Vulnerability Summary for the Week of March 1, 2010
Released
Mar 08, 2010
Document ID
SB10-067
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aleinbeen -- (nv2)_awards | SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. | 2010-03-02 | 7.5 | CVE-2010-0802 MISC SECUNIA MISC |
| beaussier -- roomphplanning | Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php. | 2010-03-05 | 7.5 | CVE-2009-4669 MILW0RM SECUNIA |
| beaussier -- roomphplanning | admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter. | 2010-03-05 | 7.5 | CVE-2009-4670 MILW0RM SECUNIA |
| beaussier -- roomphplanning | Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account. | 2010-03-05 | 7.5 | CVE-2009-4671 MILW0RM SECUNIA |
| bigantsoft -- bigant_messenger | Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660. | 2010-03-03 | 10.0 | CVE-2009-4660 MILW0RM VUPEN BID MILW0RM VIM SECUNIA |
| cisco -- unified_communications_manager | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985. | 2010-03-05 | 7.8 | CVE-2010-0587 CISCO BID SECTRACK |
| cisco -- unified_communications_manager | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823. | 2010-03-05 | 7.8 | CVE-2010-0588 CISCO BID SECTRACK |
| cisco -- unified_communications_manager | The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188. | 2010-03-05 | 7.8 | CVE-2010-0590 CISCO BID SECTRACK |
| cisco -- unified_communications_manager | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362. | 2010-03-05 | 7.8 | CVE-2010-0591 CISCO BID SECTRACK |
| cisco -- unified_communications_manager | The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800. | 2010-03-05 | 7.8 | CVE-2010-0592 CISCO BID SECTRACK |
| commodityrentals -- books/ebooks_rentals_script | SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action. | 2010-03-02 | 7.5 | CVE-2010-0761 XF BID MISC MISC SECUNIA MISC OSVDB |
| commodityrentals -- cd_rental_software | SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | 2010-03-02 | 7.5 | CVE-2010-0762 XF BID OSVDB MISC MISC SECUNIA MISC |
| commodityrentals -- vacation_rental_software | SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action. | 2010-03-02 | 7.5 | CVE-2010-0763 BID MISC SECUNIA |
| cowon_america -- jetaudio | Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information. | 2010-03-05 | 7.5 | CVE-2009-4668 BUGTRAQ MILW0RM SECUNIA MISC |
| e-soft.co -- dj_studio_pro | Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information. | 2010-03-03 | 9.3 | CVE-2009-4656 XF VUPEN MILW0RM SECUNIA |
| emc -- legato_networker | Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size. | 2010-03-05 | 10.0 | CVE-2009-2753 VUPEN MISC BID BUGTRAQ AIXAPAR AIXAPAR SECTRACK SECUNIA |
| emc -- legato_networker | Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow. | 2010-03-05 | 10.0 | CVE-2009-2754 VUPEN VUPEN XF MISC BID BUGTRAQ AIXAPAR AIXAPAR SECUNIA |
| grupenet -- wp-lytebox_plugin | Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter. | 2010-03-05 | 7.5 | CVE-2009-4672 BID MILW0RM SECUNIA |
| harmistechnology -- com_jeeventcalendar | SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php. | 2010-03-02 | 7.5 | CVE-2010-0795 XF BID MISC SECUNIA OSVDB |
| harmistechnology -- com_jeeventcalendar | SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php. | 2010-03-02 | 7.5 | CVE-2010-0796 XF BID MISC SECUNIA MISC OSVDB |
| ibm -- lotus_inotes | Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. | 2010-03-03 | 10.0 | CVE-2010-0918 XF VUPEN BID CONFIRM |
| ibm -- domino_web_access | Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. | 2010-03-03 | 7.6 | CVE-2010-0919 VUPEN XF VUPEN BID BID OSVDB CONFIRM CONFIRM SECTRACK SECUNIA SECUNIA SECUNIA IDEFENSE |
| ibm -- aix | Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be triggered entirely by an administrator's installation of an official service pack. | 2010-03-03 | 7.8 | CVE-2010-0922 CONFIRM BID AIXAPAR CONFIRM |
| ibm -- lotus_notes | Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. | 2010-03-05 | 7.5 | CVE-2009-3032 CONFIRM BID IDEFENSE |
| joomservices -- com_dms | SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php. | 2010-03-02 | 7.5 | CVE-2010-0800 XF BID BID MISC SECUNIA OSVDB |
| jvideodirect -- com_jvideodirect | SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php. | 2010-03-02 | 7.5 | CVE-2010-0803 XF BID MISC SECUNIA MISC OSVDB |
| kuwaitphp -- esmile | SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action. | 2010-03-02 | 7.5 | CVE-2010-0764 XF MISC SECUNIA MISC OSVDB |
| libpng -- libpng | The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. | 2010-03-03 | 7.8 | CVE-2010-0205 CERT-VN BID CONFIRM CONFIRM |
| luxology -- modo | Integer overflow in the Swap4 function in valet4.dll in Luxology Modo 401 allows user-assisted remote attackers to execute arbitrary code via a .LXO file containing a CHNL subchunk associated with an invalid length. | 2010-03-03 | 9.3 | CVE-2010-0766 BID BUGTRAQ MISC |
| microsoft -- windows_2000 | VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed. | 2010-03-03 | 7.6 | CVE-2010-0483 CERT-VN MISC XF VUPEN MISC BID OSVDB CONFIRM MISC SECTRACK SECUNIA MISC MISC CONFIRM CONFIRM CONFIRM |
| microsoft -- windows_2000 | Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. | 2010-03-03 | 7.6 | CVE-2010-0917 XF MISC BID CONFIRM MISC MISC CONFIRM |
| moinmo -- moinmoin | MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. | 2010-02-26 | 7.5 | CVE-2010-0669 BID MLIST MLIST MLIST SECUNIA CONFIRM CONFIRM CONFIRM |
| mole-group -- adult_portal_script | SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 2010-03-05 | 7.5 | CVE-2009-4673 XF MILW0RM SECUNIA |
| mole-group -- buss_ticket_script | admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field. | 2010-03-05 | 7.5 | CVE-2009-4674 XF BID MILW0RM |
| mole-group -- gastro_portal_(restaurant_directory)_script | admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission. | 2010-03-05 | 7.5 | CVE-2009-4675 XF BID MILW0RM |
| novell -- edirectory | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. | 2010-02-26 | 9.0 | CVE-2009-4653 XF BID BUGTRAQ |
| novell -- edirectory | The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | 2010-02-26 | 7.5 | CVE-2009-4655 MISC MISC OSVDB |
| omidrouhani -- xerver | The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | 2010-03-03 | 7.5 | CVE-2009-4657 BID MILW0RM |
| phpmember -- webmember | SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter. | 2010-03-05 | 7.5 | CVE-2009-4667 VUPEN MILW0RM SECUNIA |
| qualityunit -- download_protect | Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/EmailTemplates.class.php, (2) Customers/PDPEmailReplaceConstants.class.php, and (3) Admin/ResellersManager.class.php in includes/DProtect/. | 2010-03-05 | 7.5 | CVE-2009-4666 MILW0RM |
| quiksoft -- easymail_objects | Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method. | 2010-03-03 | 9.3 | CVE-2009-4663 XF BID MILW0RM MISC |
| snowflake -- t3blog | SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-03-02 | 7.5 | CVE-2010-0798 CONFIRM CONFIRM BID SECUNIA |
| wikyblog -- wikyblog | PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter. | 2010-02-26 | 7.5 | CVE-2010-0755 BID MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- http_server | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | 2010-03-05 | 5.0 | CVE-2010-0408 CONFIRM CONFIRM CONFIRM BID MANDRIVA CONFIRM |
| apple -- safari | cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. | 2010-03-03 | 5.0 | CVE-2010-0924 BID MISC |
| apple -- safari | cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. | 2010-03-03 | 5.0 | CVE-2010-0925 MISC |
| bigantsoft -- bigant_server | Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item. | 2010-03-03 | 4.3 | CVE-2009-4661 MILW0RM MILW0RM |
| cutesoft_components -- cute_editor_for_asp.net | Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 2010-03-05 | 5.0 | CVE-2009-4665 BID XF MILW0RM |
| fipsasp -- fipsforum | fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb. | 2010-03-02 | 5.0 | CVE-2010-0765 XF MISC MISC |
| ibm -- lotus_inotes | Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | 2010-03-03 | 4.3 | CVE-2010-0920 VUPEN BID CONFIRM |
| ibm -- lotus_inotes | Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | 2010-03-03 | 6.8 | CVE-2010-0921 XF VUPEN BID CONFIRM |
| ibm -- lotus_domino | Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920. | 2010-03-05 | 4.3 | CVE-2010-0927 BID MISC |
| kde -- kde_sc | Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. | 2010-03-03 | 6.9 | CVE-2010-0923 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM SECTRACK SECUNIA MLIST MLIST MLIST CONFIRM |
| kvm_qumranet -- kvm | The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch. | 2010-03-05 | 4.4 | CVE-2010-0419 CONFIRM BID REDHAT SECTRACK |
| mp3-cutter -- ease_audio_cutter | Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows user-assisted remote attackers to cause a denial of service (application crash) via a long string in a WAV file. | 2010-03-03 | 4.3 | CVE-2009-4659 XF MILW0RM |
| ncpfs -- ncpfs | ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. | 2010-03-02 | 4.4 | CVE-2010-0788 CONFIRM CONFIRM SECUNIA SECUNIA FEDORA FEDORA |
| netartmedia -- iboutique | Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action. | 2010-03-02 | 4.3 | CVE-2010-0804 BUGTRAQ SECUNIA MISC |
| novell -- groupwise | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter. | 2010-03-03 | 4.3 | CVE-2009-4662 XF VUPEN SECTRACK BID CONFIRM SECUNIA |
| omidrouhani -- xerver | Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. | 2010-03-03 | 4.0 | CVE-2009-4658 XF MILW0RM |
| perlunity -- phpunity.newsmanager | Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | 2010-03-02 | 5.0 | CVE-2010-0799 MISC SECUNIA MISC OSVDB |
| samba -- samba | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. | 2010-03-02 | 4.4 | CVE-2010-0787 CONFIRM BID CONFIRM CONFIRM XF UBUNTU SECUNIA SECUNIA SECUNIA FEDORA FEDORA CONFIRM CONFIRM |
| snowflake -- t3blog | Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-03-02 | 4.3 | CVE-2010-0797 CONFIRM CONFIRM BID SECUNIA |
| tdiary -- tdiary | Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters. | 2010-03-02 | 4.3 | CVE-2010-0726 CONFIRM BID MISC SECUNIA OSVDB JVNDB JVN |
| wikyblog -- wikyblog | Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action. | 2010-02-26 | 4.3 | CVE-2010-0754 VUPEN BID MISC SECUNIA MISC OSVDB |
| wikyblog -- wikyblog | Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/. | 2010-02-26 | 6.5 | CVE-2010-0757 BID MISC MISC |
| zenoss -- zenoss | Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters. | 2010-02-26 | 6.5 | CVE-2010-0712 XF CONFIRM BID MISC SECUNIA OSVDB MISC |
| zenoss -- zenoss | Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. | 2010-02-26 | 6.8 | CVE-2010-0713 CONFIRM BID BUGTRAQ MISC SECUNIA OSVDB |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| autartica -- com_autartitarot | Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. | 2010-03-02 | 3.5 | CVE-2010-0801 BID SECUNIA MISC OSVDB |
| fuse -- fuse | fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. | 2010-03-02 | 3.3 | CVE-2010-0789 CONFIRM BID DEBIAN CONFIRM CONFIRM XF UBUNTU CONFIRM SECUNIA SECUNIA SECUNIA SECUNIA FEDORA FEDORA CONFIRM |
| fwbuilder -- firewall_builder | Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script. | 2010-03-03 | 3.3 | CVE-2009-4664 CONFIRM XF BID CONFIRM SECUNIA OSVDB FEDORA CONFIRM |
| ngircd -- ngircd | The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error. | 2010-02-26 | 2.6 | CVE-2009-4652 XF VUPEN BID SECUNIA CONFIRM CONFIRM CONFIRM MISC |
| puppet -- puppet | Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. | 2010-03-03 | 3.3 | CVE-2010-0156 CONFIRM SECUNIA MLIST FEDORA FEDORA MLIST |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.