Vulnerability Summary for the Week of November 15, 2010

Released
Nov 22, 2010
Document ID
SB10-326

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
LANdesk gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack.2010-11-158.5CVE-2010-2892
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
MISC
SECTRACK
SECUNIA
CONFIRM
accimoveis -- descargarvista_acc_imoveisSQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.2010-11-167.5CVE-2010-4273
XF
BID
EXPLOIT-DB
MISC
apple -- mac_os_xOpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.2010-11-157.5CVE-2010-1378
CONFIRM
APPLE
apple -- mac_os_xStack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.2010-11-157.5CVE-2010-1840
CONFIRM
APPLE
apple -- mac_os_xDisk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.2010-11-159.3CVE-2010-1841
CONFIRM
APPLE
apple -- mac_os_xBuffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.2010-11-159.3CVE-2010-1842
CONFIRM
APPLE
apple -- mac_os_xNetworking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.2010-11-167.8CVE-2010-1843
CONFIRM
APPLE
apple -- mac_os_xUnspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.2010-11-167.1CVE-2010-1844
CONFIRM
APPLE
camtron -- cmnc-200_firmwareStack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.2010-11-169.3CVE-2010-4230
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmwareDirectory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.2010-11-167.8CVE-2010-4231
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmwareThe web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.2010-11-1610.0CVE-2010-4232
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmwareThe Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.2010-11-1610.0CVE-2010-4233
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmwareThe web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval.2010-11-167.8CVE-2010-4234
MISC
BUGTRAQ
EXPLOIT-DB
hp -- 9000The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.2010-11-177.8CVE-2010-4107
XF
VUPEN
HP
HP
SECTRACK
SECUNIA
ibm -- omnifindStack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password.2010-11-129.3CVE-2010-3894
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
ibm -- omnifindesRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.2010-11-127.2CVE-2010-3895
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
MISC
ibm -- omnifindThe ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.2010-11-127.5CVE-2010-3896
VUPEN
BID
BUGTRAQ
MISC
impresscms -- impresscmsSQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-11-167.5CVE-2010-4271
BID
CONFIRM
SECUNIA
OSVDB
o-dyn -- collabtiveSQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.2010-11-167.5CVE-2010-4269
XF
EXPLOIT-DB
MISC
openssl -- opensslMultiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.2010-11-177.6CVE-2010-3864
CONFIRM
SECTRACK
CONFIRM
REDHAT
SECUNIA
pulseinfotech -- com_flipwallSQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.2010-11-167.5CVE-2010-4268
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
pulseinfotech -- com_sponsorwallSQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.2010-11-167.5CVE-2010-4272
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apple -- mac_os_xTime Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.2010-11-154.3CVE-2010-1803
CONFIRM
APPLE
apple -- mac_os_xAFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.2010-11-155.0CVE-2010-1828
CONFIRM
APPLE
apple -- mac_os_xDirectory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.2010-11-156.0CVE-2010-1829
CONFIRM
APPLE
apple -- mac_os_xAFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.2010-11-155.0CVE-2010-1830
CONFIRM
APPLE
apple -- mac_os_xBuffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.2010-11-156.8CVE-2010-1831
CONFIRM
APPLE
apple -- mac_os_xStack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.2010-11-156.8CVE-2010-1832
CONFIRM
APPLE
apple -- mac_os_xApple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.2010-11-156.8CVE-2010-1833
CONFIRM
APPLE
apple -- mac_os_xCFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.2010-11-155.8CVE-2010-1834
CONFIRM
APPLE
apple -- mac_os_xStack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.2010-11-156.8CVE-2010-1836
CONFIRM
APPLE
apple -- mac_os_xCoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.2010-11-156.8CVE-2010-1837
CONFIRM
APPLE
apple -- mac_os_xDirectory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.2010-11-154.4CVE-2010-1838
CONFIRM
APPLE
apple -- mac_os_xImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.2010-11-166.8CVE-2010-1845
CONFIRM
APPLE
apple -- mac_os_xHeap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.2010-11-166.8CVE-2010-1846
CONFIRM
APPLE
apple -- mac_os_xThe kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.2010-11-164.9CVE-2010-1847
CONFIRM
APPLE
apple -- mac_os_x_serverPassword Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.2010-11-166.8CVE-2010-3783
CONFIRM
APPLE
apple -- mac_os_xThe PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.2010-11-165.0CVE-2010-3784
CONFIRM
APPLE
apple -- mac_os_xBuffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.2010-11-166.8CVE-2010-3785
CONFIRM
APPLE
apple -- mac_os_xQuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.2010-11-166.8CVE-2010-3786
CONFIRM
APPLE
apple -- mac_os_xHeap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.2010-11-166.8CVE-2010-3787
CONFIRM
APPLE
apple -- quicktimeQuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.2010-11-166.8CVE-2010-3788
CONFIRM
APPLE
apple -- quicktimeQuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.2010-11-166.8CVE-2010-3789
CONFIRM
APPLE
apple -- quicktimeQuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.2010-11-166.8CVE-2010-3790
CONFIRM
APPLE
apple -- quicktimeBuffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.2010-11-166.8CVE-2010-3791
CONFIRM
APPLE
apple -- quicktimeInteger signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.2010-11-166.8CVE-2010-3792
CONFIRM
APPLE
apple -- quicktimeQuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.2010-11-166.8CVE-2010-3793
CONFIRM
APPLE
apple -- mac_os_xQuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.2010-11-166.8CVE-2010-3794
CONFIRM
APPLE
apple -- mac_os_xQuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.2010-11-166.8CVE-2010-3795
CONFIRM
APPLE
apple -- mac_os_xSafari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.2010-11-164.3CVE-2010-3796
CONFIRM
APPLE
apple -- mac_os_xHeap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.2010-11-166.8CVE-2010-3798
CONFIRM
APPLE
apple -- mac_os_xInteger signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.2010-11-166.8CVE-2010-4010
CONFIRM
XF
APPLE
apple -- safarilibxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.2010-11-164.3CVE-2010-4008
SECUNIA
SECUNIA
MLIST
CONFIRM
CONFIRM
MISC
apple -- mac_os_x_serverDovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."2010-11-164.0CVE-2010-4011
CONFIRM
APPLE
foswiki -- foswikiUI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.2010-11-166.5CVE-2010-4215
CONFIRM
XF
BID
MLIST
SECUNIA
ibm -- websphere_mqIBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.2010-11-124.3CVE-2010-2637
XF
CONFIRM
CONFIRM
ibm -- omnifindCross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do.2010-11-124.3CVE-2010-3890
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifindCross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.2010-11-126.8CVE-2010-3891
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
ibm -- omnifindSession fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value.2010-11-124.3CVE-2010-3892
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifindThe administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.2010-11-126.8CVE-2010-3893
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifindESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.2010-11-125.0CVE-2010-3897
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifindIBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.2010-11-125.0CVE-2010-3898
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifindIBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.2010-11-125.0CVE-2010-3899
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
ibm -- omnifindUntrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.2010-11-124.6CVE-2010-4236
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
MISC
ibm -- websphere_mqUnspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.2010-11-154.0CVE-2010-2638
XF
ibm -- director_agentreset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership.2010-11-164.4CVE-2010-4274
XF
VUPEN
BID
AIXAPAR
SECTRACK
SECUNIA
mozilla -- firefoxMozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.2010-11-124.3CVE-2009-5017
CONFIRM
CONFIRM
MISC
CONFIRM
netshinesoftware -- com_netinvoiceDirectory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.2010-11-165.0CVE-2010-4270
CONFIRM
BID
CONFIRM
SECUNIA
OSVDB
novell -- monoUntrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-11-176.9CVE-2010-4159
CONFIRM
MLIST
CONFIRM
BID
CONFIRM
SECUNIA
MLIST
MLIST
MLIST
openttd -- openttdMultiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.2010-11-175.0CVE-2010-4168
CONFIRM
CONFIRM
VUPEN
CONFIRM
MLIST
MLIST
php -- phpThe utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.2010-11-126.8CVE-2010-3870
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MANDRIVA
MISC
MISC
MISC
MISC
CONFIRM
MISC
php -- phpInteger overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.2010-11-126.8CVE-2009-5016
MISC
MISC
CONFIRM
redhat -- certificate_systemRed Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.2010-11-175.8CVE-2010-3868
CONFIRM
REDHAT
REDHAT
CONFIRM
OSVDB
SECTRACK
SECUNIA
redhat -- certificate_systemRed Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.2010-11-174.0CVE-2010-3869
CONFIRM
REDHAT
REDHAT
CONFIRM
OSVDB
SECTRACK
SECUNIA
spreecommerce -- spreeSpree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue.2010-11-175.0CVE-2010-3978
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISC
MISC
MISC
CONFIRM
symantec -- mobile_securityThe Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.2010-11-156.0CVE-2010-0113
CONFIRM
BID

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apple -- mac_os_x_serverCross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2010-11-163.5CVE-2010-3797
CONFIRM
APPLE

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.