Vulnerability Summary for the Week of May 24, 2010
Released
Jun 01, 2010
Document ID
SB10-152
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 2brightsparks -- syncback | Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile. | 2010-05-24 | 9.3 | CVE-2010-1688 CONFIRM XF BID MISC MISC SECUNIA OSVDB |
| adhie_utomo -- com_konsultasi | SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php. | 2010-05-25 | 7.5 | CVE-2010-2044 XF BID MISC SECUNIA MISC OSVDB |
| adobe -- photoshop_cs4 | Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file. | 2010-05-27 | 9.3 | CVE-2010-1296 CONFIRM XF MISC MISC MISC MISC MISC MISC SECTRACK BID |
| cacti -- cacti | SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. | 2010-05-27 | 7.5 | CVE-2010-2092 CONFIRM MISC |
| cisco -- mediator_framework | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495. | 2010-05-27 | 10.0 | CVE-2010-0595 CISCO XF BID SECTRACK SECUNIA |
| cisco -- mediator_framework | Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607. | 2010-05-27 | 9.0 | CVE-2010-0596 CISCO SECTRACK SECUNIA |
| cisco -- mediator_framework | Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618. | 2010-05-27 | 9.0 | CVE-2010-0597 CISCO BID SECTRACK SECUNIA |
| cisco -- mediator_framework | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631. | 2010-05-27 | 9.3 | CVE-2010-0598 CISCO SECTRACK SECUNIA |
| cisco -- mediator_framework | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505. | 2010-05-27 | 9.3 | CVE-2010-0599 CISCO SECTRACK SECUNIA |
| cisco -- mediator_framework | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512. | 2010-05-27 | 10.0 | CVE-2010-0600 CISCO BID SECTRACK SECUNIA |
| cmsqlite -- cmsqlite | SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | 2010-05-27 | 7.5 | CVE-2010-2095 MISC |
| cmsqlite -- cmsqlite | Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | 2010-05-27 | 7.5 | CVE-2010-2096 MISC |
| debliteck -- dbcart | SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-05-25 | 7.5 | CVE-2010-2051 MISC SECUNIA MISC |
| dionesoft -- com_dioneformwizard | Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | 2010-05-25 | 7.5 | CVE-2010-2045 XF BID MISC SECUNIA MISC OSVDB |
| e107 -- e107 | Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. | 2010-05-27 | 7.5 | CVE-2010-2098 CONFIRM CONFIRM |
| e107 -- e107 | bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method. | 2010-05-27 | 7.5 | CVE-2010-2099 BID MISC |
| joenasejes -- je_cms | SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information. | 2010-05-25 | 7.5 | CVE-2010-2047 XF BID MISC SECUNIA OSVDB |
| kingsoft -- webshield | KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device. | 2010-05-24 | 7.2 | CVE-2010-2031 XF BID MISC SECUNIA |
| m0r0n -- com_mscomment | Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-25 | 7.5 | CVE-2010-2050 XF VUPEN BID MISC MISC |
| mgenti -- tftputil_gui | Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode. | 2010-05-24 | 10.0 | CVE-2010-2028 XF BID MISC MISC |
| percha -- com_perchacategoriestree | Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-25 | 7.5 | CVE-2010-2033 BID SECUNIA MISC |
| percha -- com_perchaimageattach | Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-25 | 7.5 | CVE-2010-2034 BID MISC |
| percha -- com_perchagallery | Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-25 | 7.5 | CVE-2010-2035 BID MISC |
| percha -- com_perchafieldsattach | Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-25 | 7.5 | CVE-2010-2036 BID MISC |
| percha -- com_perchadownloadsattach | Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-25 | 7.5 | CVE-2010-2037 BID MISC |
| python -- python | Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. | 2010-05-27 | 7.5 | CVE-2010-1449 CONFIRM BID CONFIRM |
| python -- python | Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. | 2010-05-27 | 7.5 | CVE-2010-1450 CONFIRM CONFIRM BID |
| rhinosoft -- serv-u | Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie. | 2010-05-26 | 10.0 | CVE-2009-4873 VUPEN BID MISC SECUNIA |
| shopex -- ecshop | SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information. | 2010-05-25 | 7.5 | CVE-2010-2042 BID MISC SECUNIA MISC |
| timo_gaik -- webby_webserver | Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 2010-05-27 | 10.0 | CVE-2010-2102 XF BID BUGTRAQ MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| activehelper -- com_activehelper_livehelp | Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php. | 2010-05-25 | 4.3 | CVE-2010-2046 MISC MISC BID SECUNIA MISC |
| alan_palazzolo -- external_link_page | Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages. | 2010-05-24 | 4.3 | CVE-2010-2030 CONFIRM XF SECUNIA OSVDB |
| apache -- myfaces | Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | 2010-05-27 | 4.0 | CVE-2010-2086 MISC MISC |
| apache -- axis2 | Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. | 2010-05-27 | 4.3 | CVE-2010-2103 XF VUPEN BID BUGTRAQ MISC MISC SECUNIA OSVDB |
| caucho -- resin | Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information. | 2010-05-24 | 4.3 | CVE-2010-2032 XF VUPEN BID BUGTRAQ SECUNIA MISC |
| cisco -- scientific_atlanta_webstar_dpc2100r2 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. | 2010-05-26 | 6.8 | CVE-2010-2025 BID FULLDISC |
| cisco -- scientific_atlanta_webstar_dpc2100r2 | The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. | 2010-05-26 | 6.4 | CVE-2010-2026 BID FULLDISC |
| cisco -- scientific_atlanta_webstar_dpc2100r2 | The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. | 2010-05-26 | 5.0 | CVE-2010-2082 FULLDISC |
| clamav -- clamav | The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. | 2010-05-26 | 4.3 | CVE-2010-1639 CONFIRM CONFIRM XF VUPEN SECTRACK BID SECUNIA |
| clamav -- clamav | Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. | 2010-05-26 | 4.3 | CVE-2010-1640 CONFIRM CONFIRM XF VUPEN BID MLIST SECUNIA CONFIRM |
| cybozu -- cybozu_dotsales | Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | 2010-05-24 | 5.8 | CVE-2010-2029 XF OSVDB MISC SECUNIA JVNDB JVN CONFIRM |
| daniel_mealha_cabrita -- ziproxy | Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows. | 2010-05-26 | 6.8 | CVE-2010-1513 CONFIRM BUGTRAQ MISC SECUNIA |
| frederico_caldeira_knabben -- fckeditor.java | FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters. | 2010-05-26 | 5.0 | CVE-2009-4875 XF BID OSVDB CONFIRM SECUNIA CONFIRM CONFIRM |
| gnu -- gnutls | The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | 2010-05-24 | 5.0 | CVE-2006-7239 MLIST CONFIRM MLIST |
| gpeasy -- gpeasy_cms | Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-25 | 6.8 | CVE-2010-2039 XF VUPEN OSVDB MISC SECUNIA MISC |
| hp -- mercury_testdirector_for_quality_center | Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors. | 2010-05-27 | 5.0 | CVE-2010-1959 BID SECTRACK SECUNIA OSVDB HP HP |
| ibm -- communications_server | The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. | 2010-05-27 | 5.0 | CVE-2010-2090 XF VUPEN BID CONFIRM AIXAPAR AIXAPAR SECUNIA |
| magnoware -- datatrack_system | Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of these details are obtained from third party information. | 2010-05-25 | 4.3 | CVE-2010-2043 XF BID SECUNIA MISC OSVDB MISC |
| magnoware -- datatrack_system | DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI. | 2010-05-25 | 5.0 | CVE-2010-2078 XF MISC MISC |
| magnoware -- datatrack_system | DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config and (2) .ascx files. | 2010-05-25 | 5.0 | CVE-2010-2079 XF MISC MISC |
| manageengine -- adaudit_plus | Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-05-25 | 4.3 | CVE-2010-2049 BID SECUNIA OSVDB |
| microsoft -- dynamics_gp | Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. | 2010-05-26 | 4.0 | CVE-2010-2083 MISC |
| microsoft -- asp.net | Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. | 2010-05-27 | 4.3 | CVE-2010-2084 MISC |
| microsoft -- .net_framework | The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. | 2010-05-27 | 4.3 | CVE-2010-2085 MISC MISC |
| microsoft -- asp.net | ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. | 2010-05-27 | 4.3 | CVE-2010-2088 MISC MISC |
| microsoft -- exchange_server | Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. | 2010-05-27 | 4.3 | CVE-2010-2091 XF BUGTRAQ BUGTRAQ BUGTRAQ MISC |
| mono -- mono | The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. | 2010-05-27 | 4.3 | CVE-2010-1459 BID CONFIRM MISC SUSE |
| mysql -- mysql | MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | 2010-05-21 | 4.4 | CVE-2010-1626 CONFIRM VUPEN BID MLIST MLIST MANDRIVA SECTRACK |
| netrix -- netrix_cms | admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter. | 2010-05-26 | 5.0 | CVE-2009-4876 XF MILW0RM SECUNIA OSVDB |
| novell -- access_manager | Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors. | 2010-05-26 | 4.3 | CVE-2009-4878 XF VUPEN SECTRACK BID CONFIRM SECUNIA |
| novell -- access_manager | The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | 2010-05-26 | 4.3 | CVE-2009-4879 SECTRACK CONFIRM |
| oracle -- mojarra | Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | 2010-05-27 | 4.3 | CVE-2010-2087 MISC MISC |
| orbitdownloader -- orbit_downloader | Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element. | 2010-05-27 | 4.3 | CVE-2010-2104 BUGTRAQ MISC SECUNIA |
| php -- php | Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. | 2010-05-27 | 5.0 | CVE-2010-2093 MISC |
| php -- php | Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. | 2010-05-27 | 5.0 | CVE-2010-2094 MISC MISC MISC MISC MISC |
| php -- php | The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | 2010-05-27 | 5.0 | CVE-2010-2097 MISC MISC MISC |
| php -- php | The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | 2010-05-27 | 5.0 | CVE-2010-2100 MISC MISC MISC MISC MISC |
| php -- php | The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | 2010-05-27 | 5.0 | CVE-2010-2101 MISC MISC MISC MISC MISC MISC |
| php-calendar -- php-calendar | Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters. | 2010-05-25 | 4.3 | CVE-2010-2041 BID VUPEN BUGTRAQ SECUNIA CONFIRM MISC |
| plainblack -- webgui | Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors. | 2010-05-26 | 6.8 | CVE-2009-4877 XF CONFIRM SECUNIA OSVDB |
| python -- python | Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. | 2010-05-27 | 5.0 | CVE-2009-4134 CONFIRM CONFIRM BID |
| python -- python | Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. | 2010-05-27 | 5.0 | CVE-2010-1634 CONFIRM CONFIRM CONFIRM CONFIRM BID SECUNIA |
| python -- python | The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | 2010-05-27 | 5.0 | CVE-2010-2089 CONFIRM |
| scripts.oldguy -- talkback | TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments. | 2010-05-26 | 6.4 | CVE-2009-4874 BID MISC MILW0RM MISC SECUNIA OSVDB |
| v-eva -- shopzilla_affiliate_script_php | Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 2010-05-25 | 4.3 | CVE-2010-2040 XF BID MISC SECUNIA OSVDB |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| gpeasy -- gpeasy_cms | Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-25 | 2.1 | CVE-2010-2038 BID BUGTRAQ MISC SECUNIA MISC |
| menhir -- heartbeat | Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2010-05-25 | 3.5 | CVE-2010-2048 BID CONFIRM CONFIRM XF SECUNIA |
| wolfram_research -- mathematica | Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf. | 2010-05-24 | 1.9 | CVE-2010-2027 BUGTRAQ SECUNIA FULLDISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.