Vulnerability Summary for the Week of September 20, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco -- ios | The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. | 2010-09-23 | 7.1 | CVE-2010-2830 CISCO |
boutikone -- boutikone | SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 2010-09-22 | 7.5 | CVE-2010-3479 XF VUPEN EXPLOIT-DB MISC |
bouzouste -- primitive_cms | cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters. | 2010-09-22 | 7.5 | CVE-2010-3483 VUPEN EXPLOIT-DB SECUNIA MISC |
cisco -- ios | Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759. | 2010-09-23 | 7.8 | CVE-2010-2828 CISCO |
cisco -- ios | Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567. | 2010-09-23 | 7.8 | CVE-2010-2829 CISCO |
e-soft24 -- banner_exchange_script | SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | 2010-09-22 | 7.5 | CVE-2009-5003 XF BID EXPLOIT-DB MISC |
egroupware -- egroupware | phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters. | 2010-09-22 | 7.5 | CVE-2010-3313 CONFIRM MLIST EXPLOIT-DB DEBIAN |
endonesia -- endonesia | SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394. | 2010-09-17 | 7.5 | CVE-2010-3461 XF EXPLOIT-DB |
lightneasy -- lightneasy | SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | 2010-09-22 | 7.5 | CVE-2010-3484 VUPEN BID EXPLOIT-DB SECUNIA MISC |
lightneasy -- lightneasy | SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-09-22 | 7.5 | CVE-2010-3485 SECUNIA |
linux -- kernel | The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. | 2010-09-22 | 7.2 | CVE-2010-3301 MISC CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM |
symphony-cms -- symphony_cms | SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. | 2010-09-17 | 7.5 | CVE-2010-3458 XF BID EXPLOIT-DB SECUNIA MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apphp -- php_microcms | Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | 2010-09-22 | 6.8 | CVE-2010-3480 XF BID EXPLOIT-DB SECUNIA SECUNIA OSVDB |
apphp -- php_microcms | Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable. | 2010-09-22 | 6.8 | CVE-2010-3481 XF BID EXPLOIT-DB VIM SECUNIA SECUNIA OSVDB |
apple -- mac_os_x | Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. | 2010-09-21 | 6.8 | CVE-2010-1820 APPLE BID CONFIRM |
arg0 -- encfs | EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte. | 2010-09-17 | 5.0 | CVE-2010-3075 CONFIRM VUPEN MLIST MLIST MLIST CONFIRM SECUNIA SECUNIA FEDORA FEDORA FEDORA FULLDISC |
atutor -- achecker | Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter. | 2010-09-17 | 4.3 | CVE-2010-3455 BUGTRAQ MISC SECUNIA MISC |
bouzouste -- primitive_cms | Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication. | 2010-09-22 | 6.5 | CVE-2010-3482 VUPEN EXPLOIT-DB MISC |
digitalworkroom -- cms_digital_workroom | Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter. | 2010-09-22 | 4.3 | CVE-2010-3489 MISC BID OSVDB SECUNIA MISC |
drupal -- drupal | The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. | 2010-09-21 | 5.5 | CVE-2010-3092 CONFIRM BID DEBIAN MLIST MLIST |
e-xoopport -- samsara | SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action. | 2010-09-17 | 6.8 | CVE-2010-3467 XF EXPLOIT-DB SECUNIA MISC |
ecommercesoft -- xse_shopping_cart | Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx. | 2010-09-17 | 4.3 | CVE-2010-3465 XF SECUNIA MISC OSVDB OSVDB |
egroupware -- egroupware | Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2010-09-22 | 4.3 | CVE-2010-3314 CONFIRM MLIST EXPLOIT-DB DEBIAN |
energyscripts -- simple_download | Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 2010-09-17 | 5.0 | CVE-2010-3456 XF BID OSVDB EXPLOIT-DB SECUNIA MISC |
flock -- flock | Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | 2010-09-20 | 4.3 | CVE-2010-3262 XF BID BUGTRAQ CONFIRM |
gecad -- axigen_mail_server | Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-17 | 4.3 | CVE-2010-3459 VUPEN CONFIRM XF BID OSVDB SECUNIA |
gecad -- axigen_mail_server | Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | 2010-09-17 | 5.0 | CVE-2010-3460 VUPEN CONFIRM XF BID OSVDB MISC SECUNIA MISC |
houbysoft -- quickshare | Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL. | 2010-09-22 | 5.0 | CVE-2010-3488 XF BID MISC SECUNIA MISC OSVDB |
hp -- system_management_homepage | CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2010-09-17 | 5.0 | CVE-2010-3011 HP HP SECUNIA SECUNIA |
hp -- system_management_homepage | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error. | 2010-09-17 | 4.3 | CVE-2010-3012 HP HP SECUNIA SECUNIA |
ibm -- filenet_p8_application_engine | The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | 2010-09-20 | 4.0 | CVE-2006-7241 CONFIRM |
ibm -- filenet_p8_application_engine | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | 2010-09-20 | 4.0 | CVE-2006-7242 CONFIRM |
ibm -- filenet_p8_application_engine | Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. | 2010-09-20 | 4.3 | CVE-2009-4999 AIXAPAR CONFIRM |
ibm -- filenet_p8_application_engine | Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | 2010-09-20 | 4.3 | CVE-2009-5000 CONFIRM |
ibm -- filenet_p8_application_engine | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | 2010-09-20 | 4.0 | CVE-2009-5001 CONFIRM |
ibm -- filenet_p8_application_engine | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | 2010-09-20 | 6.4 | CVE-2009-5002 AIXAPAR CONFIRM |
ibm -- filenet_p8_application_engine | Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-20 | 4.3 | CVE-2010-3470 VUPEN BID BID AIXAPAR SECUNIA SECUNIA CONFIRM CONFIRM |
ibm -- filenet_p8_application_engine | Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | 2010-09-20 | 4.3 | CVE-2010-3471 BID SECUNIA CONFIRM |
ibm -- filenet_p8_application_engine | Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-20 | 4.3 | CVE-2010-3472 VUPEN BID AIXAPAR SECUNIA CONFIRM |
ibm -- filenet_p8_application_engine | Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2010-09-20 | 5.8 | CVE-2010-3473 VUPEN BID AIXAPAR SECUNIA CONFIRM |
ibm -- db2 | IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | 2010-09-20 | 5.0 | CVE-2010-3474 XF VUPEN SECTRACK BID CONFIRM AIXAPAR SECUNIA OSVDB |
ibm -- db2 | IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | 2010-09-20 | 4.0 | CVE-2010-3475 XF VUPEN SECTRACK BID CONFIRM AIXAPAR SECUNIA OSVDB |
ibm -- websphere_application_server | Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. | 2010-09-21 | 4.0 | CVE-2010-0781 XF CONFIRM |
linux -- kernel | Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. | 2010-09-21 | 4.9 | CVE-2010-3067 CONFIRM CONFIRM CONFIRM XF |
linux -- kernel | Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. | 2010-09-21 | 4.9 | CVE-2010-3080 CONFIRM CONFIRM BID MLIST CONFIRM CONFIRM |
microsoft -- ie | The toStaticHTML function in Microsoft Internet Explorer 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, a different vulnerability than CVE-2010-1257. | 2010-09-17 | 4.3 | CVE-2010-3324 MISC FULLDISC |
microsoft -- word | MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. | 2010-09-20 | 4.3 | CVE-2010-3200 BUGTRAQ |
microsoft -- .net_framework | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack. | 2010-09-22 | 5.0 | CVE-2010-3332 XF VUPEN MISC MISC BID CONFIRM MISC MISC CONFIRM MISC MISC SECTRACK SECUNIA MISC MISC CONFIRM |
mollify -- mollify | Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information. | 2010-09-17 | 4.3 | CVE-2010-3462 BID MISC SECUNIA MISC |
netartmedia -- iboutique.mall | Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information. | 2010-09-17 | 4.3 | CVE-2010-3466 XF BID SECUNIA MISC |
otrs -- otrs | Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080. | 2010-09-20 | 5.0 | CVE-2010-3476 XF BID CONFIRM SECUNIA CONFIRM |
santafox -- santafox | Cross-site scripting (XSS) vulnerability in modules/search/search.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the search parameter to search.html. | 2010-09-17 | 4.3 | CVE-2010-3463 BUGTRAQ MISC SECUNIA MISC |
santafox -- santafox | Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php. | 2010-09-17 | 6.8 | CVE-2010-3464 BUGTRAQ MISC SECUNIA MISC |
smartertools -- smartermail | Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | 2010-09-22 | 5.0 | CVE-2010-3486 XF BID EXPLOIT-DB MISC MISC |
squid-cache -- squid | The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | 2010-09-20 | 5.0 | CVE-2010-3072 CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM SECUNIA SECUNIA FEDORA FEDORA |
symphony-cms -- symphony_cms | Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. | 2010-09-17 | 4.3 | CVE-2010-3457 XF BID EXPLOIT-DB SECUNIA MISC |
yellosoft -- pinky | Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | 2010-09-22 | 5.0 | CVE-2010-3487 OSVDB MISC SECUNIA MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
arg0 -- encfs | SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | 2010-09-17 | 2.1 | CVE-2010-3073 CONFIRM VUPEN MLIST MLIST MLIST SECUNIA SECUNIA FEDORA FEDORA FEDORA CONFIRM FULLDISC |
arg0 -- encfs | SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack. | 2010-09-17 | 2.1 | CVE-2010-3074 CONFIRM VUPEN MLIST MLIST MLIST CONFIRM SECUNIA SECUNIA FEDORA FEDORA FEDORA CONFIRM CONFIRM FULLDISC |
drupal -- drupal | The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. | 2010-09-21 | 3.5 | CVE-2010-3093 CONFIRM BID DEBIAN MLIST MLIST |
drupal -- drupal | Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | 2010-09-21 | 2.1 | CVE-2010-3094 CONFIRM BID DEBIAN MLIST MLIST |
ibm -- filenet_p8_application_engine | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. | 2010-09-20 | 2.1 | CVE-2008-7261 CONFIRM |
ibm -- filenet_p8_application_engine | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 2010-09-20 | 2.6 | CVE-2009-4998 AIXAPAR CONFIRM CONFIRM |
linux -- kernel | The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. | 2010-09-21 | 2.1 | CVE-2010-2942 CONFIRM CONFIRM CONFIRM BID MLIST MLIST CONFIRM |
linux -- kernel | The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | 2010-09-21 | 2.1 | CVE-2010-3078 CONFIRM BID MLIST MLIST MLIST CONFIRM SECTRACK SECUNIA CONFIRM |
linux -- kernel | The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. | 2010-09-21 | 2.1 | CVE-2010-3477 CONFIRM CONFIRM |
otrs -- otrs | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2010-09-20 | 3.5 | CVE-2010-2080 XF BID CONFIRM SECUNIA CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.