Vulnerability Summary for the Week of October 25, 2010
Released
Nov 01, 2010
Document ID
SB10-305
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- shockwave_player | The Director module (dirapi.dll) in Adobe Shockwave player 11.5.8.612, and probably other versions, allows remote attackers to execute arbitrary code via a Directory movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, which triggers memory corruption. NOTE: some of these details are obtained from third party information. | 2010-10-26 | 9.3 | CVE-2010-3653 XF VUPEN BID EXPLOIT-DB |
| hp -- insight_control_server_migration | Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | 2010-10-28 | 9.0 | CVE-2010-3992 HP HP |
| hp -- palm_webos | Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document. | 2010-10-28 | 9.3 | CVE-2010-4025 HP HP |
| hp -- loadrunner | Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors. | 2010-10-28 | 7.5 | CVE-2010-4028 HP HP |
| hp -- storage_essentials | Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | 2010-10-28 | 7.5 | CVE-2010-4029 HP HP |
| ibm -- informix_dynamic_server | Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243. | 2010-10-23 | 9.0 | CVE-2010-4053 XF MISC VUPEN OSVDB SECUNIA |
| ibm -- informix_dynamic_server | Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. | 2010-10-25 | 8.5 | CVE-2010-4069 MISC VUPEN OSVDB SECUNIA |
| ibm -- informix_dynamic_server | Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308. | 2010-10-25 | 10.0 | CVE-2010-4070 MISC VUPEN OSVDB SECUNIA |
| ibm -- tivoli_provisioning_manager_os_deployment | ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." | 2010-10-28 | 7.5 | CVE-2010-4121 MISC SECTRACK MISC |
| microsoft -- windows_7 | Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." | 2010-10-26 | 9.3 | CVE-2010-3227 MS EXPLOIT-DB MISC |
| mozilla -- firefox | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | 2010-10-27 | 9.3 | CVE-2010-3765 CONFIRM CONFIRM MISC MISC MISC CONFIRM |
| realpage -- module_activex_control | Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value. | 2010-10-26 | 10.0 | CVE-2010-2585 BID OSVDB MISC SECUNIA |
| symantec -- im_manager | Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp. | 2010-10-28 | 7.5 | CVE-2010-0112 XF MISC MISC MISC MISC MISC MISC MISC VUPEN CONFIRM BID SECUNIA |
| tibco -- activematrix_businessworks_service_engine | The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors. | 2010-10-26 | 10.0 | CVE-2010-3491 CONFIRM XF VUPEN CONFIRM BID SECUNIA |
| tu-braunschweig -- libsmi | Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters. | 2010-10-27 | 7.5 | CVE-2010-2891 BID EXPLOIT-DB MISC XF VUPEN BUGTRAQ MANDRIVA CONFIRM SECUNIA |
| typo3 -- typo3 | The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. | 2010-10-25 | 7.1 | CVE-2010-3714 CONFIRM BID DEBIAN |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- robohelp | Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word. | 2010-10-26 | 4.3 | CVE-2010-2885 CONFIRM SECTRACK VUPEN SECUNIA |
| adobe -- robohelp | Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-26 | 4.3 | CVE-2010-2886 CONFIRM VUPEN SECTRACK SECUNIA |
| artifex -- afpl_ghostscript | The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. | 2010-10-23 | 4.3 | CVE-2010-4054 CERT-VN MLIST |
| avatic -- aardvark_topsites_php | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302. | 2010-10-27 | 4.3 | CVE-2010-4097 XF BID BUGTRAQ |
| curl -- curl | Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using (backslash) as a separator of path components within the Content-disposition HTTP header. | 2010-10-27 | 5.8 | CVE-2010-3842 MLIST CONFIRM MLIST MLIST SECTRACK SECUNIA CONFIRM |
| fenrir -- grani | Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 and Grani before 4.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3163 CONFIRM CONFIRM JVNDB JVN |
| fenrir -- grani | Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3164 MISC MISC JVNDB JVN |
| hp -- systems_insight_manager | Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-10-23 | 6.8 | CVE-2010-3288 HP HP |
| hp -- systems_insight_manager | Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-23 | 4.3 | CVE-2010-3289 XF BID HP HP |
| hp -- systems_insight_manager | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | 2010-10-23 | 6.5 | CVE-2010-3290 XF BID HP HP |
| hp -- virtual_connect_enterprise_manager | Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors. | 2010-10-26 | 5.0 | CVE-2010-3986 VUPEN HP HP |
| hp -- operations_orchestration | Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-26 | 4.3 | CVE-2010-3985 XF VUPEN BID HP HP |
| hp -- insight_control_virtual_machine_management | Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-28 | 4.3 | CVE-2010-3987 HP HP |
| hp -- insight_control_virtual_machine_management | Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors. | 2010-10-28 | 5.0 | CVE-2010-3988 HP HP |
| hp -- insight_control_virtual_machine_management | Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-10-28 | 6.8 | CVE-2010-3989 HP HP |
| hp -- virtual_server_environment | Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | 2010-10-28 | 5.0 | CVE-2010-3990 VUPEN BID SECTRACK HP HP |
| hp -- insight_control_server_migration | Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-28 | 4.3 | CVE-2010-3991 HP HP |
| hp -- insight_control_server_migration | Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors. | 2010-10-28 | 6.4 | CVE-2010-3993 HP HP |
| hp -- hp | Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-28 | 4.3 | CVE-2010-3994 BID SECTRACK SECUNIA HP HP |
| hp -- insight_control_power_management | Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-28 | 4.3 | CVE-2010-4023 HP HP |
| hp -- insight_control_power_management | Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-10-28 | 6.8 | CVE-2010-4024 HP HP |
| hp -- palm_webos | Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls. | 2010-10-28 | 6.2 | CVE-2010-4026 HP HP |
| hp -- palm_webos | Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors. | 2010-10-28 | 5.6 | CVE-2010-4027 HP HP |
| ibm -- soliddb | Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. | 2010-10-23 | 5.0 | CVE-2010-4055 XF VUPEN EXPLOIT-DB SECTRACK SECUNIA MISC |
| ibm -- soliddb | solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. | 2010-10-23 | 5.0 | CVE-2010-4056 XF VUPEN EXPLOIT-DB SECTRACK SECUNIA MISC |
| ibm -- soliddb | solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315. | 2010-10-23 | 5.0 | CVE-2010-4057 XF VUPEN EXPLOIT-DB SECTRACK SECUNIA MISC |
| ibm -- rational_quality_manager | The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548. | 2010-10-26 | 5.0 | CVE-2010-4094 MISC VUPEN SECTRACK MISC |
| ibm -- tivoli_access_manager_for_e-business | Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. | 2010-10-28 | 4.3 | CVE-2010-4120 XF VUPEN BID AIXAPAR SECTRACK SECUNIA |
| joomla -- joomla! | Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities." | 2010-10-27 | 4.3 | CVE-2010-3712 MLIST MLIST CONFIRM |
| k2top -- k2editor | Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3156 JVNDB JVN |
| masahiko_watanabe -- apsaly | Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3162 CONFIRM JVNDB JVN |
| monkeysphere_project -- monkeysphere | share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local users to execute arbitrary code via unknown manipulations related to the "monkeysphere-authentication keys-for-user" command. | 2010-10-27 | 4.6 | CVE-2010-4096 MLIST |
| monotone -- monotone | monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command. | 2010-10-27 | 5.0 | CVE-2010-4098 XF BID CONFIRM SECUNIA |
| nitrosecurity -- nitroview_esm_software | ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess. | 2010-10-27 | 6.8 | CVE-2010-4099 XF SECTRACK BID EXPLOIT-DB |
| openfabrics -- enterprise_distribution | openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file. | 2010-10-26 | 6.3 | CVE-2010-1693 XF BID OSVDB MLIST SECUNIA MLIST |
| php -- php | Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. | 2010-10-25 | 4.3 | CVE-2010-3710 CONFIRM |
| pidgin -- pidgin | libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support. | 2010-10-27 | 4.0 | CVE-2010-3711 VUPEN CONFIRM CONFIRM CONFIRM XF VUPEN VUPEN REDHAT OSVDB MANDRIVA SECTRACK SECUNIA SECUNIA |
| ponsoftware -- explzh | Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3159 MISC JVNDB JVN |
| ponsoftware -- archive_decoder | Untrusted search path vulnerability in Archive Decoder 1.23 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3160 MISC JVNDB JVN |
| realpage -- module_activex_controls | The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property. | 2010-10-26 | 5.0 | CVE-2010-2584 BID OSVDB MISC SECUNIA |
| robo-ftp -- robo-ftp | Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response. | 2010-10-26 | 4.3 | CVE-2010-4095 XF BID BUGTRAQ MISC SECUNIA CONFIRM |
| ruby_on_rails -- ruby_on_rails | Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. | 2010-10-27 | 6.4 | CVE-2010-3933 VUPEN CONFIRM SECTRACK SECUNIA |
| susumu_terao -- terapad | Untrusted search path vulnerability in TeraPad before 1.00 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3161 CONFIRM JVNDB JVN |
| typo3 -- typo3 | Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. | 2010-10-25 | 4.3 | CVE-2010-3715 BID DEBIAN CONFIRM |
| typo3 -- typo3 | The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | 2010-10-25 | 6.0 | CVE-2010-3716 BID DEBIAN CONFIRM |
| typo3 -- typo3 | The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | 2010-10-25 | 5.0 | CVE-2010-3717 BID DEBIAN CONFIRM |
| typo3 -- typo3 | Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. | 2010-10-25 | 4.9 | CVE-2010-4068 BID DEBIAN CONFIRM |
| usebb -- usebb | rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed. | 2010-10-27 | 4.3 | CVE-2010-3713 CONFIRM CONFIRM MLIST MLIST |
| yokkasoft -- deuxeditor | Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier, UnEditor 1.10.1.2 and earlier, DeuxEditor 1.7.1.2 and earlier, SQLEditorXP 3.14.1.2 and earlier, SQLEditorTE 1.9.1.3 and earlier, SQLEditor8 3.8.1.2 and earlier, and SQLEditorClassic 1.8.1.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-25 | 6.9 | CVE-2010-3165 JVNDB JVN |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.