Vulnerability Summary for the Week of May 17, 2010
Released
May 24, 2010
Document ID
SB10-144
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| artifex -- gpl_ghostscript | Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. | 2010-05-19 | 7.5 | CVE-2010-1628 MISC VUPEN BID BUGTRAQ MLIST MLIST SECUNIA FULLDISC MISC |
| bsplayer -- bs.player | Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068. | 2010-05-20 | 9.3 | CVE-2010-2004 XF VUPEN BID MISC MISC MISC SECUNIA |
| cisco -- pgw_2200_softswitch | The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126. | 2010-05-14 | 7.8 | CVE-2010-0601 CISCO BID OSVDB |
| cisco -- pgw_2200_softswitch | The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606. | 2010-05-14 | 7.8 | CVE-2010-0602 CISCO BID OSVDB |
| cisco -- pgw_2200_softswitch | The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030. | 2010-05-14 | 7.8 | CVE-2010-0603 CISCO BID |
| cisco -- pgw_2200_softswitch | Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165. | 2010-05-14 | 7.8 | CVE-2010-0604 CISCO BID OSVDB |
| cisco -- pgw_2200_softswitch | The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115. | 2010-05-14 | 7.8 | CVE-2010-1561 CISCO BID OSVDB |
| cisco -- pgw_2200_softswitch | The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521. | 2010-05-14 | 7.8 | CVE-2010-1562 CISCO OSVDB |
| cisco -- pgw_2200_softswitch | The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588. | 2010-05-14 | 7.8 | CVE-2010-1563 CISCO BID OSVDB |
| cisco -- pgw_2200_softswitch | Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561. | 2010-05-14 | 7.8 | CVE-2010-1565 CISCO BID OSVDB |
| cisco -- pgw_2200_softswitch | The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590. | 2010-05-14 | 7.8 | CVE-2010-1567 CISCO BID OSVDB |
| cmstactics -- com_beeheard | Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 7.5 | CVE-2010-1952 XF BID MISC SECUNIA MISC |
| datalifecms -- datalife_engine | Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php. | 2010-05-20 | 7.5 | CVE-2010-2005 XF BID MISC |
| dovecot -- dovecot | Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. | 2010-05-20 | 7.8 | CVE-2010-0745 MLIST CONFIRM VUPEN MLIST CONFIRM MLIST SUSE MLIST |
| emultisoft -- com_jnewspaper | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-19 | 7.5 | CVE-2010-1949 MISC SECUNIA |
| freedownloadmanager -- free_download_manager | Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect. | 2010-05-17 | 10.0 | CVE-2010-0998 XF BID BUGTRAQ MISC SECUNIA OSVDB OSVDB OSVDB OSVDB |
| freedownloadmanager -- free_download_manager | Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | 2010-05-17 | 7.1 | CVE-2010-0999 XF BID BUGTRAQ MISC OSVDB |
| gohigheris -- com_jwhmcs | Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 7.5 | CVE-2010-1977 BID MISC SECUNIA |
| hp -- nfs/oncplus | Unspecified vulnerability in NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service or gain privileges via unknown vectors. | 2010-05-20 | 10.0 | CVE-2010-1039 BID SECUNIA HP HP |
| joomlacomponent.inetlanka -- com_multimap | Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 7.5 | CVE-2010-1953 VUPEN BID MISC SECUNIA |
| joomlacomponent.inetlanka -- com_multiroot | Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-19 | 7.5 | CVE-2010-1954 VUPEN BID MISC SECUNIA |
| mozilla -- firefox | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. | 2010-05-20 | 10.0 | CVE-2010-1988 MISC BUGTRAQ |
| nec -- bladesystemcenter | Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010. | 2010-05-19 | 7.8 | CVE-2010-1941 BID CONFIRM SECUNIA OSVDB JVNDB JVN |
| nec -- capsuite_patchmeister | Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015. | 2010-05-19 | 7.8 | CVE-2010-1943 VUPEN BID CONFIRM MISC SECUNIA OSVDB JVNDB JVN |
| phpbb -- phpbb | Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." | 2010-05-19 | 7.5 | CVE-2010-1630 CONFIRM MLIST MLIST MLIST MISC |
| phpgroupware -- phpgroupware | Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/. | 2010-05-19 | 7.5 | CVE-2010-0404 MLIST CONFIRM CONFIRM VUPEN VUPEN DEBIAN SECUNIA SECUNIA |
| postgresql -- postgresql | PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. | 2010-05-19 | 8.5 | CVE-2010-1169 CONFIRM CONFIRM VUPEN BID REDHAT REDHAT REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
| postgresql -- postgresql | PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which might allow remote attackers to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. | 2010-05-19 | 8.5 | CVE-2010-1447 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
| redcomponent -- com_redtwitter | Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-19 | 7.5 | CVE-2010-1983 XF BID MISC SECUNIA MISC OSVDB MISC |
| roberto_aloi -- com_joomlaflickr | Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 7.5 | CVE-2010-1980 BID CONFIRM XF MISC SECUNIA MISC |
| thefactory -- com_blogfactory | Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 7.5 | CVE-2010-1955 XF BID MISC SECUNIA MISC OSVDB |
| thefactory -- com_gadgetfactory | Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-19 | 7.5 | CVE-2010-1956 CONFIRM XF VUPEN BID MISC SECUNIA MISC OSVDB |
| thefactory -- com_lovefactory | Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 7.5 | CVE-2010-1957 XF BID MISC SECUNIA MISC OSVDB |
| tomatocms -- tomatocms | SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO. | 2010-05-20 | 7.5 | CVE-2010-1994 XF BID BUGTRAQ MISC SECUNIA OSVDB MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 60cycle -- 60cyclecms | Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php. | 2010-05-19 | 6.8 | CVE-2010-1951 XF BID BUGTRAQ MISC |
| affiliatefeeds -- com_datafeeds | Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 6.8 | CVE-2010-1979 XF BID MISC SECUNIA |
| apple -- safari | Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-05-14 | 4.3 | CVE-2010-1940 XF SECUNIA |
| derrick_brashear -- kadmind | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | 2010-05-19 | 6.8 | CVE-2010-1321 BUGTRAQ CONFIRM REDHAT MANDRIVA |
| emultisoft -- com_jnewspaper | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-05-19 | 6.8 | CVE-2010-1950 SECUNIA |
| fabrikar -- com_fabrikar | Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-19 | 6.8 | CVE-2010-1981 XF MISC MISC |
| freephpblogsoftware -- freephpblogsoftware | PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter. NOTE: some of these details are obtained from third party information. | 2010-05-19 | 6.8 | CVE-2010-1978 XF BID OSVDB MISC SECUNIA |
| fujitsu -- interstage_application_server | Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device. | 2010-05-19 | 6.4 | CVE-2010-1942 VUPEN CONFIRM BID CONFIRM SECUNIA OSVDB JVNDB JVN |
| google -- chrome | Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | 2010-05-20 | 5.0 | CVE-2010-1992 BUGTRAQ MISC |
| hp -- multifunction_peripheral_digital_sending_software | Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors. | 2010-05-14 | 4.7 | CVE-2010-1558 XF BID OSVDB HP HP |
| hp -- systems_insight_manager | Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors. | 2010-05-14 | 6.4 | CVE-2010-1556 BID HP HP |
| hp -- insight_control_server_migration_for_windows | Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-05-14 | 4.3 | CVE-2010-1557 OSVDB HP HP |
| ibm -- websphere_application_server | The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | 2010-05-17 | 4.3 | CVE-2010-0774 XF AIXAPAR |
| ibm -- websphere_application_server | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. | 2010-05-17 | 5.0 | CVE-2010-0775 XF |
| ibm -- websphere_application_server | The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. | 2010-05-17 | 5.0 | CVE-2010-0776 XF |
| irfanview -- irfanview | IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error." | 2010-05-14 | 5.0 | CVE-2010-1509 XF BID BUGTRAQ MISC SECUNIA OSVDB CONFIRM |
| irfanview -- irfanview | Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. | 2010-05-14 | 5.0 | CVE-2010-1510 XF BID BUGTRAQ MISC SECUNIA OSVDB CONFIRM |
| joomlart -- com_javoice | Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | 2010-05-19 | 5.0 | CVE-2010-1982 BID MISC SECUNIA MISC |
| kde -- kde_sc | Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | 2010-05-17 | 4.3 | CVE-2010-1000 XF VUPEN VUPEN UBUNTU BID BUGTRAQ BUGTRAQ MANDRIVA CONFIRM SECTRACK MISC SECUNIA SECUNIA OSVDB MLIST |
| kde -- kde_sc | KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. | 2010-05-17 | 5.0 | CVE-2010-1511 XF VUPEN VUPEN UBUNTU BID BUGTRAQ BUGTRAQ CONFIRM SECTRACK MISC SECUNIA SECUNIA OSVDB MLIST |
| letodms -- letodms | Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | 2010-05-20 | 6.5 | CVE-2010-2006 MISC XF BUGTRAQ SECUNIA OSVDB |
| letodms -- letodms | Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms. | 2010-05-20 | 6.8 | CVE-2010-2007 MISC XF BUGTRAQ SECUNIA OSVDB |
| microsoft -- windows_7 | cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, does not perform the expected data parsing after user-mode data is copied to kernel mode, which allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys. | 2010-05-14 | 4.9 | CVE-2009-3678 XF VUPEN BID CONFIRM MISC MISC MISC CONFIRM CONFIRM |
| microsoft -- ie | Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | 2010-05-20 | 5.0 | CVE-2010-1991 BUGTRAQ MISC |
| mozilla -- firefox | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. | 2010-05-20 | 5.0 | CVE-2010-1986 MISC BUGTRAQ |
| mozilla -- firefox | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. | 2010-05-20 | 5.0 | CVE-2010-1987 MISC BUGTRAQ |
| mozilla -- firefox | Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | 2010-05-20 | 5.0 | CVE-2010-1990 BUGTRAQ MISC |
| mysql -- mysql | The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. | 2010-05-14 | 5.0 | CVE-2010-1621 MANDRIVA CONFIRM CONFIRM |
| openmairie -- opencimetiere | Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/. | 2010-05-19 | 6.8 | CVE-2010-1944 XF VUPEN BID OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB MISC SECUNIA MISC |
| openmairie -- openfoncier | Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/. | 2010-05-19 | 6.8 | CVE-2010-1945 OSVDB OSVDB OSVDB OSVDB OSVDB MISC SECUNIA MISC |
| openmairie -- openregistrecil | Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/. | 2010-05-19 | 6.8 | CVE-2010-1946 BID OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB MISC SECUNIA MISC |
| openmairie -- openregistrecil | Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069. | 2010-05-19 | 6.8 | CVE-2010-1947 BID OSVDB MISC SECUNIA MISC |
| openmairie -- openfoncier | Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 2010-05-19 | 6.8 | CVE-2010-1948 OSVDB MISC SECUNIA MISC |
| openmairie -- opencatalogue | Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 2010-05-20 | 6.8 | CVE-2010-1999 VUPEN OSVDB MISC SECUNIA MISC |
| opera -- opera_browser | Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. | 2010-05-20 | 5.0 | CVE-2010-1989 BUGTRAQ MISC |
| opera -- opera_browser | Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. | 2010-05-20 | 5.0 | CVE-2010-1993 BUGTRAQ MISC |
| palo_alto_networks -- firewall | Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. | 2010-05-14 | 4.3 | CVE-2010-0475 XF MISC BUGTRAQ |
| phorum -- phorum | Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. | 2010-05-19 | 4.3 | CVE-2010-1629 CONFIRM MLIST MLIST |
| phpbb -- phpbb | feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum. | 2010-05-19 | 4.3 | CVE-2010-1627 CONFIRM MLIST MLIST |
| phpgroupware -- phpgroupware | Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter. | 2010-05-19 | 6.8 | CVE-2010-0403 VUPEN CONFIRM CONFIRM VUPEN DEBIAN SECUNIA SECUNIA MLIST |
| pidgin -- pidgin | The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service (application crash) via a custom emoticon in a malformed SLP message. | 2010-05-14 | 5.0 | CVE-2010-1624 XF VUPEN BID CONFIRM MANDRIVA SECUNIA CONFIRM CONFIRM |
| postgresql -- postgresql | The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. | 2010-05-19 | 6.0 | CVE-2010-1170 VUPEN CONFIRM BID REDHAT REDHAT REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
| postgresql -- postgresql | PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. | 2010-05-19 | 5.5 | CVE-2010-1975 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| proxy2 -- advanced_poll | Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter. | 2010-05-20 | 4.3 | CVE-2010-2003 XF BID BUGTRAQ MISC SECUNIA MISC OSVDB |
| rafael_garcia-suarez -- safe | Multiple unspecified vulnerabilities in the Safe (aka Safe.pm) module before 2.25 for Perl allow context-dependent attackers to inject and execute arbitrary code via vectors related to "automagic methods." NOTE: this might overlap CVE-2010-1169 or CVE-2010-1447. | 2010-05-19 | 6.8 | CVE-2010-1974 CONFIRM CONFIRM |
| sixapart -- movable_type | Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2010-05-19 | 4.3 | CVE-2010-1985 VUPEN CONFIRM CONFIRM SECUNIA JVNDB JVN |
| tatsuhiro_tsujikawa -- aria2 | Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | 2010-05-17 | 4.3 | CVE-2010-1512 BID BUGTRAQ OSVDB DEBIAN MISC SECUNIA CONFIRM |
| vmware -- tc_server | com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password. | 2010-05-19 | 6.8 | CVE-2010-1454 CONFIRM BID BUGTRAQ SECUNIA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| addison_berry -- wordfilter | Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list. | 2010-05-20 | 2.1 | CVE-2010-2002 BID CONFIRM CONFIRM CONFIRM SECUNIA |
| ibm -- websphere_application_server | The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | 2010-05-17 | 2.6 | CVE-2010-0777 XF |
| kevinhankens -- tablefield | Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers. | 2010-05-20 | 2.1 | CVE-2010-1998 VUPEN CONFIRM CONFIRM XF BID OSVDB SECUNIA |
| michael_nichols -- taxonomy_breadcrumb | Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. | 2010-05-19 | 2.1 | CVE-2010-1976 CONFIRM XF SECUNIA OSVDB MISC MISC |
| michael_nichols -- taxonomy_breadcrumb | Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display. | 2010-05-19 | 2.1 | CVE-2010-1984 XF SECUNIA OSVDB CONFIRM MISC MISC |
| ninjitsuweb -- civiregister | Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | 2010-05-20 | 2.6 | CVE-2010-2001 BID CONFIRM CONFIRM SECUNIA |
| ron_jerome -- bibliography | Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358. | 2010-05-20 | 2.1 | CVE-2010-2000 BID CONFIRM CONFIRM CONFIRM SECUNIA |
| saurus -- saurus_cms | Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. | 2010-05-20 | 2.1 | CVE-2010-1997 BID BUGTRAQ MISC SECUNIA MISC OSVDB |
| steven_jones -- context | Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. | 2010-05-19 | 2.1 | CVE-2010-1584 CONFIRM XF MISC BID MISC MISC CONFIRM CONFIRM MISC |
| tomatocms -- tomatocms | Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO. | 2010-05-20 | 2.1 | CVE-2010-1995 XF BID BUGTRAQ MISC SECUNIA OSVDB MISC |
| tomatocms -- tomatocms | Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO. | 2010-05-20 | 2.1 | CVE-2010-1996 XF XF XF BID SECUNIA OSVDB OSVDB OSVDB MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.