Vulnerability Summary for the Week of October 18, 2010

Released
Oct 25, 2010
Document ID
SB10-298

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
adobe -- flash_playerUntrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash.2010-10-199.3CVE-2010-3975
BUGTRAQ
adobe -- flash_playerUntrusted search path vulnerability in Adobe Flash Player 10.1.82.76, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash.2010-10-199.3CVE-2010-3976
BUGTRAQ
MISC
apache -- axis2Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2 and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.2010-10-1810.0CVE-2010-0219
CERT-VN
MISC
XF
VUPEN
BUGTRAQ
MISC
MISC
SECUNIA
g.rodola -- pyftpdlibFTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.2010-10-197.5CVE-2007-6737
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.2010-10-197.5CVE-2008-7263
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.2010-10-219.3CVE-2010-4034
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.2010-10-219.3CVE-2010-4035
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.2010-10-217.5CVE-2010-4039
CONFIRM
VUPEN
BID
SECUNIA
CONFIRM
google -- chromeGoogle Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.2010-10-219.3CVE-2010-4040
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."2010-10-219.3CVE-2010-4042
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
hp -- procurve_m110_access_pointUnspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4.0 allows remote attackers to execute arbitrary code via unknown vectors.2010-10-188.3CVE-2010-3287
HP
HP
kmonos -- xacrettUntrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer.2010-10-199.3CVE-2010-3157
BID
CONFIRM
SECUNIA
JVNDB
JVN
mozilla -- firefoxThe SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.2010-10-217.5CVE-2010-3173
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2010-10-219.3CVE-2010-3174
CONFIRM
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2010-10-219.3CVE-2010-3175
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2010-10-219.3CVE-2010-3176
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxStack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.2010-10-219.3CVE-2010-3179
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.2010-10-219.3CVE-2010-3180
CONFIRM
CONFIRM
mozilla -- firefoxThe LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document.2010-10-219.3CVE-2010-3183
CONFIRM
CONFIRM
opera -- opera_browserOpera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.2010-10-219.3CVE-2010-4045
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECTRACK
SECUNIA
realnetworks -- realplayerHeap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file.2010-10-189.3CVE-2010-2578
BID
CONFIRM
realnetworks -- realplayerArray index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue.2010-10-189.3CVE-2010-2998
MISC
BID
CONFIRM
realnetworks -- realplayerAn ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.2010-10-189.3CVE-2010-3747
MISC
BID
CONFIRM
realnetworks -- realplayerStack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors.2010-10-1810.0CVE-2010-3748
BID
CONFIRM
realnetworks -- realplayerThe browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 does not properly handle an unspecified character within arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted method call, related to a "parameter injection" issue.2010-10-189.3CVE-2010-3749
MISC
BID
CONFIRM
realnetworks -- realplayerrjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file.2010-10-189.3CVE-2010-3750
MISC
BID
CONFIRM
realnetworks -- realplayerMultiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler.2010-10-189.3CVE-2010-3751
MISC
BID
CONFIRM
sap -- businessobjectsCmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.2010-10-189.0CVE-2010-3983
MISC
sun -- jdkUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-199.3CVE-2010-3550
CONFIRM
sun -- jdkUnspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3552
CONFIRM
sun -- jdkUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3553
CONFIRM
sun -- jdkUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3554
CONFIRM
sun -- jdkUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-199.3CVE-2010-3555
CONFIRM
sun -- jdkUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3556
CONFIRM
sun -- jdkUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3558
CONFIRM
sun -- jdkUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3559
CONFIRM
sun -- jdkUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-197.5CVE-2010-3561
CONFIRM
sun -- jdkUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3562
CONFIRM
sun -- jdkUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3563
CONFIRM
sun -- jdkUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3565
CONFIRM
sun -- jdkUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3566
CONFIRM
sun -- jdkUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3567
CONFIRM
sun -- jdkUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3568
CONFIRM
sun -- jdkUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3569
CONFIRM
sun -- jdkUnspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-197.6CVE-2010-3570
CONFIRM
sun -- jdkUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3571
CONFIRM
sun -- jdkUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-1910.0CVE-2010-3572
CONFIRM

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
alex_launi -- tangerineThe (1) tangerine and (2) tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3381
CONFIRM
apache -- qpidThe Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.2010-10-185.0CVE-2009-5005
REDHAT
REDHAT
CONFIRM
CONFIRM
VUPEN
SECUNIA
SECUNIA
apache -- qpidThe SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.2010-10-184.0CVE-2009-5006
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
VUPEN
SECUNIA
SECUNIA
apache -- myfacesshared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.2010-10-205.0CVE-2010-2057
CONFIRM
CONFIRM
CONFIRM
ardour -- ardourArdour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3349
CONFIRM
VUPEN
BID
SECUNIA
FEDORA
FEDORA
FEDORA
CONFIRM
bareftp -- bareftpbareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3350
CONFIRM
bernhard_wymann -- torcsThe (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3384
CONFIRM
debian -- mono-debuggerThe (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3369
CONFIRM
dropbox -- dropboxdropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3354
CONFIRM
ecmwf -- magics++magics-config in Magics++ 2.10.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3393
CONFIRM
erik_hjortsberg -- emberEmber 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3355
CONFIRM
g.rodola -- pyftpdlibMultiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.2010-10-196.5CVE-2007-6736
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibpyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.2010-10-195.0CVE-2007-6738
CONFIRM
g.rodola -- pyftpdlibFTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.2010-10-195.0CVE-2007-6739
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibThe ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.2010-10-194.0CVE-2007-6740
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibThe ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.2010-10-196.5CVE-2007-6741
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibMultiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.2010-10-196.5CVE-2008-7262
CONFIRM
CONFIRM
g.rodola -- pyftpdlibThe ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.2010-10-194.0CVE-2008-7264
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibRace condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.2010-10-194.3CVE-2009-5010
MISC
MISC
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibRace condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.2010-10-194.3CVE-2009-5011
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.2010-10-194.0CVE-2009-5012
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibMemory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.2010-10-194.0CVE-2009-5013
CONFIRM
CONFIRM
CONFIRM
CONFIRM
g.rodola -- pyftpdlibRace condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.2010-10-194.3CVE-2010-3494
MISC
MISC
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.2010-10-215.0CVE-2010-4033
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.2010-10-216.8CVE-2010-4036
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
google -- chromeUnspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.2010-10-214.3CVE-2010-4037
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
google -- chromeThe Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.2010-10-214.3CVE-2010-4038
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
google -- chromeThe sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.2010-10-216.8CVE-2010-4041
VUPEN
BID
SECUNIA
CONFIRM
CONFIRM
henner_zeller -- henplusHenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3358
CONFIRM
herac -- tuxguitarTuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3385
CONFIRM
hp -- systems_insight_managerUnspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.2010-10-185.0CVE-2010-3286
HP
HP
hp -- assetcenterCross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-10-214.3CVE-2010-3291
VUPEN
BID
HP
HP
SECUNIA
ibm -- websphere_mqIBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.2010-10-204.3CVE-2010-0782
XF
CONFIRM
AIXAPAR
last -- last.fmlastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3362
CONFIRM
lhaplus -- lhaplusUntrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory.2010-10-186.9CVE-2010-2368
CONFIRM
MISC
SECUNIA
JVNDB
JVN
lhaplus -- lhaplusUntrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory.2010-10-196.9CVE-2010-3158
CONFIRM
SECUNIA
JVNDB
JVN
linux-ha -- ocf_resource_agentsThe (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3389
CONFIRM
CONFIRM
lttng -- ustusttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3386
CONFIRM
mistelix -- mistelixMistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3365
CONFIRM
more-cowbell -- cowbellCowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3353
CONFIRM
mozilla -- firefoxMozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.2010-10-214.3CVE-2010-3170
CONFIRM
CONFIRM
mozilla -- firefoxMultiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.2010-10-214.3CVE-2010-3177
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.2010-10-215.8CVE-2010-3178
CONFIRM
CONFIRM
mozilla -- firefoxUntrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.2010-10-216.9CVE-2010-3181
CONFIRM
CONFIRM
mozilla -- firefoxA certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-216.9CVE-2010-3182
CONFIRM
CONFIRM
nick_copeland -- bristolstartBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3351
CONFIRM
opera -- opera_browserOpera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.2010-10-214.3CVE-2010-4043
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECTRACK
SECUNIA
opera -- opera_browserOpera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.2010-10-214.3CVE-2010-4044
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECTRACK
SECUNIA
opera -- opera_browserOpera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.2010-10-214.3CVE-2010-4046
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECTRACK
SECUNIA
opera -- opera_browserOpera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.2010-10-214.3CVE-2010-4047
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECTRACK
SECUNIA
opera -- opera_browserOpera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.2010-10-214.3CVE-2010-4048
CONFIRM
CONFIRM
CONFIRM
opera -- opera_browserOpera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.2010-10-214.3CVE-2010-4049
CONFIRM
CONFIRM
CONFIRM
opera -- opera_browserOpera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.2010-10-214.3CVE-2010-4050
CONFIRM
CONFIRM
CONFIRM
oracle -- mojarraOracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.2010-10-205.0CVE-2010-4007
MISC
MISC
pedro_castro -- gnome-subtitlesgnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3357
CONFIRM
CONFIRM
pedro_villavicencio_garrido -- hipoHipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3360
CONFIRM
python -- pythonThe asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.2010-10-195.0CVE-2010-3492
CONFIRM
MLIST
MLIST
MLIST
MLIST
python -- pythonMultiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.2010-10-194.3CVE-2010-3493
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
MLIST
MLIST
MLIST
MLIST
CONFIRM
roaraudio -- roaraudioroarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3363
CONFIRM
root -- rootThe (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3376
CONFIRM
CONFIRM
salome-platform -- salomeThe (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3377
CONFIRM
sap -- businessobjectsDswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.2010-10-185.0CVE-2010-3979
MISC
sap -- businessobjectsDswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.2010-10-184.0CVE-2010-3980
MISC
sap -- businessobjectsCross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.2010-10-184.3CVE-2010-3981
MISC
sap -- businessobjectsSAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.2010-10-185.0CVE-2010-3982
MISC
scilab -- scilabThe (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3378
CONFIRM
CONFIRM
shrew -- vpn_clientThe (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3361
CONFIRM
CONFIRM
sun -- jdkUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-195.1CVE-2010-3541
CONFIRM
sun -- jdkUnspecified vulnerability in the JNDI component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.2010-10-195.0CVE-2010-3548
CONFIRM
sun -- jdkUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-196.8CVE-2010-3549
CONFIRM
sun -- jdkUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.2010-10-195.0CVE-2010-3551
CONFIRM
sun -- jdkUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-196.8CVE-2010-3557
CONFIRM
sun -- jdkUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-195.1CVE-2010-3573
CONFIRM
sun -- jdkUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-10-195.1CVE-2010-3574
CONFIRM
susie_ro -- lhasaUntrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.2010-10-186.9CVE-2010-2369
MISC
JVNDB
JVN
teamspeak -- teamspeakThe (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3383
CONFIRM
CONFIRM
texmacs -- texmacsThe (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3394
CONFIRM
tvdr -- vdr** DISPUTED ** vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a semicolon in a context where a colon was intended.2010-10-206.9CVE-2010-3387
MISC
twiki -- twikiMultiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.2010-10-184.3CVE-2010-3841
CONFIRM
XF
BID
SECUNIA
uoregon -- tautauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3382
CONFIRM
vips -- vipsThe vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3364
CONFIRM
zeus.physik.uni-bonn -- mn_fitMn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-206.9CVE-2010-3366
CONFIRM
zope -- zodbRace condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.2010-10-194.3CVE-2010-3495
MISC
CONFIRM
MLIST
MLIST
MLIST
MLIST
SECUNIA
CONFIRM

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
sun -- jdkUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality via unknown vectors.2010-10-192.6CVE-2010-3560
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.