Vulnerability Summary for the Week of January 17, 2011

Released
Jan 24, 2011
Document ID
SB11-024

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

Vulnerability Severity:

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- advantech_studioStack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80.2011-01-1810.0CVE-2011-0488
MISC
CERT-VN
CONFIRM
XF
VUPEN
VUPEN
BID
OSVDB
MISC
SECUNIA
SECUNIA
CONFIRM
awbs -- advanced_webhost_billing_systemSQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.2011-01-207.5CVE-2011-0510
XF
EXPLOIT-DB
SECUNIA
cakefoundation -- cakephpThe _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.2011-01-147.5CVE-2010-4335
CONFIRM
OSVDB
EXPLOIT-DB
SREASON
SECUNIA
MISC
MISC
citrix -- access_gatewayUnspecified vulnerability in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to bypass authentication and possibly execute arbitrary commands via unknown vectors.2011-01-149.3CVE-2010-4566
SECTRACK
CONFIRM
epromptc -- betmore_site_suiteSQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.2011-01-207.5CVE-2011-0516
XF
BID
EXPLOIT-DB
SECUNIA
CONFIRM
fxwebdesign -- com_jradioSQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2011-01-207.5CVE-2010-4702
CONFIRM
SECUNIA
gallarific -- php_photo_gallery_scriptSQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter.2011-01-207.5CVE-2011-0519
EXPLOIT-DB
SECUNIA
google -- chromeThe node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2011-01-1410.0CVE-2011-0471
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.2011-01-149.3CVE-2011-0472
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."2011-01-1410.0CVE-2011-0473
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."2011-01-1410.0CVE-2011-0474
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.2011-01-1410.0CVE-2011-0475
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.2011-01-1410.0CVE-2011-0476
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.2011-01-1410.0CVE-2011-0477
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."2011-01-1410.0CVE-2011-0478
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeMultiple buffer overflows in the Vorbis decoder in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2011-01-149.3CVE-2011-0480
CONFIRM
XF
OSVDB
CONFIRM
google -- chromeBuffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.2011-01-149.3CVE-2011-0481
CONFIRM
XF
OSVDB
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.2011-01-149.3CVE-2011-0482
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2011-01-1410.0CVE-2011-0483
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."2011-01-1410.0CVE-2011-0484
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."2011-01-1410.0CVE-2011-0485
XF
XF
OSVDB
CONFIRM
CONFIRM
hotwebscripts -- hotweb_rentalsSQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2011-01-207.5CVE-2010-4703
BID
BUGTRAQ
SECUNIA
hp -- loadrunnerUnspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.2011-01-1810.0CVE-2011-0272
XF
VUPEN
BID
HP
HP
SECTRACK
SECUNIA
OSVDB
hp -- linux_imaging_and_printing_projectStack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.2011-01-207.5CVE-2010-4267
CONFIRM
MISC
XF
VUPEN
SECTRACK
BID
REDHAT
SECUNIA
SECUNIA
hp -- data_protector_managerThe RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.2011-01-207.8CVE-2011-0514
VUPEN
EXPLOIT-DB
ibm -- tivoli_access_manager_for_e-businessDirectory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622.2011-01-197.5CVE-2011-0494
XF
VUPEN
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECUNIA
joomla -- joomla!Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.2011-01-187.5CVE-2010-4166
MISC
MISC
MISC
SECUNIA
MLIST
MLIST
CONFIRM
FULLDISC
joomla -- joomla!Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2011-01-187.5CVE-2010-4696
SECUNIA
MLIST
MLIST
MISC
joomtraders -- com_allcinevidSQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.2011-01-207.5CVE-2011-0511
BID
EXPLOIT-DB
SECUNIA
MISC
linux -- kernelThe igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.2011-01-187.1CVE-2010-4263
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
BID
CONFIRM
microsoft -- windows_2003_serverThe kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.2011-01-207.2CVE-2010-2743
MS
musanim -- music_animation_machine_midi_playerStack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file.2011-01-209.3CVE-2011-0501
EXPLOIT-DB
SECUNIA
musanim -- music_animation_machine_midi_playerMusic Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file.2011-01-209.3CVE-2011-0502
EXPLOIT-DB
nokia -- multimedia_playerStack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.2011-01-209.3CVE-2011-0498
VUPEN
EXPLOIT-DB
SECUNIA
OSVDB
objectivity -- objectivity/dbThe server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.2011-01-187.5CVE-2011-0489
CERT-VN
XF
VUPEN
BID
EXPLOIT-DB
SECUNIA
OSVDB
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager.2011-01-1910.0CVE-2010-3510
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations.2011-01-199.3CVE-2010-3591
VUPEN
SECTRACK
BID
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Internal Operations.2011-01-198.5CVE-2010-3592
VUPEN
SECTRACK
BID
CONFIRM
oracle -- argus_safetyUnspecified vulnerability in the Health Sciences - Oracle Argus Safety component in Oracle Industry Applications 5.0, 5.0.1, 5.0.2, and 5.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Login and LDAP.2011-01-197.5CVE-2010-3593
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server.2011-01-197.8CVE-2010-3595
VUPEN
SECTRACK
BID
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Import Export Utility.2011-01-197.1CVE-2010-3598
VUPEN
SECTRACK
BID
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.2011-01-199.4CVE-2010-3599
VUPEN
SECTRACK
BID
CONFIRM
oracle -- database_serverUnspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2011-01-197.5CVE-2010-3600
VUPEN
SECTRACK
CONFIRM
SECUNIA
oracle -- beehiveUnspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.2011-01-197.5CVE-2010-4417
MISC
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.11 through 8.50.15 and 8.51GA through 8.51.05 allows remote attackers to affect confidentiality, integrity, and availability, related to PIA Core Technology.2011-01-197.5CVE-2010-4418
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- audit_vaultUnspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700.2011-01-197.5CVE-2010-4449
MISC
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
php -- phpThe iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.2011-01-187.5CVE-2010-4699
CONFIRM
MLIST
CONFIRM
securstar -- drivecryptDCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.2011-01-207.2CVE-2011-0513
VUPEN
BID
EXPLOIT-DB
SECUNIA
OSVDB
sielcosistemi -- winlog_proStack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.2011-01-209.3CVE-2011-0517
XF
VUPEN
BID
EXPLOIT-DB
SECUNIA
OSVDB
MISC
sun -- sunosUnspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP.2011-01-197.8CVE-2010-2632
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.2011-01-1910.0CVE-2010-4435
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS.2011-01-197.8CVE-2010-4457
BID
CONFIRM
sybase -- appeon_for_powerbuilderUnspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."2011-01-2010.0CVE-2011-0496
XF
VUPEN
CONFIRM
BID
SECUNIA
OSVDB
sybase -- appeon_for_powerbuilderDirectory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via unknown vectors.2011-01-207.8CVE-2011-0497
XF
VUPEN
CONFIRM
BID
SECUNIA
OSVDB
symantec -- web_gatewaySQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.2011-01-147.5CVE-2010-0115
XF
MISC
VUPEN
CONFIRM
SECTRACK
BID
SECUNIA
OSVDB
tor -- torHeap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.2011-01-1910.0CVE-2011-0427
CONFIRM
CONFIRM
MLIST
XF
VUPEN
VUPEN
SECTRACK
BID
DEBIAN
SECUNIA
SECUNIA
verytools -- videospirit_liteBuffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "name" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2011-01-209.3CVE-2011-0499
SECUNIA
SECUNIA
verytools -- videospirit_liteBuffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "value" attribute, as demonstrated using a valitem with the mp3 name.2011-01-209.3CVE-2011-0500
EXPLOIT-DB
SECUNIA
SECUNIA

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
blackmoonftpserver -- blackmoon_ftp_serverFTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.2011-01-204.3CVE-2011-0507
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
catb -- gif2pngStack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.2011-01-146.8CVE-2009-5018
CONFIRM
MLIST
MLIST
FULLDISC
FEDORA
CONFIRM
CONFIRM
VUPEN
VUPEN
VUPEN
BID
MANDRIVA
GENTOO
SECUNIA
MLIST
MLIST
CONFIRM
catb -- gif2pngBuffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.2011-01-146.8CVE-2010-4694
CONFIRM
MLIST
MLIST
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRM
XF
VUPEN
VUPEN
VUPEN
BID
MANDRIVA
GENTOO
SECUNIA
MLIST
MLIST
catb -- gif2pngA certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.2011-01-145.0CVE-2010-4695
CONFIRM
MISC
BID
FEDORA
CONFIRM
CONFIRM
contao -- contao_cmsCross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php.2011-01-204.3CVE-2011-0508
CONFIRM
CONFIRM
XF
BUGTRAQ
OSVDB
SECUNIA
CONFIRM
digium -- asteriskStack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.2011-01-206.0CVE-2011-0495
MISC
BID
BUGTRAQ
CONFIRM
gnu -- gnashThe configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.2011-01-144.4CVE-2010-4337
BID
OSVDB
SECUNIA
MISC
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.2011-01-145.0CVE-2011-0470
XF
OSVDB
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.2011-01-145.0CVE-2011-0479
XF
OSVDB
CONFIRM
CONFIRM
hastymail -- hastymail2Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2011-01-185.0CVE-2009-5051
CONFIRM
hastymail -- hastymail2Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.2011-01-184.3CVE-2010-4646
CONFIRM
MLIST
MLIST
hypermail-project -- hypermailCross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages.2011-01-144.3CVE-2010-4339
MISC
ibm -- cognos_8_business_intelligenceCross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo parameter.2011-01-184.3CVE-2011-0486
XF
VUPEN
BID
BUGTRAQ
MISC
SECTRACK
icq -- icqICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.2011-01-186.8CVE-2011-0487
CERT-VN
XF
BID
BUGTRAQ
jikaka -- teams_structure_moduleSQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.2011-01-206.8CVE-2011-0512
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
kernel -- linuxinclude/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault.2011-01-144.9CVE-2010-3086
CONFIRM
CONFIRM
CONFIRM
REDHAT
CONFIRM
SECTRACK
MLIST
SUSE
CONFIRM
libpng -- libpngpngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.2011-01-186.8CVE-2011-0408
CERT-VN
XF
VUPEN
CONFIRM
SECTRACK
SECUNIA
OSVDB
lotuscms -- fraiseDirectory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.2011-01-205.1CVE-2011-0518
XF
VUPEN
EXPLOIT-DB
SECUNIA
OSVDB
muscle -- pcsc-liteSignedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.2011-01-184.4CVE-2010-4530
CONFIRM
FEDORA
FEDORA
MISC
VUPEN
MLIST
MLIST
muscle -- pcsc-liteStack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.2011-01-184.4CVE-2010-4531
CONFIRM
MLIST
MLIST
MLIST
MISC
CONFIRM
VUPEN
VUPEN
BID
SECUNIA
FEDORA
FEDORA
mysql -- mysqlMySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."2011-01-145.0CVE-2010-3833
CONFIRM
VUPEN
UBUNTU
BID
REDHAT
REDHAT
MANDRIVA
MANDRIVA
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
MISC
mysql -- mysqlUnspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."2011-01-144.0CVE-2010-3834
CONFIRM
VUPEN
UBUNTU
BID
MANDRIVA
MANDRIVA
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
MISC
mysql -- mysqlMySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.2011-01-144.0CVE-2010-3835
CONFIRM
VUPEN
UBUNTU
BID
REDHAT
REDHAT
MANDRIVA
MANDRIVA
DEBIAN
SECUNIA
CONFIRM
CONFIRM
MISC
mysql -- mysqlMySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.2011-01-144.0CVE-2010-3836
CONFIRM
CONFIRM
VUPEN
UBUNTU
BID
REDHAT
REDHAT
MANDRIVA
MANDRIVA
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
mysql -- mysqlMySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.2011-01-144.0CVE-2010-3837
CONFIRM
CONFIRM
VUPEN
UBUNTU
BID
REDHAT
REDHAT
MANDRIVA
MANDRIVA
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
mysql -- mysqlMySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."2011-01-144.0CVE-2010-3838
CONFIRM
VUPEN
UBUNTU
BID
REDHAT
REDHAT
MANDRIVA
MANDRIVA
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
MISC
mysql -- mysqlMySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.2011-01-144.0CVE-2010-3839
CONFIRM
UBUNTU
BID
REDHAT
REDHAT
MANDRIVA
MANDRIVA
CONFIRM
CONFIRM
CONFIRM
mysql -- mysqlThe Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.2011-01-144.0CVE-2010-3840
CONFIRM
MISC
CONFIRM
VUPEN
UBUNTU
BID
REDHAT
REDHAT
REDHAT
MANDRIVA
MANDRIVA
DEBIAN
SECUNIA
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management.2011-01-194.3CVE-2010-3587
VUPEN
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 10.1.2.3, 11.1.1.2.0, and 11.1.1.3.0 allows remote authenticated users to affect confidentiality and integrity, related to EUL Code & Schema.2011-01-195.5CVE-2010-3588
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout.2011-01-194.0CVE-2010-3589
VUPEN
BID
CONFIRM
SECUNIA
oracle -- database_serverUnspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS.2011-01-194.9CVE-2010-3590
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- enterprise_manager_grid_controlUnspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files.2011-01-196.4CVE-2010-3594
MISC
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- secure_backupUnspecified vulnerability in the mod_ssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors.2011-01-196.4CVE-2010-3596
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- database_serverUnspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2011-01-194.3CVE-2010-4413
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- vm_virtualboxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.2011-01-196.8CVE-2010-4414
VUPEN
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party researcher that this is a buffer overflow via a crafted XML soap request and a value that does not contain the expected 0x20 terminator character.2011-01-195.0CVE-2010-4416
MISC
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #31 and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture.2011-01-195.5CVE-2010-4419
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- database_serverUnspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2011-01-196.8CVE-2010-4421
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- database_serverUnspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors.2011-01-196.9CVE-2010-4423
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect availability via unknown vectors related to the Security sub-component.2011-01-195.0CVE-2010-4424
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect integrity, related to PIA Core Technology.2011-01-195.0CVE-2010-4426
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management.2011-01-194.0CVE-2010-4428
SECTRACK
BID
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management.2011-01-194.0CVE-2010-4430
SECTRACK
BID
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.0 through 8.50.14 and 8.51.0 through 8.51.04 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal.2011-01-194.0CVE-2010-4434
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- sunmcUnspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Console.2011-01-195.0CVE-2010-4436
VUPEN
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container.2011-01-195.8CVE-2010-4437
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- java_system_message_queueUnspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).2011-01-195.7CVE-2010-4438
VUPEN
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager Desktop.2011-01-194.0CVE-2010-4439
SECTRACK
BID
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager.2011-01-195.5CVE-2010-4441
SECTRACK
BID
CONFIRM
oracle -- openssoUnspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2011-01-196.8CVE-2010-4444
VUPEN
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager.2011-01-194.0CVE-2010-4445
SECTRACK
BID
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container.2011-01-194.3CVE-2010-4453
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.2011-01-196.4CVE-2010-4455
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- peoplesoft_and_jdedwards_product_suiteUnspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance.2011-01-195.5CVE-2010-4461
SECTRACK
BID
CONFIRM
oracle -- sun_convergenceUnspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.2011-01-196.4CVE-2010-4464
VUPEN
BID
CONFIRM
SECUNIA
php -- phpPHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.2011-01-185.0CVE-2006-7243
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
php -- phpUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.2011-01-186.8CVE-2010-4697
CONFIRM
CONFIRM
php -- phpStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via vectors related to the imagepstext function and invalid anti-aliasing.2011-01-185.0CVE-2010-4698
CONFIRM
CONFIRM
php -- phpThe set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.2011-01-186.8CVE-2010-4700
CONFIRM
CONFIRM
redhat -- icedteaThe JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.2011-01-206.8CVE-2010-4351
CONFIRM
MISC
BID
CONFIRM
remi_jean -- zwiiDirectory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set[template][value] parameter.2011-01-205.1CVE-2011-0505
XF
VUPEN
BID
OSVDB
EXPLOIT-DB
SECUNIA
rocomotion -- p_boardCross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.2011-01-204.3CVE-2010-3931
XF
BID
SECUNIA
JVNDB
JVN
CONFIRM
seopanel -- seopanelMultiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php.2011-01-204.3CVE-2010-4331
XF
MISC
BID
BUGTRAQ
EXPLOIT-DB
sun -- sunosUnspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.2011-01-194.1CVE-2010-4415
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via unknown vectors related to Ethernet and the Driver sub-component.2011-01-195.0CVE-2010-4433
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.2011-01-194.4CVE-2010-4440
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.2011-01-194.4CVE-2010-4442
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS.2011-01-194.4CVE-2010-4443
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand.2011-01-194.6CVE-2010-4446
BID
CONFIRM
sun -- java_system_communications_expressUnspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.2011-01-194.3CVE-2010-4456
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS.2011-01-194.1CVE-2010-4458
BID
CONFIRM
sun -- sunosUnspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs.2011-01-194.6CVE-2010-4459
BID
CONFIRM
todd_miller -- sudocheck.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.2011-01-184.4CVE-2011-0010
CONFIRM
CONFIRM
MISC
MLIST
MLIST
XF
VUPEN
CONFIRM
BID
OSVDB
SECUNIA
MLIST
CONFIRM
todd_miller -- sudoA certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.2011-01-206.9CVE-2011-0008
CONFIRM
FEDORA
tor -- torTor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.2011-01-195.0CVE-2011-0015
CONFIRM
CONFIRM
MLIST
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
MLIST
DEBIAN
SECUNIA
SECUNIA
tor -- torTor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.2011-01-195.0CVE-2011-0490
CONFIRM
CONFIRM
MLIST
CONFIRM
tor -- torThe tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."2011-01-195.0CVE-2011-0491
CONFIRM
CONFIRM
MLIST
CONFIRM
tor -- torTor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.2011-01-195.0CVE-2011-0492
CONFIRM
CONFIRM
CONFIRM
MLIST
tor -- torTor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.2011-01-195.0CVE-2011-0493
CONFIRM
CONFIRM
MLIST
CONFIRM
tsixm -- axdcmsDirectory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] parameter.2011-01-206.8CVE-2011-0506
XF
VUPEN
BID
EXPLOIT-DB
vaddin -- vaadinCross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page.2011-01-204.3CVE-2011-0509
XF
BID
CONFIRM
SECUNIA
OSVDB
MISC
vamshop -- vam_shopMultiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.2011-01-204.3CVE-2011-0504
BUGTRAQ
BUGTRAQ
BUGTRAQ
MISC
MISC
MISC
EXPLOIT-DB
SECUNIA
OSVDB
OSVDB
vamsoft -- vam_shopCross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.2011-01-206.8CVE-2011-0503
BUGTRAQ
MISC
EXPLOIT-DB
SECUNIA
OSVDB
wayneeseguin -- ruby_version_managerRuby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information.2011-01-206.8CVE-2010-3928
XF
BID
JVNDB
JVN

Back to top

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
jwilk -- ocrodjvuocrodjvu 0.4.6-1 on Debian GNU/Linux, when using Cuneiform as the OCR engine, allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked.2011-01-203.7CVE-2010-4338
CONFIRM
kingsoftsecurity -- kingsoft_antivirusKisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.2011-01-202.1CVE-2011-0515
XF
BID
BUGTRAQ
EXPLOIT-DB
SECUNIA
microsoft -- windows_2003_serverHeap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.2011-01-200.0CVE-2010-4701
SECTRACK
EXPLOIT-DB
SECUNIA
MISC
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders, Files & Attachments, a different vulnerability than CVE-2010-4429.2011-01-193.5CVE-2010-3505
VUPEN
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK.2011-01-191.9CVE-2010-3597
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- database_serverUnspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.2011-01-193.6CVE-2010-4420
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.2011-01-193.5CVE-2010-4425
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.2011-01-193.5CVE-2010-4427
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505.2011-01-193.5CVE-2010-4429
VUPEN
BID
CONFIRM
SECUNIA
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.2011-01-193.5CVE-2010-4432
VUPEN
BID
CONFIRM
SECUNIA
otrs -- otrsCross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.2011-01-202.6CVE-2010-4071
MISC
OSVDB
SECUNIA
CONFIRM
SUSE
MISC
sun -- sunosUnspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.2011-01-193.6CVE-2010-3586
BID
CONFIRM
sun -- java_system_portal_serverUnspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.2011-01-191.0CVE-2010-4431
VUPEN
BID
CONFIRM
SECUNIA
sun -- sunosUnspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.2011-01-193.6CVE-2010-4460
BID
CONFIRM
tor -- torTor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.2011-01-192.1CVE-2011-0016
CONFIRM
CONFIRM
CONFIRM
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
MLIST
DEBIAN
SECUNIA
SECUNIA
MLIST

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.