Vulnerability Summary for the Week of February 22, 2010
Released
Mar 01, 2010
Document ID
SB10-060
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_reader | Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | 2010-02-22 | 10.0 | CVE-2010-0188 XF VUPEN BID REDHAT CONFIRM SECTRACK SECUNIA |
| adobe -- download_manager | Unspecified vulnerability in Adobe Download Manager allows remote attackers to force the download and installation of arbitrary programs via unknown vectors. | 2010-02-23 | 10.0 | CVE-2010-0189 XF BID MISC MISC MISC |
| aspcodecms -- aspcode_cms | SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-02-25 | 7.5 | CVE-2010-0710 SECUNIA OSVDB |
| avast -- avast_antivirus_home | Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. | 2010-02-25 | 7.2 | CVE-2010-0705 VUPEN MISC SECTRACK BID BUGTRAQ SECUNIA SECUNIA OSVDB CONFIRM |
| cisco -- asa_5500 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka "TCP Connection Exhaustion Denial of Service Vulnerability." | 2010-02-19 | 7.8 | CVE-2010-0149 XF VUPEN SECTRACK BID CISCO SECUNIA SECUNIA OSVDB |
| cisco -- asa_5500 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157. | 2010-02-19 | 7.8 | CVE-2010-0150 XF VUPEN SECTRACK BID CISCO SECUNIA SECUNIA OSVDB |
| cisco -- firewall_services_module | The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message. | 2010-02-19 | 7.8 | CVE-2010-0151 CISCO CISCO XF VUPEN SECTRACK BID SECUNIA OSVDB |
| cisco -- asa_5500 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability." | 2010-02-19 | 7.8 | CVE-2010-0565 XF VUPEN SECTRACK BID CISCO SECUNIA OSVDB |
| cisco -- asa_5500 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219. | 2010-02-19 | 7.1 | CVE-2010-0566 XF VUPEN SECTRACK BID CISCO SECUNIA OSVDB |
| cisco -- asa_5500 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953. | 2010-02-19 | 7.1 | CVE-2010-0568 XF VUPEN SECTRACK BID CISCO SECUNIA SECUNIA OSVDB |
| cisco -- asa_5500 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018. | 2010-02-19 | 7.8 | CVE-2010-0569 XF VUPEN SECTRACK BID CISCO SECUNIA SECUNIA OSVDB |
| cisco -- security_agents | Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets." | 2010-02-23 | 7.8 | CVE-2010-0148 SECUNIA XF VUPEN SECTRACK BID CISCO OSVDB |
| commodityrentals -- video_games_rentals | SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action. | 2010-02-23 | 7.5 | CVE-2010-0690 XF MISC SECUNIA MISC OSVDB |
| commodityrentals -- trade_manager_script | SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 2010-02-23 | 7.5 | CVE-2010-0693 XF MISC SECUNIA MISC OSVDB |
| copperleaf -- photolog | SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 2010-02-22 | 7.5 | CVE-2010-0673 BID MISC SECUNIA MISC OSVDB |
| dynamicsoft -- wsc_cms | SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information. | 2010-02-23 | 7.5 | CVE-2010-0698 XF BID MISC SECUNIA MISC |
| emc -- homebase_server | Directory traversal vulnerability in the SSL Service in EMC HomeBase Server allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter. | 2010-02-24 | 7.5 | CVE-2010-0620 MISC VUPEN BID |
| fonality -- trixbox | SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 2010-02-23 | 7.5 | CVE-2010-0702 XF BID MISC MISC |
| hyleos -- chemview | Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods. | 2010-02-22 | 9.3 | CVE-2010-0679 BID MISC MISC SECUNIA MISC MISC OSVDB |
| iptechinside -- com_jquarks | SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-02-23 | 7.5 | CVE-2010-0692 CONFIRM BID OSVDB SECUNIA |
| jtl-software -- jtl-shop | SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter. | 2010-02-23 | 7.5 | CVE-2010-0691 MISC SECUNIA OSVDB |
| katalog.hurricane -- katalog_stron_hurricane | SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter. | 2010-02-22 | 7.5 | CVE-2010-0677 MISC SECUNIA MISC OSVDB |
| michalin -- kr_media_pogodny_cms | SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action. | 2010-02-22 | 7.5 | CVE-2010-0671 BID BUGTRAQ OSVDB MISC SECUNIA MISC MISC |
| mit -- kerberos | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. | 2010-02-22 | 7.8 | CVE-2010-0283 BID BUGTRAQ CONFIRM SECTRACK SECUNIA FEDORA |
| mozilla -- firefox | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | 2010-02-22 | 10.0 | CVE-2009-1571 CONFIRM XF VUPEN UBUNTU UBUNTU BUGTRAQ REDHAT REDHAT CONFIRM MANDRIVA DEBIAN MISC SECUNIA FEDORA FEDORA FEDORA |
| mozilla -- firefox | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | 2010-02-22 | 10.0 | CVE-2010-0159 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM XF VUPEN UBUNTU UBUNTU REDHAT REDHAT CONFIRM MANDRIVA DEBIAN SECUNIA FEDORA FEDORA FEDORA |
| mozilla -- firefox | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | 2010-02-22 | 10.0 | CVE-2010-0160 VUPEN CONFIRM CONFIRM CONFIRM XF UBUNTU UBUNTU REDHAT CONFIRM MANDRIVA DEBIAN SECUNIA FEDORA FEDORA FEDORA |
| newgensoft -- omnidocs | SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-02-23 | 7.5 | CVE-2010-0701 XF BID MISC SECUNIA MISC OSVDB |
| onnogroen -- com_webeecomment | SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. | 2010-02-22 | 7.5 | CVE-2009-4650 BID OSVDB SECUNIA MISC |
| percha -- com_perchagallery | SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. | 2010-02-23 | 7.5 | CVE-2010-0694 XF BID MISC MISC MISC |
| sun -- java_system_directory_server | Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of service (daemon crash) via a crafted LDAP search request. | 2010-02-25 | 7.8 | CVE-2010-0708 CONFIRM SUNALERT |
| symantec -- antivirus | Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function. | 2010-02-19 | 10.0 | CVE-2010-0108 XF VUPEN CONFIRM BID SECUNIA |
| symantec -- client_security | Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site." | 2010-02-23 | 9.3 | CVE-2010-0107 XF VUPEN CONFIRM SECTRACK SECTRACK SECTRACK SECTRACK BID SECUNIA OSVDB |
| systemtap -- systemtap | stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273. | 2010-02-24 | 7.5 | CVE-2010-0412 BID MLIST FEDORA FEDORA |
| uzbl -- uzbl | The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code. | 2010-02-25 | 7.5 | CVE-2010-0011 CONFIRM MLIST MLIST MLIST CONFIRM CONFIRM |
| webmastersite -- wsn_guest | SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter. | 2010-02-22 | 7.5 | CVE-2010-0672 XF BID MISC MISC |
| zeuscms -- zeuscms | Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | 2010-02-22 | 7.5 | CVE-2010-0680 BID MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 2enetworx -- statcountex | StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. | 2010-02-22 | 5.0 | CVE-2010-0674 XF MISC MISC |
| aspcodecms -- aspcode_cms | Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter. | 2010-02-25 | 6.8 | CVE-2010-0711 SECUNIA MISC OSVDB |
| basic-cms -- basic-cms | Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter. | 2010-02-23 | 4.3 | CVE-2010-0695 BID MISC |
| bgsvetionik -- bgs_cms | Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information. | 2010-02-22 | 4.3 | CVE-2010-0675 BID SECUNIA MISC OSVDB |
| ca -- ehealth_performance_manager | Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. | 2010-02-24 | 4.3 | CVE-2010-0640 BID BUGTRAQ FULLDISC |
| cisco -- asa_5500 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782. | 2010-02-19 | 5.0 | CVE-2010-0567 XF VUPEN SECTRACK BID CISCO SECUNIA SECUNIA OSVDB |
| cisco -- security_agents | Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2010-02-23 | 6.8 | CVE-2010-0146 XF VUPEN SECTRACK BID CISCO SECUNIA OSVDB |
| cisco -- security_agents | SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2010-02-23 | 6.5 | CVE-2010-0147 CISCO SECUNIA XF VUPEN SECTRACK BID OSVDB |
| digium -- asterisk | The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available. | 2010-02-23 | 5.0 | CVE-2010-0685 XF VUPEN SECTRACK BUGTRAQ MISC SECUNIA CONFIRM |
| geccbblite -- geccbblite | Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php. | 2010-02-22 | 4.3 | CVE-2009-4649 XF BID MISC MISC MISC |
| ibm -- websphere_portal | Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. | 2010-02-24 | 4.3 | CVE-2010-0704 AIXAPAR SECUNIA |
| iptechinside -- com_jquarks | Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors. | 2010-02-22 | 5.0 | CVE-2010-0670 CONFIRM |
| joomlaworks -- jw_allvideos | Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. | 2010-02-23 | 5.0 | CVE-2010-0696 BID CONFIRM MISC SECUNIA OSVDB |
| katalog.hurricane -- katalog_stron_hurricane | PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter. | 2010-02-22 | 6.8 | CVE-2010-0678 MISC SECUNIA MISC OSVDB |
| limny -- limny | Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php. | 2010-02-25 | 6.8 | CVE-2010-0709 CONFIRM XF MISC MISC SECUNIA OSVDB |
| linux -- kernel | drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. | 2010-02-22 | 4.9 | CVE-2010-0410 CONFIRM CONFIRM BID MLIST MLIST DEBIAN SECUNIA SECUNIA FEDORA FEDORA CONFIRM |
| mozilla -- firefox | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | 2010-02-22 | 5.0 | CVE-2009-3988 CONFIRM XF VUPEN UBUNTU UBUNTU REDHAT CONFIRM MANDRIVA DEBIAN SECUNIA FEDORA FEDORA FEDORA |
| mozilla -- firefox | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | 2010-02-22 | 4.3 | CVE-2010-0162 CONFIRM XF VUPEN UBUNTU UBUNTU REDHAT CONFIRM MANDRIVA DEBIAN SECUNIA FEDORA FEDORA FEDORA |
| novell -- opensuse | openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors. | 2010-02-22 | 4.6 | CVE-2010-0299 SUSE |
| onnogroen -- com_webeecomment | Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. | 2010-02-22 | 4.3 | CVE-2009-4651 BID MISC |
| pidgin -- pidgin | libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | 2010-02-24 | 5.0 | CVE-2010-0420 CONFIRM REDHAT CONFIRM XF VUPEN UBUNTU BID OSVDB MANDRIVA SECUNIA SECUNIA SECUNIA SECUNIA CONFIRM FEDORA FEDORA FEDORA |
| pidgin -- pidgin | gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat. | 2010-02-24 | 5.0 | CVE-2010-0423 VUPEN CONFIRM REDHAT CONFIRM XF UBUNTU BID OSVDB MANDRIVA SECUNIA SECUNIA SECUNIA SECUNIA FEDORA FEDORA FEDORA CONFIRM |
| portwise -- ssl_vpn | Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. | 2010-02-23 | 4.3 | CVE-2010-0703 BID BUGTRAQ MISC SECUNIA MISC |
| subexworld -- nikira_fraud_management_system | Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 2010-02-25 | 4.3 | CVE-2010-0706 XF BID MISC SECUNIA |
| sun -- one_web_server | Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. | 2010-02-25 | 5.0 | CVE-2003-1589 SUNALERT |
| sun -- one_web_server | Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. | 2010-02-25 | 5.0 | CVE-2003-1590 SUNALERT |
| tibco -- administrator | Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials. | 2010-02-25 | 6.0 | CVE-2010-0683 CONFIRM VUPEN CONFIRM BID SECUNIA |
| timeclock-software -- employee_timeclock_software | Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information. | 2010-02-25 | 6.0 | CVE-2010-0707 XF MISC SECUNIA OSVDB |
| todd_miller -- sudo | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | 2010-02-24 | 4.4 | CVE-2010-0426 CONFIRM BID CONFIRM VUPEN MISC CONFIRM CONFIRM CONFIRM SECUNIA MISC |
| todd_miller -- sudo | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | 2010-02-25 | 4.4 | CVE-2010-0427 CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM CONFIRM |
| typo3 -- typo3 | Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication. | 2010-02-22 | 5.0 | CVE-2010-0286 XF VUPEN CONFIRM SECUNIA OSVDB |
| videosearchscript -- videosearchscript_pro | Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 2010-02-23 | 4.3 | CVE-2010-0699 SECUNIA MISC |
| wampserver -- wampserver | Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2010-02-23 | 4.3 | CVE-2010-0700 MISC MISC SECUNIA |
| weberr -- com_rwcards | Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | 2010-02-22 | 5.0 | CVE-2010-0676 BID SECUNIA MISC |
| wordpress -- wordpress | WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | 2010-02-23 | 4.0 | CVE-2010-0682 CONFIRM CONFIRM OSVDB MISC SECUNIA MISC |
| zeuscms -- zeuscms | ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. | 2010-02-22 | 5.0 | CVE-2010-0681 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| becauseinter -- bournal | Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. | 2010-02-24 | 3.6 | CVE-2010-0118 BID BUGTRAQ MISC SECUNIA |
| becauseinter -- bournal | Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing." | 2010-02-24 | 2.1 | CVE-2010-0119 BID BUGTRAQ MISC SECUNIA |
| fedorahosted -- cronie | The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. | 2010-02-25 | 3.3 | CVE-2010-0424 CONFIRM BID SECUNIA SECUNIA FEDORA CONFIRM |
| gnome -- screensaver | gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | 2010-02-24 | 2.1 | CVE-2010-0285 CONFIRM CONFIRM XF BID CONFIRM CONFIRM |
| gnome -- screensaver | gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414. | 2010-02-24 | 2.1 | CVE-2010-0422 CONFIRM CONFIRM XF BID SECUNIA SECUNIA MLIST FEDORA CONFIRM CONFIRM CONFIRM CONFIRM |
| ilya_ivanchenko -- itweak_upload | Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. | 2010-02-23 | 3.5 | CVE-2010-0697 BID CONFIRM CONFIRM CONFIRM XF SECUNIA OSVDB |
| symantec -- antivirus | The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, Client Security 3.0.x and 3.1.x before MR9, and Endpoint Protection 11.x, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. | 2010-02-19 | 1.9 | CVE-2010-0106 XF VUPEN CONFIRM SECTRACK BID SECUNIA OSVDB |
| symantec -- im_manager | Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-02-23 | 3.5 | CVE-2009-3036 VUPEN CONFIRM BID SECUNIA OSVDB |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.