Vulnerability Summary for the Week of March 22, 2010
Released
Mar 29, 2010
Document ID
SB10-088
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advertisementmanager -- advertisementmanager | PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | 2010-03-25 | 7.5 | CVE-2010-1106 XF MISC |
| alexandre_dubus -- audistat | SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter. | 2010-03-22 | 7.5 | CVE-2010-1050 MISC SECUNIA MISC |
| alexandre_dubus -- audistat | Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-22 | 7.5 | CVE-2010-1051 SECUNIA |
| apple -- safari | Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. | 2010-03-25 | 10.0 | CVE-2010-1120 MISC MISC MISC |
| cisco -- ios | Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893. | 2010-03-25 | 7.8 | CVE-2010-0576 CISCO |
| cisco -- ios | Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186. | 2010-03-25 | 7.1 | CVE-2010-0577 CISCO |
| cisco -- 7200_router | The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. | 2010-03-25 | 7.8 | CVE-2010-0578 CISCO |
| cisco -- ios | The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability." | 2010-03-25 | 7.8 | CVE-2010-0579 CISCO CONFIRM |
| cisco -- ios | Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability." | 2010-03-25 | 10.0 | CVE-2010-0580 CISCO CONFIRM |
| cisco -- ios | Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability." | 2010-03-25 | 10.0 | CVE-2010-0581 CISCO CONFIRM |
| cisco -- ios | Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. | 2010-03-25 | 7.8 | CVE-2010-0582 CISCO |
| cisco -- ios | Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855. | 2010-03-25 | 7.8 | CVE-2010-0583 CISCO |
| cisco -- ios | Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250. | 2010-03-25 | 7.8 | CVE-2010-0584 CISCO |
| cisco -- ios | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability." | 2010-03-25 | 7.8 | CVE-2010-0585 CISCO CONFIRM |
| cisco -- ios | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability." | 2010-03-25 | 7.8 | CVE-2010-0586 CISCO CONFIRM |
| comscripts -- web_server_creator_web_portal | Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php. | 2010-03-25 | 7.5 | CVE-2010-1114 XF BID MISC |
| design-cars -- com_productbook | SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information. | 2010-03-22 | 7.5 | CVE-2010-1045 VUPEN MISC SECUNIA |
| entrylevelcms -- el_cms | SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter. | 2010-03-23 | 7.5 | CVE-2010-1075 SECUNIA MISC OSVDB |
| ibm -- db2_content_manager | Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. | 2010-03-22 | 10.0 | CVE-2010-1041 AIXAPAR VUPEN BID OSVDB CONFIRM SECTRACK SECUNIA |
| imagoscripts -- deviant_art_clone | SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action. | 2010-03-23 | 7.5 | CVE-2010-1070 XF VUPEN MISC SECUNIA MISC OSVDB |
| jaxcms -- jaxcms | Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. | 2010-03-22 | 7.5 | CVE-2010-1043 MISC SECUNIA OSVDB |
| joshprakash -- com_jembed | SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. | 2010-03-23 | 7.5 | CVE-2010-1073 XF VUPEN MISC SECUNIA OSVDB |
| lexmark -- x94x | Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command. | 2010-03-24 | 7.3 | CVE-2010-0619 BID BUGTRAQ CONFIRM |
| linux -- kernel | The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. | 2010-03-24 | 7.8 | CVE-2010-0437 CONFIRM MLIST MLIST CONFIRM CONFIRM CONFIRM |
| manageengine -- oputils | SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. | 2010-03-22 | 7.5 | CVE-2010-1044 XF BID MISC MISC |
| masa2el -- music_city | SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action. | 2010-03-22 | 7.5 | CVE-2010-1047 XF MISC SECUNIA MISC OSVDB |
| microsoft -- windows_vista | The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. | 2010-03-24 | 7.1 | CVE-2010-1098 XF BID MISC MISC |
| microsoft -- ie | Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. | 2010-03-25 | 7.6 | CVE-2010-1117 MISC MISC MISC MISC |
| microsoft -- internet_explorer | Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. | 2010-03-25 | 10.0 | CVE-2010-1118 MISC MISC MISC MISC |
| miethner-scripting -- dz_erotik_auktionshaus_v4rgo | SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-03-24 | 7.5 | CVE-2010-1094 XF MISC SECUNIA OSVDB MISC |
| mozilla -- firefox | Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. | 2010-03-19 | 9.3 | CVE-2010-1028 CERT-VN MISC CONFIRM CONFIRM MISC MISC SECUNIA MISC CONFIRM MISC |
| mozilla -- seamonkey | The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation. | 2010-03-22 | 7.1 | CVE-2009-3385 VUPEN CONFIRM BID CONFIRM SECUNIA |
| mozilla -- firefox | Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. | 2010-03-25 | 9.3 | CVE-2010-0164 CONFIRM BID CONFIRM |
| mozilla -- firefox | The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. | 2010-03-25 | 9.3 | CVE-2010-0165 CONFIRM BID CONFIRM |
| mozilla -- firefox | The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. | 2010-03-25 | 9.3 | CVE-2010-0167 CONFIRM CONFIRM CONFIRM BID |
| mozilla -- firefox | The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. | 2010-03-25 | 7.6 | CVE-2010-0168 BID CONFIRM CONFIRM |
| mozilla -- firefox | Unspecified vulnerability in Mozilla Firefox 3 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. | 2010-03-25 | 10.0 | CVE-2010-1121 MISC MISC MISC |
| mozilla -- firefox | Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028. | 2010-03-25 | 10.0 | CVE-2010-1122 CONFIRM |
| parscms -- parscms | Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp. | 2010-03-23 | 7.5 | CVE-2010-1054 BID BUGTRAQ SECUNIA MISC OSVDB OSVDB |
| phpmdj -- phpmdj | SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-03-23 | 7.5 | CVE-2010-1071 XF BID MISC SECUNIA MISC |
| phpmysite -- phpmysite | SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter. | 2010-03-24 | 7.5 | CVE-2010-1090 XF VUPEN MISC MISC |
| phptroubleticket -- php_trouble_ticket | SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-03-24 | 7.5 | CVE-2010-1089 SECUNIA MISC |
| proarcadescript -- proarcadescript | SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-03-23 | 7.5 | CVE-2010-1069 BID MISC SECUNIA MISC |
| ryan_marshall -- rostermain | Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters. | 2010-03-22 | 7.5 | CVE-2010-1046 VUPEN MISC SECUNIA OSVDB |
| scriptsfeed -- business_directory_software | Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters. | 2010-03-24 | 7.5 | CVE-2010-1092 XF VUPEN BID MISC SECUNIA OSVDB |
| scriptsfeed -- dating_software | Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-24 | 7.5 | CVE-2010-1096 VUPEN SECUNIA OSVDB |
| sphere.xlentprojects -- spherecms | SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism. | 2010-03-23 | 7.5 | CVE-2010-1078 XF BID BUGTRAQ MISC MISC |
| uiga -- business_portal | Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php. | 2010-03-22 | 7.5 | CVE-2010-1049 VUPEN MISC SECUNIA |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| awcm | AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. | 2010-03-23 | 5.0 | CVE-2010-1066 XF MISC SECUNIA MISC |
| 1024cms -- 1024_cms | SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action. | 2010-03-24 | 6.8 | CVE-2010-1093 BID MISC SECUNIA |
| 2bits -- currency | Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. | 2010-03-23 | 4.3 | CVE-2010-1074 CONFIRM CONFIRM XF VUPEN BID SECUNIA OSVDB |
| advertisementmanager -- advertisementmanager | Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter. | 2010-03-25 | 4.3 | CVE-2010-1105 XF MISC SECUNIA OSVDB |
| alexandre_dubus -- audistat | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-22 | 4.3 | CVE-2010-1052 SECUNIA |
| apple -- safari | Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | 2010-03-24 | 5.0 | CVE-2010-1099 BUGTRAQ |
| apple -- safari | Unspecified vulnerability in Safari on Apple iPhone OS allows remote attackers to read the SMS database or other data via unknown vectors, as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | 2010-03-25 | 5.0 | CVE-2010-1119 MISC MISC MISC |
| arora-browser -- arora | Integer overflow in Arora allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | 2010-03-24 | 5.0 | CVE-2010-1100 BUGTRAQ |
| aspindir -- erolife_ajxgaleri_vt | Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. | 2010-03-23 | 5.0 | CVE-2010-1064 XF MISC SECUNIA MISC |
| aspindir -- lookmer_muzik_portal | LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. | 2010-03-25 | 5.0 | CVE-2010-1116 XF MISC SECUNIA OSVDB |
| comscripts -- web_server_creator_web_portal | Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php. | 2010-03-25 | 4.3 | CVE-2010-1113 XF BID MISC |
| comscripts -- web_server_creator_web_portal | Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | 2010-03-25 | 5.0 | CVE-2010-1115 XF BID MISC |
| corejoomla -- com_communitypolls | Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-03-23 | 5.0 | CVE-2010-1081 BID MISC SECUNIA MISC OSVDB |
| curl -- libcurl | content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. | 2010-03-19 | 6.8 | CVE-2010-0734 MLIST MLIST MLIST CONFIRM CONFIRM VUPEN VUPEN SECUNIA SECUNIA FEDORA FEDORA CONFIRM CONFIRM |
| dedecms -- dedecms | include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. | 2010-03-24 | 6.8 | CVE-2010-1097 BID SECUNIA OSVDB MISC |
| djayp -- phpmysport | Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action. | 2010-03-25 | 6.8 | CVE-2010-1109 XF BID SECUNIA MISC MISC |
| djayp -- phpmysport | Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. (dot dot) in the current_folder parameter. | 2010-03-25 | 5.0 | CVE-2010-1110 XF BID MISC MISC |
| easysitenetwork -- jokes_complete_website | Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php. | 2010-03-25 | 4.3 | CVE-2010-1111 XF BID MISC |
| entrylevelcms -- el_cms | Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-23 | 4.3 | CVE-2010-1076 SECUNIA |
| hasmir_alic -- e-membres | E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. | 2010-03-23 | 5.0 | CVE-2010-1067 XF MISC SECUNIA |
| icab -- icab | Integer overflow in Alexander Clauss iCab allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | 2010-03-24 | 5.0 | CVE-2010-1101 BUGTRAQ |
| jan_schutze -- truc | Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-24 | 4.3 | CVE-2010-1095 VUPEN |
| lebisoft -- ziyaretci_defteri_7.4 | Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. | 2010-03-23 | 5.0 | CVE-2010-1065 XF MISC SECUNIA |
| lexmark -- z2420 | The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections. | 2010-03-24 | 5.0 | CVE-2010-0618 BID BUGTRAQ CONFIRM |
| mesadynamics -- stainless | Integer overflow in Stainless allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | 2010-03-24 | 5.0 | CVE-2010-1103 BUGTRAQ |
| microsoft -- windows_media_player | Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-22 | 4.3 | CVE-2010-1042 BID |
| mit -- kerberos | The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token. | 2010-03-25 | 5.0 | CVE-2010-0628 BID CONFIRM UBUNTU BUGTRAQ CONFIRM |
| mozilla -- seamonkey | The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. | 2010-03-22 | 4.3 | CVE-2010-0161 CONFIRM VUPEN CONFIRM XF BID SECUNIA |
| mozilla -- seamonkey | Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. | 2010-03-22 | 4.3 | CVE-2010-0163 CONFIRM CONFIRM XF VUPEN UBUNTU BID SECUNIA |
| mozilla -- firefox | The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. | 2010-03-25 | 5.1 | CVE-2010-0166 CONFIRM BID CONFIRM |
| mozilla -- firefox | The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. | 2010-03-25 | 5.0 | CVE-2010-0169 CONFIRM BID CONFIRM |
| mozilla -- firefox | Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | 2010-03-25 | 4.3 | CVE-2010-0170 CONFIRM BID CONFIRM |
| mozilla -- firefox | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | 2010-03-25 | 4.3 | CVE-2010-0171 BID CONFIRM CONFIRM |
| mozilla -- firefox | toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. | 2010-03-25 | 4.3 | CVE-2010-0172 CONFIRM CONFIRM BID |
| netwin -- surgeftp | Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. | 2010-03-23 | 4.3 | CVE-2010-1068 XF MISC SECUNIA MISC |
| omnigroup -- omniweb | Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | 2010-03-24 | 5.0 | CVE-2010-1102 BUGTRAQ |
| openinferno -- oi.blogs | Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter to javascript/loadScripts.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-23 | 4.3 | CVE-2010-1082 SECUNIA |
| phpkobo -- adfreely | Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information. | 2010-03-23 | 6.8 | CVE-2010-1057 XF XF VUPEN BID MISC SECUNIA OSVDB |
| phpkobo -- address_book_script | Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. | 2010-03-23 | 6.8 | CVE-2010-1058 XF BID MISC SECUNIA MISC OSVDB |
| phpkobo -- address_book_script | Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-23 | 6.8 | CVE-2010-1059 BID SECUNIA OSVDB |
| phpkobo -- short_url | Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. | 2010-03-23 | 6.8 | CVE-2010-1060 BID MISC SECUNIA MISC |
| phpkobo -- short_url | Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-23 | 6.8 | CVE-2010-1061 BID SECUNIA |
| phpkobo -- free_real_estate_contact_form_script | Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information. | 2010-03-23 | 6.8 | CVE-2010-1062 BID MISC SECUNIA MISC |
| phpkobo -- free_real_estate_contact_form_script | Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-03-23 | 6.8 | CVE-2010-1063 BID SECUNIA |
| phpmysite -- phpmysite | Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters. | 2010-03-24 | 4.3 | CVE-2010-1091 XF VUPEN MISC MISC |
| pulsecms -- pulse_cms | Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. | 2010-03-23 | 4.3 | CVE-2010-1080 XF BID SECUNIA MISC OSVDB |
| rockettheme -- com_rokdownloads | Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | 2010-03-23 | 6.8 | CVE-2010-1056 BID CONFIRM XF MISC SECUNIA MISC OSVDB |
| sawmill -- sawmill | Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-03-23 | 4.3 | CVE-2010-1079 BID CONFIRM SECUNIA |
| sensesites -- commonsense_cms | Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 2010-03-23 | 4.3 | CVE-2009-4736 XF BID OSVDB SECUNIA MISC |
| sniggabo -- sniggabo_cms | Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 2010-03-23 | 4.3 | CVE-2010-1072 XF MISC SECUNIA MISC MISC |
| springsource -- application_management_suite | Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields." | 2010-03-24 | 4.3 | CVE-2009-2907 CONFIRM BID |
| tejimaya -- openpne | The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing. | 2010-03-23 | 5.8 | CVE-2010-1040 CONFIRM MISC SECUNIA JVNDB JVN |
| tristan_barczyk -- klonews | Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 2010-03-25 | 4.3 | CVE-2010-1112 SECUNIA MISC |
| tufat -- osdate | Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information. | 2010-03-23 | 5.1 | CVE-2010-1055 XF BID MISC SECUNIA OSVDB OSVDB MISC |
| uiga -- business_portal | Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information. | 2010-03-22 | 4.3 | CVE-2010-1048 VUPEN MISC SECUNIA |
| vbseo -- vbseo | Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. | 2010-03-23 | 6.8 | CVE-2010-1077 XF VUPEN MISC MISC |
| zentracking -- zen_time_tracking | Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information. | 2010-03-22 | 6.8 | CVE-2010-1053 XF MISC SECUNIA |
| zope -- zope | Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | 2010-03-25 | 4.3 | CVE-2010-1104 MLIST VUPEN XF BID OSVDB SECUNIA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| fourkitchens -- recent_comments | Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." | 2010-03-25 | 3.5 | CVE-2010-1107 BID CONFIRM CONFIRM CONFIRM XF SECUNIA |
| hashmarkconsulting -- controlpanel | Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. | 2010-03-25 | 3.5 | CVE-2010-1108 CONFIRM CONFIRM XF BID SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.