Vulnerability Summary for the Week of August 23, 2010
Released
Aug 30, 2010
Document ID
SB10-242
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3dftp -- 3d-ftp_client | Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-08-20 | 9.3 | CVE-2010-3102 MISC |
| adobe -- photoshop | Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. | 2010-08-26 | 9.3 | CVE-2010-3127 VUPEN SECUNIA MISC |
| adobe -- dreamweaver | Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver. | 2010-08-26 | 9.3 | CVE-2010-3132 VUPEN EXPLOIT-DB SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 2010-08-26 | 10.0 | CVE-2010-2863 CONFIRM |
| adobe -- shockwave_player | IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file. | 2010-08-26 | 9.3 | CVE-2010-2864 CONFIRM BUGTRAQ |
| adobe -- shockwave_player | Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie. | 2010-08-26 | 9.3 | CVE-2010-2866 CONFIRM BUGTRAQ MISC |
| adobe -- shockwave_player | DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability." | 2010-08-26 | 9.3 | CVE-2010-2867 CONFIRM BUGTRAQ MISC |
| adobe -- shockwave_player | IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file. | 2010-08-26 | 9.3 | CVE-2010-2868 CONFIRM BUGTRAQ |
| adobe -- shockwave_player | IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file. | 2010-08-26 | 9.3 | CVE-2010-2869 CONFIRM BUGTRAQ |
| adobe -- shockwave_player | DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 2010-08-26 | 9.3 | CVE-2010-2870 CONFIRM BUGTRAQ MISC |
| adobe -- shockwave_player | Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie. | 2010-08-26 | 9.3 | CVE-2010-2871 CONFIRM MISC BUGTRAQ |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie. | 2010-08-26 | 9.3 | CVE-2010-2872 CONFIRM MISC BUGTRAQ |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 2010-08-26 | 9.3 | CVE-2010-2873 CONFIRM MISC BUGTRAQ |
| adobe -- shockwave_player | Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie. | 2010-08-26 | 9.3 | CVE-2010-2875 CONFIRM IDEFENSE |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 2010-08-26 | 9.3 | CVE-2010-2876 CONFIRM MISC BUGTRAQ |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll. | 2010-08-26 | 9.3 | CVE-2010-2877 CONFIRM BUGTRAQ MISC |
| adobe -- shockwave_player | DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 2010-08-26 | 9.3 | CVE-2010-2878 CONFIRM BUGTRAQ MISC |
| adobe -- shockwave_player | Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file. | 2010-08-26 | 9.3 | CVE-2010-2879 CONFIRM BUGTRAQ MISC |
| adobe -- shockwave_player | DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file. | 2010-08-26 | 9.3 | CVE-2010-2880 CONFIRM BUGTRAQ |
| adobe -- shockwave_player | IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file. | 2010-08-26 | 9.3 | CVE-2010-2881 CONFIRM BUGTRAQ |
| adobe -- shockwave_player | DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file. | 2010-08-26 | 9.3 | CVE-2010-2882 CONFIRM BUGTRAQ |
| apple -- itunes | Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. | 2010-08-20 | 9.3 | CVE-2010-1795 XF BID BUGTRAQ MISC CONFIRM |
| artifex -- afpl_ghostscript | Off-by-one error in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document. | 2010-08-26 | 9.3 | CVE-2009-3743 MISC CERT-VN |
| avast -- avast_antivirus_free | Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file. | 2010-08-26 | 9.3 | CVE-2010-3126 VUPEN EXPLOIT-DB SECUNIA |
| cisco -- packet_tracer | Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file. | 2010-08-26 | 9.3 | CVE-2010-3135 EXPLOIT-DB |
| cisco -- unified_communications_manager | The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310. | 2010-08-26 | 7.8 | CVE-2010-2837 CISCO |
| cisco -- unified_communications_manager | The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305. | 2010-08-26 | 7.8 | CVE-2010-2838 CISCO |
| cisco -- unified_presence_server | SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474. | 2010-08-26 | 7.8 | CVE-2010-2839 CISCO |
| cisco -- unified_presence_server | The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629. | 2010-08-26 | 7.8 | CVE-2010-2840 CISCO |
| deskshare -- auto_ftp_manager | Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-08-20 | 9.3 | CVE-2010-3104 MISC |
| devonit -- thin-client_management_tool | Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors. | 2010-08-25 | 7.5 | CVE-2010-3121 CERT-VN |
| ftpgetter -- ftpgetter | Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-08-20 | 9.3 | CVE-2010-3103 MISC |
| ftprush -- ftprush | Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-08-20 | 9.3 | CVE-2010-3098 MISC SECUNIA |
| ftpx -- ftp_explorer | Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-08-20 | 9.3 | CVE-2010-3101 MISC SECUNIA |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. | 2010-08-24 | 10.0 | CVE-2010-3111 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-08-24 | 10.0 | CVE-2010-3112 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-08-24 | 10.0 | CVE-2010-3113 CONFIRM CONFIRM |
| google -- chrome | The text-editing implementation in Google Chrome before 5.0.375.127 does not properly perform casts, which has unspecified impact and attack vectors. | 2010-08-24 | 10.0 | CVE-2010-3114 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors. | 2010-08-24 | 10.0 | CVE-2010-3115 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly process MIME types, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-08-24 | 10.0 | CVE-2010-3116 CONFIRM CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors. | 2010-08-24 | 10.0 | CVE-2010-3117 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-08-24 | 10.0 | CVE-2010-3119 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-08-24 | 10.0 | CVE-2010-3120 CONFIRM CONFIRM |
| google -- earth | Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file. | 2010-08-26 | 9.3 | CVE-2010-3134 EXPLOIT-DB |
| hp -- openview_network_node_manager | Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | 2010-08-20 | 10.0 | CVE-2010-2710 HP |
| ibm -- tivoli_storage_manager_fastback | The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors. | 2010-08-20 | 7.5 | CVE-2010-3058 BID CONFIRM SECUNIA |
| ibm -- tivoli_storage_manager_fastback | Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command. | 2010-08-20 | 7.5 | CVE-2010-3059 BID CONFIRM SECUNIA |
| isamu_kaneko -- winny | Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007. | 2010-08-25 | 7.5 | CVE-2010-2360 XF XF JVNDB JVNDB JVN JVN |
| jan_engelhardt -- libhx | Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields. | 2010-08-24 | 10.0 | CVE-2010-2947 CONFIRM BID MLIST MLIST CONFIRM |
| jens_vagelpohl -- zope-ldapuserfolder | The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | 2010-08-20 | 7.5 | CVE-2010-2944 CONFIRM MLIST MLIST SECUNIA |
| keil-software -- photokorn_gallery | Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters. | 2010-08-25 | 7.5 | CVE-2009-4979 BID SECUNIA MISC |
| mozilla -- firefox | Untrusted search path vulnerability in Mozilla Firefox 3.6.8 and earlier, and Thunderbird 3.1.2, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. | 2010-08-26 | 9.3 | CVE-2010-3131 VUPEN BUGTRAQ EXPLOIT-DB SECUNIA |
| novell -- iprint | Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action. | 2010-08-23 | 9.3 | CVE-2010-1527 XF BID CONFIRM MISC SECUNIA |
| novell -- iprint | The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-08-23 | 9.3 | CVE-2010-3105 BID SECUNIA |
| novell -- iprint | The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method. | 2010-08-23 | 9.3 | CVE-2010-3106 MISC CONFIRM |
| novell -- iprint | A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module. | 2010-08-23 | 7.1 | CVE-2010-3107 MISC CONFIRM |
| novell -- iprint | Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names. | 2010-08-23 | 9.3 | CVE-2010-3108 MISC CONFIRM |
| novell -- iprint | Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter. | 2010-08-23 | 9.3 | CVE-2010-3109 MISC CONFIRM |
| nullsoft -- winamp | Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file. | 2010-08-26 | 9.3 | CVE-2010-3137 EXPLOIT-DB |
| openoffice -- openoffice.org | simpress.bin in the Impress module in OpenOffice.org (OOo) 3.2.1 on Windows does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." | 2010-08-25 | 9.3 | CVE-2010-2935 CONFIRM VUPEN VUPEN REDHAT MLIST MLIST MLIST MISC SECUNIA SECUNIA |
| openoffice -- openoffice.org | Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 3.2.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow. | 2010-08-25 | 9.3 | CVE-2010-2936 CONFIRM CONFIRM VUPEN VUPEN REDHAT MLIST MLIST MLIST MISC SECUNIA SECUNIA |
| phpmyadmin -- phpmyadmin | The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. | 2010-08-24 | 7.5 | CVE-2010-3055 BID CONFIRM CONFIRM CONFIRM SECUNIA |
| portaplus -- porta+_ftp_client | Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename. | 2010-08-20 | 9.3 | CVE-2010-3100 OSVDB SECUNIA |
| sap -- business_one_2005-a | Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. | 2010-08-25 | 10.0 | CVE-2009-4988 XF VUPEN SECTRACK BID BUGTRAQ SECUNIA |
| script-shop24 -- lm_starmail_paidmail | SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 2010-08-25 | 7.5 | CVE-2009-4992 MILW0RM |
| script-shop24 -- lm_starmail_paidmail | PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 2010-08-25 | 7.5 | CVE-2009-4993 MILW0RM |
| scripteen -- free_image_hosting_script | admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | 2010-08-25 | 7.5 | CVE-2009-4987 XF BID OSVDB SECUNIA |
| skype -- skype | Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. | 2010-08-26 | 9.3 | CVE-2010-3136 EXPLOIT-DB |
| smartftp -- smartftp | Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a ".." (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. | 2010-08-20 | 9.3 | CVE-2010-3099 MISC MISC SECUNIA |
| softx -- ftp_client | Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via ".." (dot dot backslash) sequences in a filename. | 2010-08-20 | 9.3 | CVE-2010-3096 BUGTRAQ MISC SECUNIA |
| strongswan -- strongswan | The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. | 2010-08-20 | 7.5 | CVE-2010-2628 MLIST VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM VUPEN SECTRACK CONFIRM SECUNIA MLIST |
| teamviewer -- teamviewer | Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. | 2010-08-26 | 9.3 | CVE-2010-3128 VUPEN BUGTRAQ EXPLOIT-DB SECUNIA |
| techsmith -- snagit | Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file. | 2010-08-26 | 9.3 | CVE-2010-3130 EXPLOIT-DB SECUNIA |
| utorrent -- utorrent | Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll that is located in the same folder as a .torrent or .btsearch file. | 2010-08-26 | 9.3 | CVE-2010-3129 VUPEN EXPLOIT-DB SECUNIA |
| videolan -- vlc_media_player | Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file. | 2010-08-26 | 9.3 | CVE-2010-3124 MLIST CONFIRM VUPEN MLIST EXPLOIT-DB SECUNIA |
| websitesrus -- accessories_me_php_affiliate_script | SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter. | 2010-08-25 | 7.5 | CVE-2009-4985 MILW0RM |
| winfrigate -- frigate_3 | Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-08-20 | 9.3 | CVE-2010-3097 MISC SECUNIA |
| winny -- winny | Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | 2010-08-25 | 10.0 | CVE-2010-2361 XF JVNDB JVN |
| winny -- winny | Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | 2010-08-25 | 10.0 | CVE-2010-2362 XF JVNDB JVN |
| wireshark -- wireshark | Untrusted search path vulnerability in Wireshark 1.2.10 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. | 2010-08-26 | 9.3 | CVE-2010-3133 VUPEN EXPLOIT-DB SECUNIA |
| wolterskluwer -- teammate_audit_management_software_suite | Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx file. | 2010-08-26 | 9.3 | CVE-2010-3125 EXPLOIT-DB |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- shockwave_player | Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors. | 2010-08-26 | 5.0 | CVE-2010-2865 CONFIRM |
| ajsquare -- aj_auction_pro-oopd | Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. | 2010-08-25 | 4.3 | CVE-2009-4989 BID SECUNIA MISC |
| apple -- itunes | Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. | 2010-08-20 | 6.9 | CVE-2010-1768 XF BID CONFIRM |
| apple -- cfnetwork | CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses. | 2010-08-25 | 5.0 | CVE-2010-1800 CONFIRM SECTRACK APPLE |
| apple -- coregraphics | Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. | 2010-08-25 | 6.8 | CVE-2010-1801 CONFIRM SECTRACK APPLE |
| apple -- libsecurity | libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. | 2010-08-25 | 6.4 | CVE-2010-1802 CONFIRM SECTRACK APPLE |
| apple -- apple_type_services | Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | 2010-08-25 | 6.8 | CVE-2010-1808 CONFIRM SECTRACK APPLE |
| cacti -- cacti | Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php. | 2010-08-23 | 4.3 | CVE-2010-1644 VUPEN REDHAT CONFIRM BID BUGTRAQ CONFIRM CONFIRM SECUNIA |
| cacti -- cacti | Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template. | 2010-08-23 | 6.5 | CVE-2010-1645 REDHAT CONFIRM CONFIRM MISC CONFIRM CONFIRM CONFIRM SECUNIA |
| cacti -- cacti | Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b. | 2010-08-23 | 4.3 | CVE-2010-2543 CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM |
| cacti -- cacti | Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | 2010-08-23 | 4.3 | CVE-2010-2544 REDHAT CONFIRM XF BID CONFIRM CONFIRM SECUNIA MLIST MLIST CONFIRM |
| cacti -- cacti | Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php. | 2010-08-23 | 4.3 | CVE-2010-2545 REDHAT CONFIRM BID CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA MLIST MLIST CONFIRM |
| devonit -- thin-client_management_tool | The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network. | 2010-08-25 | 5.0 | CVE-2010-3122 CERT-VN |
| google -- chrome | The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature. | 2010-08-24 | 5.0 | CVE-2010-3118 CONFIRM CONFIRM |
| hp -- magcloud | Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors. | 2010-08-25 | 6.4 | CVE-2010-2711 XF SECTRACK SECUNIA HP HP |
| ibm -- tivoli_storage_manager_fastback | Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors. | 2010-08-20 | 5.0 | CVE-2010-3060 BID CONFIRM SECUNIA |
| ibm -- tivoli_storage_manager_fastback | Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors. | 2010-08-20 | 5.0 | CVE-2010-3061 BID CONFIRM AIXAPAR SECUNIA |
| in-portal -- in-portal | Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter. | 2010-08-25 | 6.8 | CVE-2009-4986 VUPEN SECUNIA |
| irokez -- irokez_cms | SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI. | 2010-08-25 | 6.8 | CVE-2009-4982 VUPEN BID SECUNIA |
| jrbcs -- webform_report | Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. | 2010-08-25 | 4.3 | CVE-2009-4990 BID SECUNIA CONFIRM |
| keil-software -- photokorn_gallery | Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. | 2010-08-25 | 4.3 | CVE-2009-4980 BID SECUNIA MISC |
| keil-software -- photokorn_gallery | Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators. | 2010-08-25 | 6.8 | CVE-2009-4981 SECUNIA MISC |
| linux -- kernel | Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. | 2010-08-20 | 4.7 | CVE-2010-3015 MLIST CONFIRM CONFIRM XF BID CONFIRM MLIST MLIST |
| lynx -- lynx | Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name. | 2010-08-20 | 6.8 | CVE-2010-2810 CONFIRM XF VUPEN MLIST MLIST |
| mono-project -- libgdiplus | Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. | 2010-08-24 | 6.8 | CVE-2010-1526 MISC SECUNIA |
| omnistaretools -- omnistar_recruiting | Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter. | 2010-08-25 | 4.3 | CVE-2009-4991 SECUNIA MISC |
| php -- php | mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. | 2010-08-20 | 5.0 | CVE-2010-3062 CONFIRM CONFIRM MISC MISC |
| php -- php | The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used. | 2010-08-20 | 5.0 | CVE-2010-3063 CONFIRM CONFIRM MISC |
| php -- php | Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function. | 2010-08-20 | 6.8 | CVE-2010-3064 CONFIRM CONFIRM MISC |
| php -- php | The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. | 2010-08-20 | 5.0 | CVE-2010-3065 DEBIAN MISC |
| php -- php | The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. | 2010-08-20 | 5.0 | CVE-2010-2484 CONFIRM CONFIRM |
| php -- php | The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. | 2010-08-20 | 4.3 | CVE-2010-2531 CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM |
| phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | 2010-08-24 | 4.3 | CVE-2010-3056 BID CONFIRM CONFIRM MISC SECUNIA FEDORA FEDORA |
| redhat -- enterprise_virtualization | libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | 2010-08-24 | 6.6 | CVE-2010-0428 REDHAT REDHAT CONFIRM |
| redhat -- enterprise_virtualization | libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | 2010-08-24 | 6.6 | CVE-2010-0429 REDHAT REDHAT CONFIRM |
| redhat -- enterprise_virtualization | QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | 2010-08-24 | 6.6 | CVE-2010-0431 REDHAT CONFIRM REDHAT |
| redhat -- enterprise_virtualization | The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. | 2010-08-24 | 4.6 | CVE-2010-0435 REDHAT REDHAT CONFIRM |
| redhat -- enterprise_virtualization | The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | 2010-08-24 | 6.6 | CVE-2010-2784 REDHAT REDHAT CONFIRM MLIST |
| redhat -- enterprise_virtualization | Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic. | 2010-08-24 | 5.7 | CVE-2010-2811 REDHAT REDHAT CONFIRM BID SECTRACK |
| smartertools -- smartertrack | Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2010-08-25 | 4.3 | CVE-2009-4994 CONFIRM SECUNIA MISC |
| smartertools -- smartertrack | Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-08-25 | 4.3 | CVE-2009-4995 SECUNIA |
| snowhall -- silurus_system | Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php. | 2010-08-25 | 4.3 | CVE-2009-4983 SECUNIA MISC |
| tufat -- mybackup | PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter. | 2010-08-25 | 6.5 | CVE-2009-4977 VUPEN SECUNIA |
| tufat -- mybackup | Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | 2010-08-25 | 5.0 | CVE-2009-4978 VUPEN SECUNIA |
| videolan -- vlc_media_player | The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file. | 2010-08-20 | 5.0 | CVE-2010-2937 VUPEN CONFIRM BID CONFIRM CONFIRM |
| websitesrus -- accessories_me_php_affiliate_script | Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php. | 2010-08-25 | 4.3 | CVE-2009-4984 SECUNIA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| anibal_monsalve_salaz -- ssmtp | ** DISPUTED ** The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact. | 2010-08-20 | 2.1 | CVE-2008-7258 CONFIRM MISC CONFIRM CONFIRM BID MLIST SECUNIA MLIST MLIST MLIST FEDORA FEDORA |
| freebsd -- freebsd | The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read. | 2010-08-20 | 1.2 | CVE-2010-3014 CONFIRM CONFIRM MISC BUGTRAQ |
| freedesktop -- dbus-glib | DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. | 2010-08-20 | 3.6 | CVE-2010-1172 CONFIRM XF VUPEN REDHAT SECUNIA SECUNIA CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.