Vulnerability Summary for the Week of April 5, 2010

Released
Apr 12, 2010
Document ID
SB10-102

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
adobe -- acrobat_readerAdobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.2010-04-059.3CVE-2009-4764
MISC
MISC
MLIST
MLIST
adobe -- acrobat_readerAdobe Reader 9.3.1 on Windows does not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.2010-04-059.3CVE-2010-1240
MLIST
MISC
adobe -- acrobat_readerThe custom heap management system in Adobe Reader 9.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted PDF document, aka FG-VD-10-005.2010-04-059.3CVE-2010-1241
MISC
MLIST
MISC
apache -- couchdbApache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.2010-04-057.5CVE-2010-0009
CONFIRM
CONFIRM
BID
BUGTRAQ
OSVDB
SECUNIA
BUGTRAQ
bjsintay -- sitexSQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.2010-04-097.5CVE-2010-1343
XF
BID
MISC
ca -- xosoft_content_distributionMultiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.2010-04-0710.0CVE-2010-1223
CONFIRM
BID
MISC
MISC
BUGTRAQ
BUGTRAQ
BUGTRAQ
centreon -- centreonSQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.2010-04-077.5CVE-2010-1301
BID
MISC
SECUNIA
MISC
OSVDB
clamav -- clamavClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.2010-04-0810.0CVE-2010-0098
BID
CONFIRM
SECUNIA
CONFIRM
cookex -- com_ckformsSQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.2010-04-097.5CVE-2010-1344
BID
XF
OSVDB
MISC
SECUNIA
MISC
ekith -- com_dcs_flashgamesSQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.2010-04-067.5CVE-2010-1265
BID
MISC
SECUNIA
MISC
emweb -- wtEmweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.2010-04-069.3CVE-2010-1273
CONFIRM
BID
OSVDB
SECUNIA
foxitsoftware -- foxit_readerFoxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.2010-04-059.3CVE-2010-1239
CERT-VN
CONFIRM
CONFIRM
MISC
MISC
MISC
heartlogic -- hl-sitemanagerSQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors.2010-04-097.5CVE-2010-1331
XF
CONFIRM
JVNDB
JVN
ibm -- webiThe IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors.2010-04-057.5CVE-2010-1243
CONFIRM
VUPEN
SECUNIA
invohost -- invohostMultiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.2010-04-097.5CVE-2010-1336
XF
XF
BID
MISC
SECUNIA
OSVDB
OSVDB
justsystems -- ichitaroStack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter."2010-04-069.3CVE-2009-4737
VUPEN
CONFIRM
XF
BID
OSVDB
MISC
MISC
SECUNIA
JVNDB
JVN
kjetiltroan -- webmaid_cmsMultiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.2010-04-067.5CVE-2010-1266
XF
VUPEN
BID
MISC
MISC
MISC
komputer.boo -- gnat-tgpPHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.2010-04-067.5CVE-2010-1272
XF
BID
MISC
MISC
linux -- kernelLinux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.2010-04-067.1CVE-2010-1084
CONFIRM
MLIST
CONFIRM
MISC
linux -- kernelThe azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error.2010-04-067.1CVE-2010-1085
CONFIRM
MLIST
MISC
MLIST
linux -- kernelThe ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.2010-04-067.8CVE-2010-1086
CONFIRM
MLIST
CONFIRM
linux -- kernelThe nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.2010-04-067.8CVE-2010-1087
CONFIRM
MLIST
CONFIRM
lussumo -- vanillaMultiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.2010-04-097.5CVE-2010-1337
XF
BID
MISC
mahara -- maharaSQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.2010-04-077.5CVE-2010-0400
CONFIRM
BID
DEBIAN
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2010-04-059.3CVE-2010-0173
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
XF
VUPEN
CONFIRM
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2010-04-0510.0CVE-2010-0174
CONFIRM
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefoxUse-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to a certain event handler.2010-04-059.3CVE-2010-0175
CONFIRM
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefoxMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability."2010-04-059.3CVE-2010-0176
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefoxThe window.navigator.plugins object in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not properly manage memory during a page reload, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger deletion of referenced objects, related to a "dangling pointer vulnerability."2010-04-059.3CVE-2010-0177
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
mozilla -- firefoxMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.2010-04-057.6CVE-2010-0178
CONFIRM
XF
VUPEN
VUPEN
VUPEN
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
mozilla -- firefoxMozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.2010-04-059.3CVE-2010-0179
CONFIRM
XF
VUPEN
VUPEN
VUPEN
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
SECUNIA
novell -- netware_ftp_serverNWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.2010-04-057.5CVE-2003-1593
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.2010-04-057.5CVE-2003-1594
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.2010-04-0510.0CVE-2003-1595
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.2010-04-057.5CVE-2003-1596
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords.2010-04-057.5CVE-2005-4887
CONFIRM
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.2010-04-057.5CVE-2007-6735
CONFIRM
CONFIRM
phpscripte24 -- niedrig_gebote_pro_auktions_system_iiSQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.2010-04-067.5CVE-2010-1269
XF
MISC
SECUNIA
MISC
MISC
phpscripte24 -- multi_suktions_komplett_systemSQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.2010-04-067.5CVE-2010-1270
XF
BID
OSVDB
MISC
SECUNIA
MISC
MISC
roberto_aloi -- com_joomlapicasa2Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.2010-04-087.5CVE-2010-1306
BID
MISC
SECUNIA
MISC
robertotto -- teamsite_hack_pluginSQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.2010-04-097.5CVE-2010-1338
XF
BID
MISC
SECUNIA
MISC
OSVDB
MISC
MISC
smart-plugs -- smartplugsSQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.2010-04-067.5CVE-2010-1271
XF
BID
MISC
SECUNIA
MISC
MISC
systemsoftware -- community_black_forumSQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.2010-04-097.5CVE-2010-1341
XF
OSVDB
MISC
SECUNIA
varnish.projects.linpro -- varnish** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless."2010-04-057.5CVE-2009-2936
MISC
MISC
BUGTRAQ
BUGTRAQ
yamamah -- yamamahSQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.2010-04-077.5CVE-2010-1300
XF
MISC
SECUNIA
MISC
OSVDB
zabbix -- zabbixSQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.2010-04-067.5CVE-2010-1277
MISC
VUPEN
BID
BUGTRAQ
OSVDB
SECUNIA
MISC
MISC
FULLDISC

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
alex_rabe -- nextgen_galleryCross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.2010-04-074.3CVE-2010-1186
CONFIRM
BID
MISC
almas -- compiereMultiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-04-094.3CVE-2010-1333
CONFIRM
XF
XF
SECUNIA
OSVDB
JVNDB
JVNDB
JVN
JVN
apache -- activemqCross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.2010-04-056.8CVE-2010-1244
CONFIRM
CONFIRM
CONFIRM
XF
SECUNIA
apple -- airport_utilityAirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.2010-04-056.8CVE-2009-2822
VUPEN
BID
CONFIRM
APPLE
XF
OSVDB
SECTRACK
SECUNIA
bbsxp -- bbsxpCross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter.2010-04-064.3CVE-2010-1275
BID
BUGTRAQ
SECUNIA
bbsxp -- bbsxpMultiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-04-064.3CVE-2010-1276
SECUNIA
ca -- xosoft_content_distributionCA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.2010-04-075.0CVE-2010-1221
CONFIRM
BID
BUGTRAQ
ca -- xosoft_content_distributionCA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request.2010-04-075.0CVE-2010-1222
CONFIRM
BID
BUGTRAQ
clamav -- clamavThe qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.2010-04-085.0CVE-2010-1311
BID
CONFIRM
SECUNIA
CONFIRM
cookex -- com_ckformsDirectory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-04-095.0CVE-2010-1345
OSVDB
MISC
SECUNIA
MISC
decryptweb -- com_dwgraphsDirectory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.2010-04-075.0CVE-2010-1302
BID
MISC
SECUNIA
MISC
OSVDB
directnews -- direct_newsMultiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information.2010-04-096.8CVE-2010-1342
BID
MISC
SECUNIA
dynpg -- dynpg_cmsMultiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information.2010-04-075.1CVE-2010-1299
BID
BUGTRAQ
MISC
CONFIRM
SECUNIA
MISC
OSVDB
ermenegildo_fiorito -- irmin_cmsDirectory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information.2010-04-076.8CVE-2008-7254
MISC
SECUNIA
MISC
OSVDB
ermenegildo_fiorito -- irmin_cmsDirectory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php.2010-04-085.0CVE-2010-1309
MISC
fh54 -- justvisualDirectory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.2010-04-066.8CVE-2010-1268
XF
BID
MISC
SECUNIA
MISC
OSVDB
gnu -- emacslib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.2010-04-054.4CVE-2010-0825
CONFIRM
XF
VUPEN
UBUNTU
SECUNIA
ibm -- webiMultiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-04-054.3CVE-2010-1242
CONFIRM
VUPEN
SECUNIA
ijoomla -- com_news_portalDirectory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-04-085.0CVE-2010-1312
BID
MISC
SECUNIA
MISC
iscsitarget -- iscsitargetMultiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.2010-04-085.0CVE-2010-0743
CONFIRM
CONFIRM
CONFIRM
XF
BID
SECUNIA
MLIST
joomla-research -- com_jresearchDirectory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-04-095.0CVE-2010-1340
XF
BID
SECUNIA
MISC
OSVDB
joomlamo -- com_userstatusDirectory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-04-085.0CVE-2010-1304
XF
BID
MISC
joomlamo -- com_jinventoryDirectory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-04-085.0CVE-2010-1305
MISC
VUPEN
BID
MISC
SECUNIA
MISC
joomlamo -- com_weberpcustomerDirectory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.2010-04-085.0CVE-2010-1315
XF
MISC
SECUNIA
MISC
joomlanook -- com_hsconfigDirectory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.2010-04-085.0CVE-2010-1314
BID
MISC
SECUNIA
MISC
kjetiltroan -- webmaid_cmsMultiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.2010-04-065.0CVE-2010-1267
VUPEN
BID
MISC
MISC
MISC
la-souris-verte -- com_svmapDirectory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-04-085.0CVE-2010-1308
VUPEN
MISC
SECUNIA
MISC
linux -- kernelThe processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).2010-04-064.7CVE-2010-1083
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
linux -- kernelfs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.2010-04-065.4CVE-2010-1088
CONFIRM
MLIST
CONFIRM
mielke -- brlttyUntrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.2010-04-056.9CVE-2008-3279
CONFIRM
VUPEN
REDHAT
SECUNIA
miftahovn -- insky_cmsMultiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information.2010-04-096.8CVE-2010-1335
XF
MISC
SECUNIA
MISC
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
mit -- kerberosUse-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.2010-04-074.0CVE-2010-0629
BID
CONFIRM
BUGTRAQ
SECTRACK
CONFIRM
CONFIRM
moinmo -- moinmoinMoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.2010-04-055.0CVE-2010-1238
DEBIAN
mozilla -- firefoxMozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.2010-04-054.3CVE-2010-0181
CONFIRM
XF
VUPEN
CONFIRM
SECUNIA
mozilla -- firefoxThe XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.2010-04-054.3CVE-2010-0182
CONFIRM
XF
VUPEN
CONFIRM
novell -- netware_ftp_serverMultiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password.2010-04-055.0CVE-2003-1592
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.2010-04-054.3CVE-2004-2767
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed.2010-04-055.0CVE-2005-4888
CONFIRM
CONFIRM
novell -- netware_ftp_serverNWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.2010-04-054.0CVE-2007-6734
CONFIRM
CONFIRM
novell -- netware_ftp_serverStack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD or (2) RMD command.2010-04-056.5CVE-2010-0625
CONFIRM
VUPEN
BID
BUGTRAQ
MISC
CONFIRM
SECTRACK
SECUNIA
opera -- opera_browserOpera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.2010-04-085.0CVE-2010-1310
CONFIRM
CONFIRM
SECUNIA
prettybook -- prettyformmailCross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-04-094.3CVE-2010-1332
XF
JVNDB
JVN
pulsecms -- pulse_cmsDirectory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-04-064.0CVE-2010-1298
SECUNIA
pulsecms -- pulse_cmsMultiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks.2010-04-096.8CVE-2010-0992
CONFIRM
MISC
SECUNIA
pulsecms -- pulse_cmsUnrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.2010-04-096.0CVE-2010-0993
CONFIRM
MISC
SECUNIA
pulsecms -- pulse_cmsUnrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different vulnerability than CVE-2010-0993.2010-04-096.0CVE-2010-1334
SECUNIA
rafal_wojtczuk -- libnidsThe ip_evictor function in ip_fragment.c in libnids 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.2010-04-065.0CVE-2010-0751
VUPEN
VUPEN
MISC
XF
BID
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
CONFIRM
ribafs -- mini_cms_ribafsSQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.2010-04-096.8CVE-2010-1346
XF
BID
MISC
SECUNIA
MISC
OSVDB
robertotto -- teamsite_hack_pluginCross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-04-094.3CVE-2010-1339
SECUNIA
roshan_singh -- open_direct_connect_hubStack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message.2010-04-066.0CVE-2010-1147
CONFIRM
BUGTRAQ
MISC
MLIST
MLIST
MISC
seber -- com_sebercartDirectory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.2010-04-084.3CVE-2010-1313
BID
MISC
SECUNIA
software.realtyna -- com_joomlaupdaterDirectory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-04-085.0CVE-2010-1307
VUPEN
MISC
SECUNIA
MISC
webtoolkit -- wtCross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.2010-04-064.3CVE-2010-1274
XF
CONFIRM
BID
OSVDB
SECUNIA

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apache -- activemqCross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.2010-04-053.5CVE-2010-0684
BID
CONFIRM
CONFIRM
CONFIRM
XF
BUGTRAQ
MISC
SECTRACK
SECUNIA
freedesktop -- policykitpkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.2010-04-062.1CVE-2010-0750
CONFIRM
CONFIRM
CONFIRM
SECUNIA
MLIST
MLIST
jim_berry -- taxonomy_filterMultiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.2010-04-082.1CVE-2010-1303
CONFIRM
CONFIRM
XF
OSVDB
SECUNIA
moinmo -- moinmoinCross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.2010-04-053.5CVE-2010-0828
CONFIRM
CONFIRM
CONFIRM
XF
VUPEN
BID
DEBIAN
SECUNIA
SECUNIA
CONFIRM
piotr_roszatycki -- libnss-dbThe Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.2010-04-051.9CVE-2010-0826
CONFIRM
VUPEN
UBUNTU
BID
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.