Vulnerability Summary for the Week of October 3, 2011
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- photoshop_elements | Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296. | 2011-10-04 | 9.3 | CVE-2011-2443 |
andreas_kiefer -- ke_yac | SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-10-07 | 7.5 | CVE-2010-4891 |
aspindir -- xweblog | SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. | 2011-10-05 | 7.5 | CVE-2010-4855 |
aspindir -- xweblog | SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. | 2011-10-05 | 7.5 | CVE-2010-4856 |
bloofox -- bloofoxcms | SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter. | 2011-10-07 | 7.5 | CVE-2010-4870 |
checkpoint -- connectra_ngx | Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet. | 2011-10-04 | 9.3 | CVE-2011-1827 |
chillcreations -- com_ccinvoices | SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. | 2011-10-05 | 7.5 | CVE-2010-4853 |
chipmunk-scripts -- chipmunk_board | SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter. | 2011-10-05 | 7.5 | CVE-2010-4866 |
cisco -- ios | Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022. | 2011-10-03 | 7.8 | CVE-2011-0939 |
cisco -- ios | Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194. | 2011-10-03 | 7.8 | CVE-2011-0944 |
cisco -- ios | Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364. | 2011-10-03 | 7.8 | CVE-2011-0945 |
cisco -- ios | The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712. | 2011-10-03 | 7.8 | CVE-2011-0946 |
cisco -- unified_communications_manager | Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. | 2011-10-03 | 7.8 | CVE-2011-2072 |
cisco -- 10008_router | Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453. | 2011-10-03 | 7.8 | CVE-2011-3270 |
cisco -- ios | Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. | 2011-10-03 | 10.0 | CVE-2011-3271 |
cisco -- ios | The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073. | 2011-10-03 | 7.8 | CVE-2011-3272 |
cisco -- ios | Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka Bug ID CSCti79848. | 2011-10-03 | 7.8 | CVE-2011-3273 |
cisco -- ios | Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504. | 2011-10-03 | 7.8 | CVE-2011-3275 |
cisco -- ios | Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port 5060, aka Bug ID CSCso02147. | 2011-10-03 | 7.8 | CVE-2011-3276 |
cisco -- ios | Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka Bug ID CSCth11006. | 2011-10-03 | 7.8 | CVE-2011-3277 |
cisco -- ios | Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCti48483. | 2011-10-03 | 7.8 | CVE-2011-3278 |
cisco -- ios | The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219. | 2011-10-03 | 7.8 | CVE-2011-3279 |
cisco -- ios | Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672. | 2011-10-03 | 7.8 | CVE-2011-3280 |
cisco -- ios | Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554. | 2011-10-03 | 7.8 | CVE-2011-3281 |
cisco -- ios | Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCtj30155. | 2011-10-03 | 7.8 | CVE-2011-3282 |
cisco -- jabber_extensible_communications_platform | Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564. | 2011-10-06 | 7.8 | CVE-2011-3287 |
cisco -- unified_presence | Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564. | 2011-10-06 | 7.8 | CVE-2011-3288 |
cisco -- firewall_services_module_software | Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875. | 2011-10-06 | 7.8 | CVE-2011-3296 |
cisco -- firewall_services_module_software | Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | 2011-10-06 | 7.8 | CVE-2011-3297 |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274. | 2011-10-06 | 7.9 | CVE-2011-3298 |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972. | 2011-10-06 | 7.8 | CVE-2011-3299 |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06065 and CSCtq09978. | 2011-10-06 | 7.8 | CVE-2011-3300 |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06062 and CSCtq09986. | 2011-10-06 | 7.8 | CVE-2011-3301 |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92398 and CSCtq09989. | 2011-10-06 | 7.8 | CVE-2011-3302 |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802. | 2011-10-06 | 7.8 | CVE-2011-3303 |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2), and 8.5 before 8.5(1.1) allow remote attackers to cause a denial of service (device reload) via crafted MSN Instant Messenger traffic, aka Bug ID CSCtl67486. | 2011-10-06 | 7.8 | CVE-2011-3304 |
cisco -- nac_manager | Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. | 2011-10-06 | 7.8 | CVE-2011-3305 |
curtiss_grymala -- cag_cms | SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | 2011-10-05 | 7.5 | CVE-2010-4857 |
danieljamesscott -- com_clubmanager | SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php. | 2011-10-05 | 7.5 | CVE-2010-4864 |
digitaljunkies -- dompdf | PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter. | 2011-10-07 | 7.5 | CVE-2010-4879 |
drbenhur -- dbhcms | SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | 2011-10-05 | 7.5 | CVE-2010-4869 |
exim -- exim | Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. | 2011-10-04 | 7.5 | CVE-2011-1764 |
galaxyscriptz -- myphpauction | SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2011-10-05 | 7.5 | CVE-2010-4860 |
google -- chrome | Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 2011-10-04 | 7.5 | CVE-2011-2878 |
google -- chrome | Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2011-10-04 | 9.3 | CVE-2011-3873 |
got_milk? -- mblogger | SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter. | 2011-10-07 | 7.5 | CVE-2010-4876 |
harmistechnology -- com_jedirectory | SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | 2011-10-05 | 7.5 | CVE-2010-4862 |
harmistechnology -- com_jeguestbook | SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. | 2011-10-05 | 7.5 | CVE-2010-4865 |
hinnendahl -- kontakt_formular | PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | 2011-10-07 | 7.5 | CVE-2010-4878 |
hinnendahl -- gaestebuch | PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | 2011-10-07 | 7.5 | CVE-2010-4884 |
hp -- nonstop_server_software | Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors. | 2011-10-02 | 9.0 | CVE-2011-2411 |
iceni -- argus | Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression. | 2011-10-06 | 10.0 | CVE-2011-3332 |
likno -- allwebmenus_plugin | PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | 2011-10-04 | 7.5 | CVE-2011-3981 |
linux -- kernel | net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. | 2011-10-04 | 7.8 | CVE-2011-1076 |
marco_hezel -- hm_tinymarket | SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-10-07 | 7.5 | CVE-2010-4888 |
marco_hezel -- hm_tinymarket | Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | 2011-10-07 | 10.0 | CVE-2010-4889 |
netshinesoftware -- com_netinvoice | SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." | 2011-10-04 | 7.5 | CVE-2008-7302 |
nomachine -- nx_node | Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x before 3.5.0-4 and NX Server 3.x before 3.5.0-5 allows local users to read arbitrary files via unknown vectors. | 2011-10-04 | 7.2 | CVE-2011-3977 |
pilotcart -- pilot_cart | SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter. | 2011-10-07 | 7.5 | CVE-2010-4872 |
raphael_zschorsch -- commentsbe | SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-10-07 | 7.5 | CVE-2010-4887 |
sclek -- jsite | SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2011-10-04 | 7.5 | CVE-2008-7301 |
smartftp -- smartftp | Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename. | 2011-10-07 | 10.0 | CVE-2010-4871 |
sun -- opensolaris | The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone. | 2011-10-04 | 8.5 | CVE-2008-7300 |
symantec -- im_manager | SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-10-01 | 7.5 | CVE-2011-0553 |
symantec -- im_manager | The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." | 2011-10-01 | 7.5 | CVE-2011-0554 |
w-agora -- w-agora | Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter. | 2011-10-05 | 7.5 | CVE-2010-4867 |
webasyst -- shop-script | SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action. | 2011-10-05 | 7.5 | CVE-2010-4859 |
webspell -- webspell | SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | 2011-10-05 | 7.5 | CVE-2010-4861 |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alex_kellner -- powermail | Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-10-07 | 4.3 | CVE-2010-4892 |
ammsoft -- scriptftp | Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script. | 2011-10-04 | 6.8 | CVE-2011-3976 |
andreas_kiefer -- ke_yac | Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-10-07 | 4.3 | CVE-2010-4890 |
apache -- http_server | The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. | 2011-10-05 | 5.0 | CVE-2011-3368 |
apphp -- apphp_calendar | Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter. | 2011-10-07 | 4.3 | CVE-2010-4880 |
apphp -- apphp_calendar | Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter. | 2011-10-07 | 6.8 | CVE-2010-4881 |
basercms -- basercms | Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-10-01 | 4.3 | CVE-2011-2673 |
basercms -- basercms | BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | 2011-10-01 | 4.9 | CVE-2011-2674 |
cagintranetworks -- getsimple_cms | Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter. | 2011-10-05 | 4.3 | CVE-2010-4863 |
cherokee-project -- cherokee | Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. | 2011-10-06 | 6.8 | CVE-2011-2191 |
cisco -- ios | Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919. | 2011-10-03 | 6.1 | CVE-2011-3274 |
cyber-ark -- password_vault_web_access | Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-10-04 | 4.3 | CVE-2011-0459 |
ffmpeg -- ffmpeg | Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file. | 2011-10-02 | 6.8 | CVE-2011-3362 |
ffmpeg -- ffmpeg | cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. | 2011-10-02 | 5.0 | CVE-2011-3973 |
ffmpeg -- ffmpeg | Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362. | 2011-10-02 | 5.0 | CVE-2011-3974 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box. | 2011-10-04 | 6.8 | CVE-2011-2876 |
google -- chrome | Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." | 2011-10-04 | 6.8 | CVE-2011-2877 |
google -- chrome | Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2011-10-04 | 6.8 | CVE-2011-2879 |
google -- chrome | Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings. | 2011-10-04 | 6.8 | CVE-2011-2880 |
google -- chrome | Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | 2011-10-04 | 6.8 | CVE-2011-2881 |
icewarp -- mail_server | server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. | 2011-09-30 | 6.4 | CVE-2011-3579 |
icewarp -- mail_server | IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | 2011-09-30 | 5.0 | CVE-2011-3580 |
insanevisions -- onecms2.6.1 | Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | 2011-10-07 | 4.3 | CVE-2010-4877 |
jerome_schneider -- ameos_dragndropupload | Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. | 2011-10-04 | 6.0 | CVE-2011-3980 |
joerg_risse -- dnet_live-stats | Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter. | 2011-10-05 | 5.0 | CVE-2010-4858 |
juan_toledo -- etherape | The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c. | 2011-09-30 | 5.0 | CVE-2011-3369 |
ninkobb -- ninkobb | Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter. | 2011-10-07 | 4.3 | CVE-2010-4874 |
peter_proell -- xing | Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-10-07 | 4.3 | CVE-2010-4885 |
peter_proell -- tweetbutton | Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-10-07 | 4.3 | CVE-2010-4886 |
punbb -- punbb | Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. | 2011-10-02 | 4.3 | CVE-2011-3371 |
quassel-irc -- quassel | The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011. | 2011-10-04 | 5.0 | CVE-2011-3354 |
realnetworks -- realplayer | Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. | 2011-10-04 | 4.3 | CVE-2011-1221 |
sitaram_chamarty -- gitolite | Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands. | 2011-10-04 | 6.8 | CVE-2011-1572 |
symantec -- im_manager | Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp. | 2011-10-01 | 4.3 | CVE-2011-0552 |
ventics -- auto_cms | Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1.6 allows remote attackers to inject arbitrary web script or HTML via the sitetitle parameter. | 2011-10-07 | 4.3 | CVE-2010-4882 |
vmware -- springsource_spring_framework | Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class. | 2011-10-04 | 6.8 | CVE-2011-2894 |
w-agora -- w-agora | Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. | 2011-10-05 | 4.3 | CVE-2010-4868 |
webidsupport -- webid | Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 2011-10-07 | 4.3 | CVE-2010-4873 |
xondie -- vodpod_video_gallery | Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter. | 2011-10-07 | 4.3 | CVE-2010-4875 |
zikula -- zikula_application_framework | Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php. | 2011-10-04 | 4.3 | CVE-2011-3979 |
zuitu -- zuitu | SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action. | 2011-10-05 | 6.8 | CVE-2010-4854 |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- jserv | The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. | 2011-10-04 | 2.1 | CVE-2000-1247 |
cherokee-project -- cherokee | The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. | 2011-10-06 | 2.1 | CVE-2011-2190 |
htc -- evo_3d | A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. | 2011-10-03 | 2.6 | CVE-2011-3975 |
ibm -- aix | The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs. | 2011-10-04 | 2.1 | CVE-2011-3982 |
lightneasy -- lightneasy | Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page. | 2011-10-04 | 3.5 | CVE-2011-3978 |
modx -- revolution | Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. | 2011-10-07 | 2.6 | CVE-2010-4883 |
tedfelix -- acpid | acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls. | 2011-10-04 | 2.1 | CVE-2011-1159 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.