime | Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. | 2010-11-16 | 6.8 | CVE-2010-3791 CONFIRM APPLE |
apple -- quicktime | Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. | 2010-11-16 | 6.8 | CVE-2010-3792 CONFIRM APPLE |
apple -- quicktime | QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file. | 2010-11-16 | 6.8 | CVE-2010-3793 CONFIRM APPLE |
apple -- mac_os_x | QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | 2010-11-16 | 6.8 | CVE-2010-3794 CONFIRM APPLE |
apple -- mac_os_x | QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | 2010-11-16 | 6.8 | CVE-2010-3795 CONFIRM APPLE |
apple -- mac_os_x | Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. | 2010-11-16 | 4.3 | CVE-2010-3796 CONFIRM APPLE |
apple -- mac_os_x | Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive. | 2010-11-16 | 6.8 | CVE-2010-3798 CONFIRM APPLE |
apple -- mac_os_x | Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. | 2010-11-16 | 6.8 | CVE-2010-4010 CONFIRM XF APPLE |
apple -- safari | libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | 2010-11-16 | 4.3 | CVE-2010-4008 SECUNIA SECUNIA MLIST CONFIRM CONFIRM MISC |
apple -- mac_os_x_server | Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." | 2010-11-16 | 4.0 | CVE-2010-4011 CONFIRM APPLE |
foswiki -- foswiki | UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. | 2010-11-16 | 6.5 | CVE-2010-4215 CONFIRM XF BID MLIST SECUNIA |
ibm -- websphere_mq | IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | 2010-11-12 | 4.3 | CVE-2010-2637 XF CONFIRM CONFIRM |
ibm -- omnifind | Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. | 2010-11-12 | 4.3 | CVE-2010-3890 VUPEN BID BUGTRAQ MISC |
ibm -- omnifind | Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. | 2010-11-12 | 6.8 | CVE-2010-3891 VUPEN BID BUGTRAQ OSVDB EXPLOIT-DB MISC |
ibm -- omnifind | Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. | 2010-11-12 | 4.3 | CVE-2010-3892 VUPEN BID BUGTRAQ MISC |
ibm -- omnifind | The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. | 2010-11-12 | 6.8 | CVE-2010-3893 VUPEN BID BUGTRAQ MISC |
ibm -- omnifind | ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. | 2010-11-12 | 5.0 | CVE-2010-3897 VUPEN BID BUGTRAQ MISC |
ibm -- omnifind | IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. | 2010-11-12 | 5.0 | CVE-2010-3898 VUPEN BID BUGTRAQ MISC |
ibm -- omnifind | IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. | 2010-11-12 | 5.0 | CVE-2010-3899 VUPEN BID BUGTRAQ OSVDB EXPLOIT-DB MISC |
ibm -- omnifind | Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. | 2010-11-12 | 4.6 | CVE-2010-4236 VUPEN BID BUGTRAQ EXPLOIT-DB MISC |
ibm -- websphere_mq | Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. | 2010-11-15 | 4.0 | CVE-2010-2638 XF |
ibm -- director_agent | reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. | 2010-11-16 | 4.4 | CVE-2010-4274 XF VUPEN BID AIXAPAR SECTRACK SECUNIA |
mozilla -- firefox | Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. | 2010-11-12 | 4.3 | CVE-2009-5017 CONFIRM CONFIRM MISC CONFIRM |
netshinesoftware -- com_netinvoice | Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. | 2010-11-16 | 5.0 | CVE-2010-4270 CONFIRM BID CONFIRM SECUNIA OSVDB |
novell -- mono | Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-11-17 | 6.9 | CVE-2010-4159 CONFIRM MLIST CONFIRM BID CONFIRM SECUNIA MLIST MLIST MLIST |
openttd -- openttd | Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp. | 2010-11-17 | 5.0 | CVE-2010-4168 CONFIRM CONFIRM VUPEN CONFIRM MLIST MLIST |
php -- php | The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. | 2010-11-12 | 6.8 | CVE-2010-3870 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MANDRIVA MISC MISC MISC MISC CONFIRM MISC |
php -- php | Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. | 2010-11-12 | 6.8 | CVE-2009-5016 MISC MISC CONFIRM |
redhat -- certificate_system | Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. | 2010-11-17 | 5.8 | CVE-2010-3868 CONFIRM REDHAT REDHAT CONFIRM OSVDB SECTRACK SECUNIA |
redhat -- certificate_system | Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN. | 2010-11-17 | 4.0 | CVE-2010-3869 CONFIRM REDHAT REDHAT CONFIRM OSVDB SECTRACK SECUNIA |
spreecommerce -- spree | Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue. | 2010-11-17 | 5.0 | CVE-2010-3978 CONFIRM CONFIRM CONFIRM BUGTRAQ MISC MISC MISC CONFIRM |
symantec -- mobile_security | The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. | 2010-11-15 | 6.0 | CVE-2010-0113 CONFIRM BID |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- mac_os_x_server | Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2010-11-16 | 3.5 | CVE-2010-3797 CONFIRM APPLE |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.