Vulnerability Summary for the Week of May 3, 2010
Released
May 10, 2010
Document ID
SB10-130
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 2daybiz -- polls_script | Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information. | 2010-05-04 | 7.5 | CVE-2010-1704 XF XF BID MISC SECUNIA MISC |
| 2daybiz -- auction_script | Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-04 | 7.5 | CVE-2010-1706 XF VUPEN BID MISC SECUNIA MISC OSVDB |
| abc_backup -- abc_backup | Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. | 2010-05-05 | 9.3 | CVE-2010-1686 VUPEN VUPEN MISC SECUNIA SECUNIA |
| adobe -- photoshop_cs4 | Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | 2010-05-05 | 9.3 | CVE-2010-1279 CONFIRM VUPEN BID SECUNIA |
| alibabaclone -- b2b_gold_script | SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-05-06 | 7.5 | CVE-2010-1744 XF BID MISC SECUNIA MISC OSVDB |
| alibabaplatinumscript -- alibaba_clone_platinum | SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-05-06 | 7.5 | CVE-2010-1725 XF BID MISC MISC |
| aspsiteware -- jobpost | SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information. | 2010-05-06 | 7.5 | CVE-2010-1727 XF BID MISC SECUNIA MISC |
| base -- basic_analysis_and_security_engine | SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | 2010-05-06 | 7.5 | CVE-2009-4838 CONFIRM SECUNIA CONFIRM |
| billwerx -- billwerx_rc | SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter. | 2010-05-06 | 7.5 | CVE-2010-1741 XF BID MISC |
| cacti -- cacti | SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. | 2010-05-04 | 7.5 | CVE-2010-1431 CONFIRM CONFIRM VUPEN DEBIAN SECUNIA SECUNIA FULLDISC |
| campware.org -- campsite | SQL injection vulnerability in javascript/tinymce/plugins/campsiteattachment/attachments.php in Campsite 3.2 through 3.3.5 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | 2010-05-06 | 7.5 | CVE-2010-1745 CONFIRM XF BID SECUNIA MISC OSVDB |
| cursorarts -- zipwrangler | Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename. | 2010-05-04 | 9.3 | CVE-2010-1685 MISC SECUNIA OSVDB |
| ec21clone -- ec21_clone | SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-05-06 | 7.5 | CVE-2010-1726 XF BID MISC MISC |
| freeguppy -- guppy | SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter. | 2010-05-06 | 7.5 | CVE-2010-1740 XF BID MISC MISC |
| freerealty.rwcinc -- free_realty | Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter). | 2010-05-04 | 7.5 | CVE-2010-1708 XF BID MISC MISC |
| google -- chrome | Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. | 2010-05-03 | 7.5 | CVE-2010-1665 VUPEN SECUNIA CONFIRM CONFIRM |
| internetdownloadmanager -- internet_download_manager | Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server. | 2010-05-06 | 10.0 | CVE-2010-0995 BID BUGTRAQ MISC MISC SECUNIA |
| joomla -- com_agenda | SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 2010-05-04 | 7.5 | CVE-2010-1716 XF BID OSVDB MISC MISC SECUNIA |
| joomla -- joomla | SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php. | 2010-05-04 | 7.5 | CVE-2010-1721 XF BID MISC SECUNIA OSVDB MISC |
| joomla -- com_newsfeeds | SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php. | 2010-05-06 | 7.5 | CVE-2010-1739 XF BID MISC MISC |
| lexmark -- 25xxn | The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. | 2010-05-04 | 7.8 | CVE-2010-0101 CONFIRM |
| microsoft -- visio | Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. | 2010-05-06 | 7.6 | CVE-2010-1681 BID BUGTRAQ MISC |
| moviephp -- movie_php_script | Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter. | 2010-05-06 | 7.5 | CVE-2009-4836 VUPEN MILW0RM SECUNIA OSVDB |
| opera -- opera_browser | Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. | 2010-05-06 | 9.3 | CVE-2010-1728 XF VUPEN CONFIRM CONFIRM CONFIRM SECUNIA CONFIRM MISC |
| postnuke -- postnuke | SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action. | 2010-05-04 | 7.5 | CVE-2010-1713 XF BID MISC MISC |
| qproje -- com_qpersonel | SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php. | 2010-05-04 | 7.5 | CVE-2010-1720 XF MISC BID MISC SECUNIA OSVDB |
| rocky.nu -- php_video_battle_script | SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 2010-05-04 | 7.5 | CVE-2010-1701 VUPEN MISC SECUNIA |
| rocky.nu -- modelbook | SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter. | 2010-05-04 | 7.5 | CVE-2010-1705 VUPEN MISC SECUNIA |
| roxio -- cineplayer | Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method. | 2010-05-06 | 9.3 | CVE-2009-4840 XF MILW0RM |
| roxio -- cineplayer | Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559. | 2010-05-06 | 9.3 | CVE-2009-4841 MILW0RM |
| satyadeep -- scratcher | SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-05-06 | 7.5 | CVE-2010-1743 XF BID MISC SECUNIA MISC OSVDB |
| taskfreak -- taskfreak | SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action. | 2010-05-06 | 7.5 | CVE-2010-1583 XF MISC BID MISC MISC |
| tetex -- tetex | Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. | 2010-05-07 | 7.5 | CVE-2010-0827 CONFIRM UBUNTU CONFIRM CONFIRM CONFIRM |
| toutvirtual -- virtualiq | ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console. | 2010-05-07 | 7.5 | CVE-2009-4843 BUGTRAQ MISC SECUNIA |
| whmcs -- whmcs | SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. | 2010-05-04 | 7.5 | CVE-2010-1702 XF BID MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 2daybiz -- polls_script | Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field. | 2010-05-04 | 4.3 | CVE-2010-1703 XF XF BID MISC SECUNIA MISC |
| apple -- safari | WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 2010-05-06 | 4.3 | CVE-2010-1729 MISC |
| aspindir -- krm_haber | KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | 2010-05-06 | 5.0 | CVE-2010-1736 XF SECUNIA MISC OSVDB |
| base -- basic_analysis_and_security_engine | Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information. | 2010-05-06 | 4.3 | CVE-2009-4837 MISC CONFIRM SECUNIA CONFIRM |
| base -- basic_analysis_and_security_engine | Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php. | 2010-05-06 | 4.3 | CVE-2009-4839 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| carlos_eduardo_sotelo_pinto -- 0.1.0 | PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter. | 2010-05-06 | 6.8 | CVE-2010-1737 VUPEN BID MISC SECUNIA MISC |
| cisco -- router_and_security_device_manager | Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. | 2010-05-04 | 4.3 | CVE-2010-0594 JVNDB JVN |
| dev.pucit.edu.pk -- com_arcadegames | Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-04 | 5.0 | CVE-2010-1714 XF VUPEN OSVDB MISC SECUNIA MISC |
| dolphin -- dolphin_browser | Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 2010-05-06 | 5.0 | CVE-2010-1730 MISC |
| g5-scripts -- auto-img-gallery | Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters. | 2010-05-04 | 4.3 | CVE-2010-1709 XF MISC BID SECUNIA |
| google -- chrome | Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 2010-05-06 | 4.3 | CVE-2010-1731 MISC |
| joomla -- com_if_surfalert | Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-04 | 6.8 | CVE-2010-1717 VUPEN MISC SECUNIA |
| joomla -- com_market | Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-04 | 6.8 | CVE-2010-1722 XF OSVDB MISC SECUNIA MISC |
| joomla -- com_drawroot | Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-04 | 6.8 | CVE-2010-1723 VUPEN MISC SECUNIA |
| lispeltuut -- com_archeryscores | Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-04 | 6.8 | CVE-2010-1718 BID MISC SECUNIA |
| malcom_box -- lxr_cross_referencer | Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via a title string. | 2010-05-06 | 4.3 | CVE-2010-1738 BID CONFIRM CONFIRM XF OSVDB SECUNIA CONFIRM |
| mega-nerd -- libsndfile | The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. | 2010-05-06 | 4.3 | CVE-2009-4835 VUPEN BID SECUNIA CONFIRM |
| microsoft -- windows_2000 | The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. | 2010-05-06 | 4.9 | CVE-2010-1734 BID BUGTRAQ MISC SECUNIA |
| microsoft -- windows_2000 | The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. | 2010-05-06 | 4.9 | CVE-2010-1735 BID BUGTRAQ MISC SECUNIA |
| mochasoft -- mocha_w32_lpd | Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information. | 2010-05-04 | 5.0 | CVE-2010-1687 OSVDB MISC MISC SECUNIA |
| moto-treks -- com_mtfireeagle | Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | 2010-05-04 | 6.8 | CVE-2010-1719 XF BID MISC SECUNIA MISC OSVDB |
| ocsinventory-ng -- ocs_inventory_ng | Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-05-06 | 6.8 | CVE-2010-1733 XF SECUNIA OSVDB |
| openttd -- openttd | OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | 2010-05-05 | 6.5 | CVE-2010-0401 CONFIRM SECUNIA CONFIRM |
| openttd -- openttd | OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command. | 2010-05-05 | 6.5 | CVE-2010-0402 CONFIRM SECUNIA |
| openttd -- openttd | OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | 2010-05-05 | 4.0 | CVE-2010-0406 CONFIRM SECUNIA CONFIRM |
| piwigo -- piwigo | Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. | 2010-05-04 | 4.3 | CVE-2010-1707 VUPEN CONFIRM |
| pucit.edu -- com_onlineexam | Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-04 | 6.8 | CVE-2010-1715 XF OSVDB MISC SECUNIA MISC |
| ramoncastro -- siestta | Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the idioma parameter. | 2010-05-04 | 6.8 | CVE-2010-1710 XF BID OSVDB MISC SECUNIA MISC |
| ramoncastro -- siestta | Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter. | 2010-05-04 | 4.3 | CVE-2010-1711 XF BID OSVDB MISC SECUNIA MISC |
| satyadeep -- scratcher | Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter. | 2010-05-06 | 4.3 | CVE-2010-1742 XF BID MISC SECUNIA MISC OSVDB |
| toolsjx -- table_jx | Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php. | 2010-05-06 | 4.3 | CVE-2010-1746 XF VUPEN BID MISC |
| toutvirtual -- virtualiq | Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the (4) firstName, (5) lastName, or (6) email parameter in a save action to tvserver/user/user.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-05-07 | 4.3 | CVE-2009-4842 SECUNIA |
| toutvirtual -- virtualiq | ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request. | 2010-05-07 | 5.0 | CVE-2009-4844 BUGTRAQ MISC |
| toutvirtual -- virtualiq | The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields. | 2010-05-07 | 5.0 | CVE-2009-4845 BUGTRAQ MISC |
| webmobo -- wbnews | Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information. | 2010-05-04 | 4.3 | CVE-2010-1712 XF BID OSVDB MISC MISC MISC SECUNIA MISC |
| xpressengine -- zeroboard | lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php. | 2010-05-04 | 6.8 | CVE-2009-4834 XF BID MILW0RM |
| zikula -- zikula_application_framework | Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | 2010-05-06 | 6.4 | CVE-2010-1732 MISC CONFIRM |
| zikula -- zikula_application_framework | Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php. | 2010-05-06 | 4.3 | CVE-2010-1724 XF BUGTRAQ OSVDB MISC MISC SECUNIA OSVDB CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| mytty -- webapplication_finger_printer | Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. | 2010-05-06 | 2.1 | CVE-2010-1438 BID MLIST MLIST MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.