Vulnerability Summary for the Week of December 6, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aigaion -- aigaion | SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action. | 2010-12-08 | 7.5 | CVE-2010-4503 BID SECUNIA MISC |
anything-digital -- sh404sef | SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-12-06 | 7.5 | CVE-2010-4404 BID MISC SECUNIA CONFIRM |
apple -- quicktime | Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. | 2010-12-09 | 9.3 | CVE-2010-1508 APPLE MISC CONFIRM MISC |
apple -- quicktime | Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. | 2010-12-09 | 9.3 | CVE-2010-3800 APPLE MISC MISC CONFIRM IDEFENSE |
apple -- quicktime | Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file. | 2010-12-09 | 9.3 | CVE-2010-3801 APPLE MISC CONFIRM |
apple -- quicktime | Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. | 2010-12-09 | 9.3 | CVE-2010-3802 APPLE MISC CONFIRM |
apple -- quicktime | Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 2010-12-09 | 9.3 | CVE-2010-4009 APPLE CONFIRM |
ca -- internet_security_suite_plus_2010 | Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow. | 2010-12-08 | 7.2 | CVE-2010-4502 VUPEN SECTRACK EXPLOIT-DB SECUNIA |
clamav -- clamav | Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. | 2010-12-07 | 7.5 | CVE-2010-4261 CONFIRM CONFIRM MISC VUPEN VUPEN BID MANDRIVA SECUNIA SECUNIA MLIST MLIST MLIST FEDORA CONFIRM |
dynpg -- dynpg_cms | SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter. | 2010-12-06 | 7.5 | CVE-2010-4400 CONFIRM BID MISC EXPLOIT-DB MISC OSVDB |
google -- chrome | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling. | 2010-12-07 | 9.3 | CVE-2010-4486 CONFIRM CONFIRM |
google -- chrome | Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file." | 2010-12-07 | 7.5 | CVE-2010-4487 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error. | 2010-12-07 | 9.3 | CVE-2010-4490 CONFIRM CONFIRM |
google -- chrome | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. | 2010-12-07 | 10.0 | CVE-2010-4492 CONFIRM CONFIRM |
google -- chrome | Double free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | 2010-12-07 | 10.0 | CVE-2010-4494 CONFIRM CONFIRM |
linux -- kernel | The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. | 2010-12-06 | 7.2 | CVE-2010-3904 CERT-VN MISC CONFIRM CONFIRM MISC UBUNTU REDHAT REDHAT CONFIRM SECTRACK SUSE |
michael_dehaan -- cobbler | Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | 2010-12-09 | 7.5 | CVE-2009-5021 CONFIRM |
michael_dehaan -- cobbler | template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954. | 2010-12-09 | 8.5 | CVE-2010-2235 CONFIRM CONFIRM REDHAT |
michael_dehaan -- cobbler | Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | 2010-12-09 | 7.2 | CVE-2010-4512 CONFIRM |
microsoft -- windows_2003_server | Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 through R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key. | 2010-12-06 | 7.2 | CVE-2010-4398 CERT-VN EXPLOIT-DB MISC MISC SECUNIA MISC MISC |
mozilla -- firefox | The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification. | 2010-12-09 | 10.0 | CVE-2010-4508 CONFIRM |
mozilla -- firefox | Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. | 2010-12-10 | 9.3 | CVE-2010-3766 CONFIRM CONFIRM |
novell -- mono | Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | 2010-12-06 | 7.5 | CVE-2010-4254 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
openssh -- openssh | OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | 2010-12-06 | 7.5 | CVE-2010-4478 MISC CONFIRM CONFIRM CONFIRM MISC |
openssl -- openssl | OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. | 2010-12-06 | 7.5 | CVE-2010-4252 MISC CONFIRM CONFIRM VUPEN VUPEN BID SLACKWARE SECTRACK SECUNIA MISC CONFIRM |
redhat -- enterprise_mrg | The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins. | 2010-12-07 | 7.5 | CVE-2010-4179 CONFIRM VUPEN SECTRACK REDHAT REDHAT SECUNIA |
sixapart -- movabletype | SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-12-09 | 7.5 | CVE-2010-3922 CONFIRM SECUNIA JVNDB JVN |
sixapart -- movabletype | Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags. | 2010-12-09 | 10.0 | CVE-2010-4509 CONFIRM |
sixapart -- movabletype | Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message." | 2010-12-09 | 10.0 | CVE-2010-4511 CONFIRM |
systemtap -- systemtap | The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. | 2010-12-07 | 7.2 | CVE-2010-4170 CONFIRM XF SECTRACK BID REDHAT REDHAT EXPLOIT-DB MLIST SECUNIA SECUNIA SECUNIA SECUNIA FEDORA FEDORA FEDORA |
vmware -- movie_decoder | The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. | 2010-12-06 | 9.3 | CVE-2010-4294 VUPEN CONFIRM SECTRACK BID BUGTRAQ SECUNIA OSVDB MLIST |
vmware -- fusion | vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. | 2010-12-06 | 7.2 | CVE-2010-4296 VUPEN CONFIRM SECTRACK SECTRACK BID BUGTRAQ SECUNIA SECUNIA OSVDB MLIST |
vmware -- esxi | The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. | 2010-12-06 | 7.2 | CVE-2010-4297 VUPEN CONFIRM SECTRACK SECTRACK BID BUGTRAQ SECUNIA SECUNIA OSVDB MLIST |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alexej_kryukov -- fontforge | Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file. | 2010-12-07 | 6.8 | CVE-2010-4259 CONFIRM CONFIRM BID MLIST MLIST |
alguest -- alguest | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters. | 2010-12-06 | 4.3 | CVE-2010-4407 MISC BID BUGTRAQ MISC |
anything-digital -- sh404sef | Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-12-06 | 4.3 | CVE-2010-4405 BID MISC SECUNIA MISC |
apache -- archiva | Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449. | 2010-12-06 | 6.8 | CVE-2010-4408 BUGTRAQ MLIST CONFIRM |
apple -- iphone_os | Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. | 2010-12-08 | 6.2 | CVE-2010-4012 CONFIRM |
brunetton -- littlephpgallery | Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter. | 2010-12-06 | 6.8 | CVE-2010-4406 BID EXPLOIT-DB SECUNIA MISC OSVDB |
bsdperimeter -- pfsense | Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182. | 2010-12-07 | 4.3 | CVE-2010-4246 BID SECUNIA FULLDISC MLIST MLIST |
bsdperimeter -- pfsense | Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246. | 2010-12-07 | 4.3 | CVE-2010-4412 FULLDISC MLIST MLIST MLIST |
cgi-simple -- cgi-simple | CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. | 2010-12-06 | 6.8 | CVE-2010-4410 CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST BID CONFIRM |
cgi.pm -- cgi.pm | Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. | 2010-12-06 | 6.8 | CVE-2010-4411 MLIST |
citrix -- web_interface | Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454. | 2010-12-09 | 4.3 | CVE-2010-4515 VUPEN BID CONFIRM SECUNIA |
clam_anti-virus -- clamav | Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. | 2010-12-07 | 6.8 | CVE-2010-4479 CONFIRM CONFIRM MISC VUPEN VUPEN BID MANDRIVA SECUNIA MLIST MLIST MLIST FEDORA CONFIRM |
clamav -- clamav | Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." | 2010-12-07 | 4.3 | CVE-2010-4260 CONFIRM CONFIRM CONFIRM MISC VUPEN VUPEN BID MANDRIVA SECUNIA SECUNIA MLIST MLIST MLIST FEDORA CONFIRM |
codehaus -- redback | Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1, allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | 2010-12-06 | 6.8 | CVE-2010-3449 CONFIRM CONFIRM VUPEN BID BUGTRAQ OSVDB CONFIRM SECUNIA MLIST CONFIRM CONFIRM |
dotnetnuke -- dotnetnuke | Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information. | 2010-12-09 | 4.3 | CVE-2010-4514 SECTRACK BID MISC SECUNIA MISC |
dynpg -- dynpg_cms | Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-12-06 | 4.3 | CVE-2010-4399 CONFIRM BID MISC EXPLOIT-DB SECUNIA MISC OSVDB |
dynpg -- dynpg_cms | languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | 2010-12-06 | 5.0 | CVE-2010-4401 CONFIRM MISC EXPLOIT-DB MISC OSVDB |
epson -- lp-s7100_driver_4.1.0 | The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between may 2010 and 20101125, modifies access permissions for the "C:Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. | 2010-12-08 | 4.6 | CVE-2010-3920 CONFIRM SECUNIA JVNDB JVN |
fedoraproject -- dracut | plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets insecure permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | 2010-12-07 | 4.0 | CVE-2010-4176 CONFIRM CONFIRM VUPEN VUPEN BID SECUNIA SECUNIA FEDORA FEDORA |
google -- chrome | Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors. | 2010-12-07 | 5.0 | CVE-2010-4482 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site. | 2010-12-07 | 4.3 | CVE-2010-4483 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors. | 2010-12-07 | 5.0 | CVE-2010-4484 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site. | 2010-12-07 | 4.3 | CVE-2010-4485 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 2010-12-07 | 5.0 | CVE-2010-4488 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.215 does not properly handle WebM video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. NOTE: this vulnerability exists because of a regression. | 2010-12-07 | 4.3 | CVE-2010-4489 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. | 2010-12-07 | 4.3 | CVE-2010-4491 CONFIRM CONFIRM |
google -- chrome | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. | 2010-12-07 | 4.3 | CVE-2010-4493 CONFIRM CONFIRM |
harmistechnology -- com_jeauto | SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | 2010-12-09 | 6.8 | CVE-2010-4517 EXPLOIT-DB |
hp -- hp-ux | HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors. | 2010-12-08 | 6.8 | CVE-2010-4108 VUPEN BID SECUNIA HP HP |
hp -- palm_webos | Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | 2010-12-08 | 4.3 | CVE-2010-4109 VUPEN HP HP |
ibm -- websphere_commerce | IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | 2010-12-06 | 5.0 | CVE-2010-2639 XF AIXAPAR CONFIRM |
injader -- injader | Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters. | 2010-12-08 | 6.8 | CVE-2010-4505 MISC SECUNIA |
intelliants -- esyndicat | Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php. | 2010-12-08 | 4.3 | CVE-2010-4504 BID SECUNIA MISC OSVDB OSVDB |
io-socket-ssl -- io-socket-ssl | IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | 2010-12-08 | 6.8 | CVE-2010-4501 CONFIRM BID SECUNIA OSVDB CONFIRM |
isc -- bind | named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. | 2010-12-06 | 4.0 | CVE-2010-3613 CERT-VN VUPEN VUPEN VUPEN VUPEN VUPEN UBUNTU BID OSVDB CONFIRM CONFIRM SECTRACK SECUNIA SECUNIA SECUNIA FEDORA |
isc -- bind | named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. | 2010-12-06 | 6.4 | CVE-2010-3614 CERT-VN VUPEN VUPEN VUPEN VUPEN VUPEN UBUNTU BID OSVDB CONFIRM CONFIRM SECTRACK SECUNIA SECUNIA SECUNIA FEDORA |
isc -- bind | named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. | 2010-12-06 | 5.0 | CVE-2010-3615 CERT-VN VUPEN BID CONFIRM CONFIRM SECTRACK SECUNIA OSVDB |
jxtended -- jxtended_comments | Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-12-09 | 4.3 | CVE-2010-4516 BID SECUNIA CONFIRM |
linux -- kernel | The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag. | 2010-12-06 | 4.9 | CVE-2010-3066 CONFIRM CONFIRM CONFIRM SECTRACK |
mrcgiguy -- freeticket | Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-12-08 | 6.8 | CVE-2010-4500 BID SECUNIA |
nordugrid -- nordugrid-arc | Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information. | 2010-12-08 | 6.9 | CVE-2010-3372 CONFIRM SECUNIA |
openssl -- openssl | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | 2010-12-06 | 4.3 | CVE-2010-4180 CONFIRM CONFIRM CONFIRM VUPEN VUPEN VUPEN SECTRACK BID MANDRIVA UBUNTU SLACKWARE SECUNIA SECUNIA SECUNIA OSVDB |
openssl -- openssl | OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. | 2010-12-06 | 4.3 | CVE-2008-7270 CONFIRM UBUNTU SECUNIA CONFIRM |
php -- php | Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. | 2010-12-06 | 5.0 | CVE-2010-4409 CERT-VN CONFIRM CONFIRM |
php -- php | Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 2010-12-07 | 5.0 | CVE-2010-4150 CONFIRM CONFIRM XF VUPEN SECTRACK BID MANDRIVA |
phpmyadmin -- phpmyadmin | error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". | 2010-12-08 | 4.3 | CVE-2010-4480 VUPEN EXPLOIT-DB |
pulsecms -- pulse_cms | Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php. | 2010-12-07 | 6.8 | CVE-2010-4330 VUPEN MISC BID BUGTRAQ EXPLOIT-DB SECUNIA MISC OSVDB |
redhat -- spice-activex | Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | 2010-12-08 | 6.8 | CVE-2010-2793 REDHAT CONFIRM BID SECTRACK |
redhat -- icedtea | IcedTea before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | 2010-12-08 | 5.0 | CVE-2010-3860 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECUNIA SECUNIA FEDORA |
sixapart -- movabletype | Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-12-09 | 4.3 | CVE-2010-3921 CONFIRM SECUNIA JVNDB JVN |
vmware -- fusion | Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. | 2010-12-06 | 6.9 | CVE-2010-4295 VUPEN CONFIRM SECTRACK SECTRACK BID BUGTRAQ SECUNIA SECUNIA OSVDB MLIST |
wobeo -- wp-safe-search | Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. | 2010-12-09 | 4.3 | CVE-2010-4518 BID MISC SECUNIA |
wordpress -- register_plus_plugin | Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. | 2010-12-06 | 4.3 | CVE-2010-4402 BID BUGTRAQ MISC SECUNIA MISC OSVDB |
wordpress -- register_plus_plugin | The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message. | 2010-12-06 | 5.0 | CVE-2010-4403 BUGTRAQ MISC MISC |
wordpress -- wordpress | SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | 2010-12-07 | 6.0 | CVE-2010-4257 CONFIRM CONFIRM CONFIRM MISC CONFIRM MISC SECUNIA CONFIRM |
zimplit -- zimplit_cms | Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php. | 2010-12-09 | 4.3 | CVE-2010-4513 BID BUGTRAQ MISC MISC SECUNIA MISC BUGTRAQ |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- quicktime | Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. | 2010-12-09 | 2.1 | CVE-2010-0530 APPLE CONFIRM |
cgi-simple -- cgi-simple | The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. | 2010-12-06 | 2.6 | CVE-2010-2761 CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST MISC OSVDB OSVDB MLIST CONFIRM |
citrix -- xen | The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. | 2010-12-08 | 2.7 | CVE-2010-3699 CONFIRM SECTRACK SECUNIA |
systemtap -- systemtap | The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules). | 2010-12-07 | 2.1 | CVE-2010-4171 CONFIRM CONFIRM XF SECTRACK BID REDHAT MLIST SECUNIA SECUNIA SECUNIA FEDORA FEDORA FEDORA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.