Vulnerability Summary for the Week of March 8, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
chumby -- chumby_classic | The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | 2010-03-10 | 10.0 | CVE-2010-0418 CONFIRM MISC |
cowon_america -- jetaudio | Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information. | 2010-03-05 | 9.3 | CVE-2009-4668 BUGTRAQ MILW0RM SECUNIA MISC |
dev4u -- dev4u_cms | SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter. | 2010-03-10 | 7.5 | CVE-2010-0951 XF BID MISC MISC |
energizer -- duo_usb | UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. | 2010-03-10 | 9.3 | CVE-2010-0103 CERT-VN MISC BID MISC |
grafxsoftware -- minicwb | Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/. | 2010-03-10 | 7.5 | CVE-2009-4693 XF VUPEN BID MILW0RM |
grupenet -- wp-lytebox | Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter. | 2010-03-05 | 7.5 | CVE-2009-4672 BID MILW0RM SECUNIA |
hotbrackets -- com_hotbrackets | SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 2010-03-08 | 7.5 | CVE-2010-0945 XF VUPEN BID MISC MISC |
hp -- openview_performance_insight | The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. | 2010-03-10 | 10.0 | CVE-2010-0447 XF MISC VUPEN BID SECUNIA HP HP |
hypersilence -- silentum_guestbook | SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter. | 2010-03-10 | 7.5 | CVE-2009-4687 XF MILW0RM |
ibm -- vios | Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. | 2010-03-10 | 7.2 | CVE-2010-0960 VUPEN AIXAPAR AIXAPAR AIXAPAR AIXAPAR SECTRACK |
ibm -- vios | Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. | 2010-03-10 | 7.2 | CVE-2010-0961 VUPEN AIXAPAR AIXAPAR AIXAPAR AIXAPAR SECTRACK |
inertialfate -- com_if_nexus | Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | 2010-03-08 | 7.5 | CVE-2009-4679 BID OSVDB MISC SECUNIA |
kiss-software -- com_ksadvertiser | SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | 2010-03-08 | 7.5 | CVE-2010-0946 XF BID MISC |
media-products -- bild_flirt_community | SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-03-10 | 7.5 | CVE-2010-0955 XF BID MISC SECUNIA MISC OSVDB MISC |
microsoft -- excel | Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0257 MS |
microsoft -- excel | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0258 MS |
microsoft -- excel | Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0260 MS |
microsoft -- excel | Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0261 MS |
microsoft -- excel | Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0262 MS |
microsoft -- excel | Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0263 MS MISC |
microsoft -- excel | Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0264 MS |
microsoft -- producer | Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." | 2010-03-10 | 9.3 | CVE-2010-0265 MS |
microsoft -- ie | Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010. | 2010-03-10 | 9.3 | CVE-2010-0806 CERT-VN VUPEN BID CONFIRM SECUNIA CONFIRM |
natychmiast-cms -- natychmiast-cms | Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php. | 2010-03-10 | 7.5 | CVE-2010-0950 XF BID BUGTRAQ MISC |
opencart -- opencart | SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 2010-03-10 | 7.5 | CVE-2010-0956 BID MISC |
phpdirectorysource -- phpdirectorysource | SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter. | 2010-03-10 | 7.5 | CVE-2009-4680 BID MILW0RM SECUNIA MISC |
preprojects -- pre_e-learning_portal | SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. | 2010-03-10 | 7.5 | CVE-2010-0954 XF BID MISC SECUNIA OSVDB MISC |
radscripts -- radlance | SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | 2010-03-10 | 7.5 | CVE-2009-4695 XF BID OSVDB MILW0RM SECUNIA |
radscripts -- radnics | SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | 2010-03-10 | 7.5 | CVE-2009-4696 XF BID OSVDB MILW0RM SECUNIA |
resalecode -- php_shopping_cart_selling_website_script | SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 2010-03-10 | 7.5 | CVE-2009-4689 VUPEN SECUNIA MISC |
resalecode -- classified_linktrader_script | SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter. | 2010-03-10 | 7.5 | CVE-2009-4691 VUPEN SECUNIA MISC |
samba -- samba | smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. | 2010-03-10 | 8.5 | CVE-2010-0728 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST |
scriptsez -- good/bad_vote | Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information. | 2010-03-10 | 7.5 | CVE-2009-4683 OSVDB MILW0RM SECUNIA |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- airport_express | The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. | 2010-03-10 | 5.0 | CVE-2010-0962 XF BID BUGTRAQ BUGTRAQ FULLDISC |
bbsmax -- bbsmax | Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 2010-03-10 | 4.3 | CVE-2010-0947 BID BUGTRAQ MISC |
bfs.kilu -- bigforum | SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-03-10 | 6.8 | CVE-2010-0948 XF BID MISC SECUNIA MISC OSVDB |
edgephp -- ezodiak | Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter. | 2010-03-10 | 4.3 | CVE-2009-4684 XF SECUNIA MISC OSVDB |
ibm -- enovia_smarteam | Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. | 2010-03-10 | 4.3 | CVE-2010-0959 BID BUGTRAQ |
insanevisions -- onecms | SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. | 2010-03-10 | 6.8 | CVE-2010-0952 XF BID MISC SECUNIA MISC |
joomlart -- com_jashowcase | Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. | 2010-03-08 | 5.0 | CVE-2010-0943 XF BID MISC SECUNIA MISC |
jvideodirect -- com_jvideodirect | Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-03-08 | 5.0 | CVE-2010-0942 XF BID MISC MISC |
natychmiast-cms -- natychmiast-cms | Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. | 2010-03-10 | 4.3 | CVE-2010-0949 XF BID BUGTRAQ MISC |
phpcoin -- phpcoin | Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | 2010-03-10 | 6.8 | CVE-2010-0953 XF BID MISC |
phpdirectorysource -- phpdirectorysource | Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter. | 2010-03-10 | 4.3 | CVE-2009-4681 BID MILW0RM SECUNIA MISC |
phplemon -- adquick | Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter. | 2010-03-10 | 4.3 | CVE-2009-4686 XF SECUNIA MISC OSVDB |
phpscriptsnow -- astrology | Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter. | 2010-03-10 | 4.3 | CVE-2009-4685 XF SECUNIA MISC OSVDB |
radscripts -- radlance | Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action. | 2010-03-10 | 4.3 | CVE-2009-4692 XF BID OSVDB MILW0RM SECUNIA |
radscripts -- radlance | Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-10 | 4.3 | CVE-2009-4694 XF SECUNIA OSVDB |
radscripts -- radnics | Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action. | 2010-03-10 | 4.3 | CVE-2009-4697 XF BID OSVDB MILW0RM SECUNIA |
resalecode -- php_shopping_cart_selling_website_script | Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters. | 2010-03-10 | 4.3 | CVE-2009-4688 VUPEN SECUNIA MISC |
sanusart -- simple_php_guestbook | Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 2010-03-08 | 4.3 | CVE-2010-0940 XF MISC SECUNIA MISC OSVDB |
saskia_bruckner -- saskias_shopsystem | Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter. | 2010-03-10 | 6.8 | CVE-2010-0957 XF BID MISC MISC |
scriptsez -- good/bad_vote | Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action. | 2010-03-10 | 4.3 | CVE-2009-4682 OSVDB MILW0RM SECUNIA |
thomas_perez -- tribisur | Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information. | 2010-03-10 | 6.8 | CVE-2010-0958 BID MISC SECUNIA MISC |
thorsten_riess -- com_jcollection | Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-03-08 | 5.0 | CVE-2010-0944 XF BID MISC MISC |
web-site-development -- etek_systems_hit_counter | Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php. | 2010-03-08 | 4.3 | CVE-2010-0941 XF OSVDB OSVDB OSVDB MISC SECUNIA MISC |
yourfreeworld -- programs_rating_script | Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php. | 2010-03-10 | 4.3 | CVE-2009-4690 XF VUPEN BID SECUNIA MISC OSVDB OSVDB |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ncpfs -- ncpfs | sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. | 2010-03-10 | 2.1 | CVE-2010-0790 FULLDISC BID BUGTRAQ BUGTRAQ |
ncpfs -- ncpfs | The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. | 2010-03-10 | 2.1 | CVE-2010-0791 FULLDISC BID BUGTRAQ BUGTRAQ |
samba -- samba | The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. | 2010-03-10 | 3.5 | CVE-2010-0926 CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST FULLDISC CONFIRM MISC FULLDISC FULLDISC FULLDISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.