Vulnerability Summary for the Week of April 5, 2010
Released
Apr 12, 2010
Document ID
SB10-102
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_reader | Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. | 2010-04-05 | 9.3 | CVE-2009-4764 MISC MISC MLIST MLIST |
| adobe -- acrobat_reader | Adobe Reader 9.3.1 on Windows does not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. | 2010-04-05 | 9.3 | CVE-2010-1240 MLIST MISC |
| adobe -- acrobat_reader | The custom heap management system in Adobe Reader 9.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted PDF document, aka FG-VD-10-005. | 2010-04-05 | 9.3 | CVE-2010-1241 MISC MLIST MISC |
| apache -- couchdb | Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. | 2010-04-05 | 7.5 | CVE-2010-0009 CONFIRM CONFIRM BID BUGTRAQ OSVDB SECUNIA BUGTRAQ |
| bjsintay -- sitex | SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter. | 2010-04-09 | 7.5 | CVE-2010-1343 XF BID MISC |
| ca -- xosoft_content_distribution | Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service. | 2010-04-07 | 10.0 | CVE-2010-1223 CONFIRM BID MISC MISC BUGTRAQ BUGTRAQ BUGTRAQ |
| centreon -- centreon | SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter. | 2010-04-07 | 7.5 | CVE-2010-1301 BID MISC SECUNIA MISC OSVDB |
| clamav -- clamav | ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. | 2010-04-08 | 10.0 | CVE-2010-0098 BID CONFIRM SECUNIA CONFIRM |
| cookex -- com_ckforms | SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php. | 2010-04-09 | 7.5 | CVE-2010-1344 BID XF OSVDB MISC SECUNIA MISC |
| ekith -- com_dcs_flashgames | SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 2010-04-06 | 7.5 | CVE-2010-1265 BID MISC SECUNIA MISC |
| emweb -- wt | Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors. | 2010-04-06 | 9.3 | CVE-2010-1273 CONFIRM BID OSVDB SECUNIA |
| foxitsoftware -- foxit_reader | Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836. | 2010-04-05 | 9.3 | CVE-2010-1239 CERT-VN CONFIRM CONFIRM MISC MISC MISC |
| heartlogic -- hl-sitemanager | SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 2010-04-09 | 7.5 | CVE-2010-1331 XF CONFIRM JVNDB JVN |
| ibm -- webi | The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. | 2010-04-05 | 7.5 | CVE-2010-1243 CONFIRM VUPEN SECUNIA |
| invohost -- invohost | Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information. | 2010-04-09 | 7.5 | CVE-2010-1336 XF XF BID MISC SECUNIA OSVDB OSVDB |
| justsystems -- ichitaro | Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter." | 2010-04-06 | 9.3 | CVE-2009-4737 VUPEN CONFIRM XF BID OSVDB MISC MISC SECUNIA JVNDB JVN |
| kjetiltroan -- webmaid_cms | Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php. | 2010-04-06 | 7.5 | CVE-2010-1266 XF VUPEN BID MISC MISC MISC |
| komputer.boo -- gnat-tgp | PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | 2010-04-06 | 7.5 | CVE-2010-1272 XF BID MISC MISC |
| linux -- kernel | Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c. | 2010-04-06 | 7.1 | CVE-2010-1084 CONFIRM MLIST CONFIRM MISC |
| linux -- kernel | The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error. | 2010-04-06 | 7.1 | CVE-2010-1085 CONFIRM MLIST MISC MLIST |
| linux -- kernel | The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. | 2010-04-06 | 7.8 | CVE-2010-1086 CONFIRM MLIST CONFIRM |
| linux -- kernel | The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. | 2010-04-06 | 7.8 | CVE-2010-1087 CONFIRM MLIST CONFIRM |
| lussumo -- vanilla | Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters. | 2010-04-09 | 7.5 | CVE-2010-1337 XF BID MISC |
| mahara -- mahara | SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username. | 2010-04-07 | 7.5 | CVE-2010-0400 CONFIRM BID DEBIAN |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-04-05 | 9.3 | CVE-2010-0173 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM XF VUPEN CONFIRM SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA FEDORA FEDORA |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-04-05 | 10.0 | CVE-2010-0174 CONFIRM CONFIRM XF VUPEN VUPEN VUPEN VUPEN REDHAT REDHAT CONFIRM DEBIAN SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA FEDORA FEDORA |
| mozilla -- firefox | Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to a certain event handler. | 2010-04-05 | 9.3 | CVE-2010-0175 CONFIRM CONFIRM XF VUPEN VUPEN VUPEN VUPEN REDHAT REDHAT CONFIRM DEBIAN SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA FEDORA FEDORA |
| mozilla -- firefox | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." | 2010-04-05 | 9.3 | CVE-2010-0176 CONFIRM XF VUPEN VUPEN VUPEN VUPEN REDHAT REDHAT CONFIRM DEBIAN SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA FEDORA FEDORA |
| mozilla -- firefox | The window.navigator.plugins object in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not properly manage memory during a page reload, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger deletion of referenced objects, related to a "dangling pointer vulnerability." | 2010-04-05 | 9.3 | CVE-2010-0177 CONFIRM XF VUPEN VUPEN VUPEN VUPEN REDHAT REDHAT CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA |
| mozilla -- firefox | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. | 2010-04-05 | 7.6 | CVE-2010-0178 CONFIRM XF VUPEN VUPEN VUPEN REDHAT CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA |
| mozilla -- firefox | Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | 2010-04-05 | 9.3 | CVE-2010-0179 CONFIRM XF VUPEN VUPEN VUPEN REDHAT CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA SECUNIA |
| novell -- netware_ftp_server | NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. | 2010-04-05 | 7.5 | CVE-2003-1593 CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | 2010-04-05 | 7.5 | CVE-2003-1594 CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. | 2010-04-05 | 10.0 | CVE-2003-1595 CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | 2010-04-05 | 7.5 | CVE-2003-1596 CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords. | 2010-04-05 | 7.5 | CVE-2005-4887 CONFIRM CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. | 2010-04-05 | 7.5 | CVE-2007-6735 CONFIRM CONFIRM |
| phpscripte24 -- niedrig_gebote_pro_auktions_system_ii | SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. | 2010-04-06 | 7.5 | CVE-2010-1269 XF MISC SECUNIA MISC MISC |
| phpscripte24 -- multi_suktions_komplett_system | SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. | 2010-04-06 | 7.5 | CVE-2010-1270 XF BID OSVDB MISC SECUNIA MISC MISC |
| roberto_aloi -- com_joomlapicasa2 | Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-04-08 | 7.5 | CVE-2010-1306 BID MISC SECUNIA MISC |
| robertotto -- teamsite_hack_plugin | SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action. | 2010-04-09 | 7.5 | CVE-2010-1338 XF BID MISC SECUNIA MISC OSVDB MISC MISC |
| smart-plugs -- smartplugs | SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | 2010-04-06 | 7.5 | CVE-2010-1271 XF BID MISC SECUNIA MISC MISC |
| systemsoftware -- community_black_forum | SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter. | 2010-04-09 | 7.5 | CVE-2010-1341 XF OSVDB MISC SECUNIA |
| varnish.projects.linpro -- varnish | ** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless." | 2010-04-05 | 7.5 | CVE-2009-2936 MISC MISC BUGTRAQ BUGTRAQ |
| yamamah -- yamamah | SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter. | 2010-04-07 | 7.5 | CVE-2010-1300 XF MISC SECUNIA MISC OSVDB |
| zabbix -- zabbix | SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php. | 2010-04-06 | 7.5 | CVE-2010-1277 MISC VUPEN BID BUGTRAQ OSVDB SECUNIA MISC MISC FULLDISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alex_rabe -- nextgen_gallery | Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | 2010-04-07 | 4.3 | CVE-2010-1186 CONFIRM BID MISC |
| almas -- compiere | Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-04-09 | 4.3 | CVE-2010-1333 CONFIRM XF XF SECUNIA OSVDB JVNDB JVNDB JVN JVN |
| apache -- activemq | Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action. | 2010-04-05 | 6.8 | CVE-2010-1244 CONFIRM CONFIRM CONFIRM XF SECUNIA |
| apple -- airport_utility | AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. | 2010-04-05 | 6.8 | CVE-2009-2822 VUPEN BID CONFIRM APPLE XF OSVDB SECTRACK SECUNIA |
| bbsxp -- bbsxp | Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter. | 2010-04-06 | 4.3 | CVE-2010-1275 BID BUGTRAQ SECUNIA |
| bbsxp -- bbsxp | Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-04-06 | 4.3 | CVE-2010-1276 SECUNIA |
| ca -- xosoft_content_distribution | CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. | 2010-04-07 | 5.0 | CVE-2010-1221 CONFIRM BID BUGTRAQ |
| ca -- xosoft_content_distribution | CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | 2010-04-07 | 5.0 | CVE-2010-1222 CONFIRM BID BUGTRAQ |
| clamav -- clamav | The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. | 2010-04-08 | 5.0 | CVE-2010-1311 BID CONFIRM SECUNIA CONFIRM |
| cookex -- com_ckforms | Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-09 | 5.0 | CVE-2010-1345 OSVDB MISC SECUNIA MISC |
| decryptweb -- com_dwgraphs | Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | 2010-04-07 | 5.0 | CVE-2010-1302 BID MISC SECUNIA MISC OSVDB |
| directnews -- direct_news | Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information. | 2010-04-09 | 6.8 | CVE-2010-1342 BID MISC SECUNIA |
| dynpg -- dynpg_cms | Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information. | 2010-04-07 | 5.1 | CVE-2010-1299 BID BUGTRAQ MISC CONFIRM SECUNIA MISC OSVDB |
| ermenegildo_fiorito -- irmin_cms | Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information. | 2010-04-07 | 6.8 | CVE-2008-7254 MISC SECUNIA MISC OSVDB |
| ermenegildo_fiorito -- irmin_cms | Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php. | 2010-04-08 | 5.0 | CVE-2010-1309 MISC |
| fh54 -- justvisual | Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information. | 2010-04-06 | 6.8 | CVE-2010-1268 XF BID MISC SECUNIA MISC OSVDB |
| gnu -- emacs | lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. | 2010-04-05 | 4.4 | CVE-2010-0825 CONFIRM XF VUPEN UBUNTU SECUNIA |
| ibm -- webi | Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-04-05 | 4.3 | CVE-2010-1242 CONFIRM VUPEN SECUNIA |
| ijoomla -- com_news_portal | Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-08 | 5.0 | CVE-2010-1312 BID MISC SECUNIA MISC |
| iscsitarget -- iscsitarget | Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. | 2010-04-08 | 5.0 | CVE-2010-0743 CONFIRM CONFIRM CONFIRM XF BID SECUNIA MLIST |
| joomla-research -- com_jresearch | Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-09 | 5.0 | CVE-2010-1340 XF BID SECUNIA MISC OSVDB |
| joomlamo -- com_userstatus | Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-08 | 5.0 | CVE-2010-1304 XF BID MISC |
| joomlamo -- com_jinventory | Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-08 | 5.0 | CVE-2010-1305 MISC VUPEN BID MISC SECUNIA MISC |
| joomlamo -- com_weberpcustomer | Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-04-08 | 5.0 | CVE-2010-1315 XF MISC SECUNIA MISC |
| joomlanook -- com_hsconfig | Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-04-08 | 5.0 | CVE-2010-1314 BID MISC SECUNIA MISC |
| kjetiltroan -- webmaid_cms | Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php. | 2010-04-06 | 5.0 | CVE-2010-1267 VUPEN BID MISC MISC MISC |
| la-souris-verte -- com_svmap | Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-08 | 5.0 | CVE-2010-1308 VUPEN MISC SECUNIA MISC |
| linux -- kernel | The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). | 2010-04-06 | 4.7 | CVE-2010-1083 MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
| linux -- kernel | fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. | 2010-04-06 | 5.4 | CVE-2010-1088 CONFIRM MLIST CONFIRM |
| mielke -- brltty | Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | 2010-04-05 | 6.9 | CVE-2008-3279 CONFIRM VUPEN REDHAT SECUNIA |
| miftahovn -- insky_cms | Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information. | 2010-04-09 | 6.8 | CVE-2010-1335 XF MISC SECUNIA MISC OSVDB OSVDB OSVDB OSVDB OSVDB |
| mit -- kerberos | Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. | 2010-04-07 | 4.0 | CVE-2010-0629 BID CONFIRM BUGTRAQ SECTRACK CONFIRM CONFIRM |
| moinmo -- moinmoin | MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. | 2010-04-05 | 5.0 | CVE-2010-1238 DEBIAN |
| mozilla -- firefox | Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. | 2010-04-05 | 4.3 | CVE-2010-0181 CONFIRM XF VUPEN CONFIRM SECUNIA |
| mozilla -- firefox | The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. | 2010-04-05 | 4.3 | CVE-2010-0182 CONFIRM XF VUPEN CONFIRM |
| novell -- netware_ftp_server | Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password. | 2010-04-05 | 5.0 | CVE-2003-1592 CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. | 2010-04-05 | 4.3 | CVE-2004-2767 CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed. | 2010-04-05 | 5.0 | CVE-2005-4888 CONFIRM CONFIRM |
| novell -- netware_ftp_server | NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors. | 2010-04-05 | 4.0 | CVE-2007-6734 CONFIRM CONFIRM |
| novell -- netware_ftp_server | Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD or (2) RMD command. | 2010-04-05 | 6.5 | CVE-2010-0625 CONFIRM VUPEN BID BUGTRAQ MISC CONFIRM SECTRACK SECUNIA |
| opera -- opera_browser | Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. | 2010-04-08 | 5.0 | CVE-2010-1310 CONFIRM CONFIRM SECUNIA |
| prettybook -- prettyformmail | Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-04-09 | 4.3 | CVE-2010-1332 XF JVNDB JVN |
| pulsecms -- pulse_cms | Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-04-06 | 4.0 | CVE-2010-1298 SECUNIA |
| pulsecms -- pulse_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks. | 2010-04-09 | 6.8 | CVE-2010-0992 CONFIRM MISC SECUNIA |
| pulsecms -- pulse_cms | Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 2010-04-09 | 6.0 | CVE-2010-0993 CONFIRM MISC SECUNIA |
| pulsecms -- pulse_cms | Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different vulnerability than CVE-2010-0993. | 2010-04-09 | 6.0 | CVE-2010-1334 SECUNIA |
| rafal_wojtczuk -- libnids | The ip_evictor function in ip_fragment.c in libnids 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets. | 2010-04-06 | 5.0 | CVE-2010-0751 VUPEN VUPEN MISC XF BID SECUNIA SECUNIA FEDORA FEDORA FEDORA CONFIRM |
| ribafs -- mini_cms_ribafs | SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information. | 2010-04-09 | 6.8 | CVE-2010-1346 XF BID MISC SECUNIA MISC OSVDB |
| robertotto -- teamsite_hack_plugin | Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-04-09 | 4.3 | CVE-2010-1339 SECUNIA |
| roshan_singh -- open_direct_connect_hub | Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message. | 2010-04-06 | 6.0 | CVE-2010-1147 CONFIRM BUGTRAQ MISC MLIST MLIST MISC |
| seber -- com_sebercart | Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-04-08 | 4.3 | CVE-2010-1313 BID MISC SECUNIA |
| software.realtyna -- com_joomlaupdater | Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-04-08 | 5.0 | CVE-2010-1307 VUPEN MISC SECUNIA MISC |
| webtoolkit -- wt | Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection. | 2010-04-06 | 4.3 | CVE-2010-1274 XF CONFIRM BID OSVDB SECUNIA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- activemq | Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. | 2010-04-05 | 3.5 | CVE-2010-0684 BID CONFIRM CONFIRM CONFIRM XF BUGTRAQ MISC SECTRACK SECUNIA |
| freedesktop -- policykit | pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. | 2010-04-06 | 2.1 | CVE-2010-0750 CONFIRM CONFIRM CONFIRM SECUNIA MLIST MLIST |
| jim_berry -- taxonomy_filter | Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus. | 2010-04-08 | 2.1 | CVE-2010-1303 CONFIRM CONFIRM XF OSVDB SECUNIA |
| moinmo -- moinmoin | Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. | 2010-04-05 | 3.5 | CVE-2010-0828 CONFIRM CONFIRM CONFIRM XF VUPEN BID DEBIAN SECUNIA SECUNIA CONFIRM |
| piotr_roszatycki -- libnss-db | The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module. | 2010-04-05 | 1.9 | CVE-2010-0826 CONFIRM VUPEN UBUNTU BID SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.