Vulnerability Summary for the Week of March 8, 2010

Released
Mar 15, 2010
Document ID
SB10-074

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
chumby -- chumby_classicThe web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.2010-03-1010.0CVE-2010-0418
CONFIRM
MISC
cowon_america -- jetaudioStack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.2010-03-059.3CVE-2009-4668
BUGTRAQ
MILW0RM
SECUNIA
MISC
dev4u -- dev4u_cmsSQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.2010-03-107.5CVE-2010-0951
XF
BID
MISC
MISC
energizer -- duo_usbUsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.2010-03-109.3CVE-2010-0103
CERT-VN
MISC
BID
MISC
grafxsoftware -- minicwbMultiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/.2010-03-107.5CVE-2009-4693
XF
VUPEN
BID
MILW0RM
grupenet -- wp-lyteboxDirectory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter.2010-03-057.5CVE-2009-4672
BID
MILW0RM
SECUNIA
hotbrackets -- com_hotbracketsSQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.2010-03-087.5CVE-2010-0945
XF
VUPEN
BID
MISC
MISC
hp -- openview_performance_insightThe helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.2010-03-1010.0CVE-2010-0447
XF
MISC
VUPEN
BID
SECUNIA
HP
HP
hypersilence -- silentum_guestbookSQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter.2010-03-107.5CVE-2009-4687
XF
MILW0RM
ibm -- viosBuffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.2010-03-107.2CVE-2010-0960
VUPEN
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECTRACK
ibm -- viosBuffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.2010-03-107.2CVE-2010-0961
VUPEN
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECTRACK
inertialfate -- com_if_nexusDirectory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.2010-03-087.5CVE-2009-4679
BID
OSVDB
MISC
SECUNIA
kiss-software -- com_ksadvertiserSQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.2010-03-087.5CVE-2010-0946
XF
BID
MISC
media-products -- bild_flirt_communitySQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.2010-03-107.5CVE-2010-0955
XF
BID
MISC
SECUNIA
MISC
OSVDB
MISC
microsoft -- excelMicrosoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."2010-03-109.3CVE-2010-0257
MS
microsoft -- excelMicrosoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."2010-03-109.3CVE-2010-0258
MS
microsoft -- excelHeap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."2010-03-109.3CVE-2010-0260
MS
microsoft -- excelHeap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."2010-03-109.3CVE-2010-0261
MS
microsoft -- excelMicrosoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."2010-03-109.3CVE-2010-0262
MS
microsoft -- excelMicrosoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."2010-03-109.3CVE-2010-0263
MS
MISC
microsoft -- excelMicrosoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."2010-03-109.3CVE-2010-0264
MS
microsoft -- producerBuffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."2010-03-109.3CVE-2010-0265
MS
microsoft -- ieUse-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010.2010-03-109.3CVE-2010-0806
CERT-VN
VUPEN
BID
CONFIRM
SECUNIA
CONFIRM
natychmiast-cms -- natychmiast-cmsMultiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.2010-03-107.5CVE-2010-0950
XF
BID
BUGTRAQ
MISC
opencart -- opencartSQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.2010-03-107.5CVE-2010-0956
BID
MISC
phpdirectorysource -- phpdirectorysourceSQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.2010-03-107.5CVE-2009-4680
BID
MILW0RM
SECUNIA
MISC
preprojects -- pre_e-learning_portalSQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.2010-03-107.5CVE-2010-0954
XF
BID
MISC
SECUNIA
OSVDB
MISC
radscripts -- radlanceSQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.2010-03-107.5CVE-2009-4695
XF
BID
OSVDB
MILW0RM
SECUNIA
radscripts -- radnicsSQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.2010-03-107.5CVE-2009-4696
XF
BID
OSVDB
MILW0RM
SECUNIA
resalecode -- php_shopping_cart_selling_website_scriptSQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.2010-03-107.5CVE-2009-4689
VUPEN
SECUNIA
MISC
resalecode -- classified_linktrader_scriptSQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.2010-03-107.5CVE-2009-4691
VUPEN
SECUNIA
MISC
samba -- sambasmbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.2010-03-108.5CVE-2010-0728
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
scriptsez -- good/bad_voteDirectory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information.2010-03-107.5CVE-2009-4683
OSVDB
MILW0RM
SECUNIA

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apple -- airport_expressThe FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.2010-03-105.0CVE-2010-0962
XF
BID
BUGTRAQ
BUGTRAQ
FULLDISC
bbsmax -- bbsmaxCross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.2010-03-104.3CVE-2010-0947
BID
BUGTRAQ
MISC
bfs.kilu -- bigforumSQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.2010-03-106.8CVE-2010-0948
XF
BID
MISC
SECUNIA
MISC
OSVDB
edgephp -- ezodiakCross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter.2010-03-104.3CVE-2009-4684
XF
SECUNIA
MISC
OSVDB
ibm -- enovia_smarteamCross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.2010-03-104.3CVE-2010-0959
BID
BUGTRAQ
insanevisions -- onecmsSQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.2010-03-106.8CVE-2010-0952
XF
BID
MISC
SECUNIA
MISC
joomlart -- com_jashowcaseDirectory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.2010-03-085.0CVE-2010-0943
XF
BID
MISC
SECUNIA
MISC
jvideodirect -- com_jvideodirectDirectory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-03-085.0CVE-2010-0942
XF
BID
MISC
MISC
natychmiast-cms -- natychmiast-cmsMultiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.2010-03-104.3CVE-2010-0949
XF
BID
BUGTRAQ
MISC
phpcoin -- phpcoinDirectory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.2010-03-106.8CVE-2010-0953
XF
BID
MISC
phpdirectorysource -- phpdirectorysourceCross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.2010-03-104.3CVE-2009-4681
BID
MILW0RM
SECUNIA
MISC
phplemon -- adquickCross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter.2010-03-104.3CVE-2009-4686
XF
SECUNIA
MISC
OSVDB
phpscriptsnow -- astrologyCross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.2010-03-104.3CVE-2009-4685
XF
SECUNIA
MISC
OSVDB
radscripts -- radlanceCross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.2010-03-104.3CVE-2009-4692
XF
BID
OSVDB
MILW0RM
SECUNIA
radscripts -- radlanceCross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-03-104.3CVE-2009-4694
XF
SECUNIA
OSVDB
radscripts -- radnicsMultiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.2010-03-104.3CVE-2009-4697
XF
BID
OSVDB
MILW0RM
SECUNIA
resalecode -- php_shopping_cart_selling_website_scriptMultiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.2010-03-104.3CVE-2009-4688
VUPEN
SECUNIA
MISC
sanusart -- simple_php_guestbookCross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.2010-03-084.3CVE-2010-0940
XF
MISC
SECUNIA
MISC
OSVDB
saskia_bruckner -- saskias_shopsystemDirectory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter.2010-03-106.8CVE-2010-0957
XF
BID
MISC
MISC
scriptsez -- good/bad_voteCross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.2010-03-104.3CVE-2009-4682
OSVDB
MILW0RM
SECUNIA
thomas_perez -- tribisurDirectory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.2010-03-106.8CVE-2010-0958
BID
MISC
SECUNIA
MISC
thorsten_riess -- com_jcollectionDirectory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.2010-03-085.0CVE-2010-0944
XF
BID
MISC
MISC
web-site-development -- etek_systems_hit_counterMultiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.2010-03-084.3CVE-2010-0941
XF
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
yourfreeworld -- programs_rating_scriptMultiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.2010-03-104.3CVE-2009-4690
XF
VUPEN
BID
SECUNIA
MISC
OSVDB
OSVDB

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
ncpfs -- ncpfssutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.2010-03-102.1CVE-2010-0790
FULLDISC
BID
BUGTRAQ
BUGTRAQ
ncpfs -- ncpfsThe (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.2010-03-102.1CVE-2010-0791
FULLDISC
BID
BUGTRAQ
BUGTRAQ
samba -- sambaThe default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.2010-03-103.5CVE-2010-0926
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
FULLDISC
CONFIRM
MISC
FULLDISC
FULLDISC
FULLDISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.