U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-152)

Vulnerability Summary for the Week of May 24, 2010

Original release date: June 01, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2brightsparks -- syncback
Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile. 2010-05-24 9.3 CVE-2010-1688
CONFIRM
XF
BID
MISC
MISC
SECUNIA
OSVDB
adhie_utomo -- com_konsultasi
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php. 2010-05-25 7.5 CVE-2010-2044
XF
BID
MISC
SECUNIA
MISC
OSVDB
adobe -- photoshop_cs4
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file. 2010-05-27 9.3 CVE-2010-1296
CONFIRM
XF
MISC
MISC
MISC
MISC
MISC
MISC
SECTRACK
BID
cacti -- cacti
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. 2010-05-27 7.5 CVE-2010-2092
CONFIRM
MISC
cisco -- mediator_framework
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495. 2010-05-27 10.0 CVE-2010-0595
CISCO
XF
BID
SECTRACK
SECUNIA
cisco -- mediator_framework
Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607. 2010-05-27 9.0 CVE-2010-0596
CISCO
SECTRACK
SECUNIA
cisco -- mediator_framework
Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618. 2010-05-27 9.0 CVE-2010-0597
CISCO
BID
SECTRACK
SECUNIA
cisco -- mediator_framework
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631. 2010-05-27 9.3 CVE-2010-0598
CISCO
SECTRACK
SECUNIA
cisco -- mediator_framework
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505. 2010-05-27 9.3 CVE-2010-0599
CISCO
SECTRACK
SECUNIA
cisco -- mediator_framework
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512. 2010-05-27 10.0 CVE-2010-0600
CISCO
BID
SECTRACK
SECUNIA
cmsqlite -- cmsqlite
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. 2010-05-27 7.5 CVE-2010-2095
MISC
cmsqlite -- cmsqlite
Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. 2010-05-27 7.5 CVE-2010-2096
MISC
debliteck -- dbcart
SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-05-25 7.5 CVE-2010-2051
MISC
SECUNIA
MISC
dionesoft -- com_dioneformwizard
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. 2010-05-25 7.5 CVE-2010-2045
XF
BID
MISC
SECUNIA
MISC
OSVDB
e107 -- e107
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. 2010-05-27 7.5 CVE-2010-2098
CONFIRM
CONFIRM
e107 -- e107
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method. 2010-05-27 7.5 CVE-2010-2099
BID
MISC
joenasejes -- je_cms
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information. 2010-05-25 7.5 CVE-2010-2047
XF
BID
MISC
SECUNIA
OSVDB
kingsoft -- webshield
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device. 2010-05-24 7.2 CVE-2010-2031
XF
BID
MISC
SECUNIA
m0r0n -- com_mscomment
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-25 7.5 CVE-2010-2050
XF
VUPEN
BID
MISC
MISC
mgenti -- tftputil_gui
Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode. 2010-05-24 10.0 CVE-2010-2028
XF
BID
MISC
MISC
percha -- com_perchacategoriestree
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-25 7.5 CVE-2010-2033
BID
SECUNIA
MISC
percha -- com_perchaimageattach
Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-25 7.5 CVE-2010-2034
BID
MISC
percha -- com_perchagallery
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-25 7.5 CVE-2010-2035
BID
MISC
percha -- com_perchafieldsattach
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-25 7.5 CVE-2010-2036
BID
MISC
percha -- com_perchadownloadsattach
Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-25 7.5 CVE-2010-2037
BID
MISC
python -- python
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. 2010-05-27 7.5 CVE-2010-1449
CONFIRM
BID
CONFIRM
python -- python
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. 2010-05-27 7.5 CVE-2010-1450
CONFIRM
CONFIRM
BID
rhinosoft -- serv-u
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie. 2010-05-26 10.0 CVE-2009-4873
VUPEN
BID
MISC
SECUNIA
shopex -- ecshop
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information. 2010-05-25 7.5 CVE-2010-2042
BID
MISC
SECUNIA
MISC
timo_gaik -- webby_webserver
Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. 2010-05-27 10.0 CVE-2010-2102
XF
BID
BUGTRAQ
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
activehelper -- com_activehelper_livehelp
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php. 2010-05-25 4.3 CVE-2010-2046
MISC
MISC
BID
SECUNIA
MISC
alan_palazzolo -- external_link_page
Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages. 2010-05-24 4.3 CVE-2010-2030
CONFIRM
XF
SECUNIA
OSVDB
apache -- myfaces
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. 2010-05-27 4.0 CVE-2010-2086
MISC
MISC
apache -- axis2
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. 2010-05-27 4.3 CVE-2010-2103
XF
VUPEN
BID
BUGTRAQ
MISC
MISC
SECUNIA
OSVDB
caucho -- resin
Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information. 2010-05-24 4.3 CVE-2010-2032
XF
VUPEN
BID
BUGTRAQ
SECUNIA
MISC
cisco -- scientific_atlanta_webstar_dpc2100r2
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. 2010-05-26 6.8 CVE-2010-2025
BID
FULLDISC
cisco -- scientific_atlanta_webstar_dpc2100r2
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. 2010-05-26 6.4 CVE-2010-2026
BID
FULLDISC
cisco -- scientific_atlanta_webstar_dpc2100r2
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. 2010-05-26 5.0 CVE-2010-2082
FULLDISC
clamav -- clamav
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. 2010-05-26 4.3 CVE-2010-1639
CONFIRM
CONFIRM
XF
VUPEN
SECTRACK
BID
SECUNIA
clamav -- clamav
Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. 2010-05-26 4.3 CVE-2010-1640
CONFIRM
CONFIRM
XF
VUPEN
BID
MLIST
SECUNIA
CONFIRM
cybozu -- cybozu_dotsales
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. 2010-05-24 5.8 CVE-2010-2029
XF
OSVDB
MISC
SECUNIA
JVNDB
JVN
CONFIRM
daniel_mealha_cabrita -- ziproxy
Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows. 2010-05-26 6.8 CVE-2010-1513
CONFIRM
BUGTRAQ
MISC
SECUNIA
frederico_caldeira_knabben -- fckeditor.java
FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters. 2010-05-26 5.0 CVE-2009-4875
XF
BID
OSVDB
CONFIRM
SECUNIA
CONFIRM
CONFIRM
gnu -- gnutls
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. 2010-05-24 5.0 CVE-2006-7239
MLIST
CONFIRM
MLIST
gpeasy -- gpeasy_cms
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information. 2010-05-25 6.8 CVE-2010-2039
XF
VUPEN
OSVDB
MISC
SECUNIA
MISC
hp -- mercury_testdirector_for_quality_center
Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors. 2010-05-27 5.0 CVE-2010-1959
BID
SECTRACK
SECUNIA
OSVDB
HP
HP
ibm -- communications_server
The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. 2010-05-27 5.0 CVE-2010-2090
XF
VUPEN
BID
CONFIRM
AIXAPAR
AIXAPAR
SECUNIA
magnoware -- datatrack_system
Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of these details are obtained from third party information. 2010-05-25 4.3 CVE-2010-2043
XF
BID
SECUNIA
MISC
OSVDB
MISC
magnoware -- datatrack_system
DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI. 2010-05-25 5.0 CVE-2010-2078
XF
MISC
MISC
magnoware -- datatrack_system
DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config and (2) .ascx files. 2010-05-25 5.0 CVE-2010-2079
XF
MISC
MISC
manageengine -- adaudit_plus
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-05-25 4.3 CVE-2010-2049
BID
SECUNIA
OSVDB
microsoft -- dynamics_gp
Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. 2010-05-26 4.0 CVE-2010-2083
MISC
microsoft -- asp.net
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. 2010-05-27 4.3 CVE-2010-2084
MISC
microsoft -- .net_framework
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. 2010-05-27 4.3 CVE-2010-2085
MISC
MISC
microsoft -- asp.net
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. 2010-05-27 4.3 CVE-2010-2088
MISC
MISC
microsoft -- exchange_server
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. 2010-05-27 4.3 CVE-2010-2091
XF
BUGTRAQ
BUGTRAQ
BUGTRAQ
MISC
mono -- mono
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. 2010-05-27 4.3 CVE-2010-1459
BID
CONFIRM
MISC
SUSE
mysql -- mysql
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. 2010-05-21 4.4 CVE-2010-1626
CONFIRM
VUPEN
BID
MLIST
MLIST
MANDRIVA
SECTRACK
netrix -- netrix_cms
admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter. 2010-05-26 5.0 CVE-2009-4876
XF
MILW0RM
SECUNIA
OSVDB
novell -- access_manager
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors. 2010-05-26 4.3 CVE-2009-4878
XF
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
novell -- access_manager
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. 2010-05-26 4.3 CVE-2009-4879
SECTRACK
CONFIRM
oracle -- mojarra
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. 2010-05-27 4.3 CVE-2010-2087
MISC
MISC
orbitdownloader -- orbit_downloader
Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element. 2010-05-27 4.3 CVE-2010-2104
BUGTRAQ
MISC
SECUNIA
php -- php
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. 2010-05-27 5.0 CVE-2010-2093
MISC
php -- php
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. 2010-05-27 5.0 CVE-2010-2094
MISC
MISC
MISC
MISC
MISC
php -- php
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. 2010-05-27 5.0 CVE-2010-2097
MISC
MISC
MISC
php -- php
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. 2010-05-27 5.0 CVE-2010-2100
MISC
MISC
MISC
MISC
MISC
php -- php
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. 2010-05-27 5.0 CVE-2010-2101
MISC
MISC
MISC
MISC
MISC
MISC
php-calendar -- php-calendar
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters. 2010-05-25 4.3 CVE-2010-2041
BID
VUPEN
BUGTRAQ
SECUNIA
CONFIRM
MISC
plainblack -- webgui
Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors. 2010-05-26 6.8 CVE-2009-4877
XF
CONFIRM
SECUNIA
OSVDB
python -- python
Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. 2010-05-27 5.0 CVE-2009-4134
CONFIRM
CONFIRM
BID
python -- python
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. 2010-05-27 5.0 CVE-2010-1634
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
SECUNIA
python -- python
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. 2010-05-27 5.0 CVE-2010-2089
CONFIRM
scripts.oldguy -- talkback
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments. 2010-05-26 6.4 CVE-2009-4874
BID
MISC
MILW0RM
MISC
SECUNIA
OSVDB
v-eva -- shopzilla_affiliate_script_php
Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2010-05-25 4.3 CVE-2010-2040
XF
BID
MISC
SECUNIA
OSVDB
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
gpeasy -- gpeasy_cms
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-05-252.1 CVE-2010-2038
BID
BUGTRAQ
MISC
SECUNIA
MISC
menhir -- heartbeat
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2010-05-253.5 CVE-2010-2048
BID
CONFIRM
CONFIRM
XF
SECUNIA
wolfram_research -- mathematica
Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf. 2010-05-241.9 CVE-2010-2027
BUGTRAQ
SECUNIA
FULLDISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top