Vulnerability Summary for the Week of June 14, 2010

Released
Jun 21, 2010
Document ID
SB10-172

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
accoria -- rock_web_serverAccoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.2010-06-157.5CVE-2010-2270
CERT-VN
MISC
accoria -- rock_web_serverFormat string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.2010-06-157.5CVE-2010-2271
CERT-VN
MISC
adobe -- airUnspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.2010-06-159.3CVE-2009-3793
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2160
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airArray index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."2010-06-159.3CVE-2010-2161
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
IDEFENSE
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via unspecified vectors.2010-06-159.3CVE-2010-2162
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airMultiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.2010-06-159.3CVE-2010-2163
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airUse-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."2010-06-159.3CVE-2010-2164
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
IDEFENSE
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2165
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2166
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airMultiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.2010-06-159.3CVE-2010-2167
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.2010-06-159.3CVE-2010-2169
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.2010-06-159.3CVE-2010-2170
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2171
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-2174.2010-06-159.3CVE-2010-2173
CERT
CONFIRM
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-2173.2010-06-159.3CVE-2010-2174
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2175
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2176
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2177
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2178
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2180
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.2010-06-159.3CVE-2010-2181
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2182
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.2010-06-159.3CVE-2010-2183
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.2010-06-159.3CVE-2010-2184
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airBuffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.2010-06-159.3CVE-2010-2185
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airUnspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.2010-06-159.3CVE-2010-2186
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.2010-06-159.3CVE-2010-2187
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.2010-06-159.3CVE-2010-2188
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
adobe -- airAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.2010-06-159.3CVE-2010-2189
CERT
CONFIRM
XF
BID
BID
SECTRACK
SECTRACK
apple -- safariUse-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.2010-06-119.3CVE-2010-1385
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons.2010-06-119.3CVE-2010-1392
VUPEN
BID
APPLE
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to removing container elements.2010-06-119.3CVE-2010-1396
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.2010-06-119.3CVE-2010-1397
VUPEN
BID
APPLE
MISC
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.2010-06-119.3CVE-2010-1398
VUPEN
BID
APPLE
MISC
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.2010-06-119.3CVE-2010-1399
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.2010-06-119.3CVE-2010-1400
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
IDEFENSE
apple -- safariUse-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.2010-06-119.3CVE-2010-1401
VUPEN
BID
APPLE
MISC
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariDouble free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.2010-06-119.3CVE-2010-1402
VUPEN
BID
APPLE
MISC
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.2010-06-119.3CVE-2010-1403
VUPEN
BID
APPLE
MISC
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.2010-06-119.3CVE-2010-1404
VUPEN
BID
APPLE
MISC
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.2010-06-119.3CVE-2010-1405
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.2010-06-119.3CVE-2010-1410
VUPEN
BID
APPLE
BID
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.2010-06-119.3CVE-2010-1412
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.2010-06-119.3CVE-2010-1414
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."2010-06-119.3CVE-2010-1415
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariThe Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.2010-06-119.3CVE-2010-1417
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.2010-06-119.3CVE-2010-1749
VUPEN
BID
APPLE
MISC
BUGTRAQ
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.2010-06-119.3CVE-2010-1750
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.2010-06-119.3CVE-2010-1419
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.2010-06-119.3CVE-2010-1758
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.2010-06-119.3CVE-2010-1759
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.2010-06-119.3CVE-2010-1761
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."2010-06-119.3CVE-2010-1770
VUPEN
BID
APPLE
MISC
CONFIRM
SECTRACK
SECUNIA
SECUNIA
CONFIRM
CONFIRM
apple -- safariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.2010-06-119.3CVE-2010-1771
VUPEN
BID
APPLE
XF
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.2010-06-119.3CVE-2010-1774
VUPEN
BID
APPLE
XF
CONFIRM
SECTRACK
SECUNIA
apple -- mac_os_xNetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors.2010-06-177.2CVE-2010-1375
BID
CONFIRM
VUPEN
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xOpen Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.2010-06-179.3CVE-2010-1377
BID
CONFIRM
VUPEN
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xInteger overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.2010-06-177.5CVE-2010-1380
BID
CONFIRM
VUPEN
SECTRACK
SECUNIA
APPLE
apple -- itunesUnspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.2010-06-1810.0CVE-2010-1387
CONFIRM
SECTRACK
APPLE
basti2web -- book_panelSQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.2010-06-117.5CVE-2009-4889
XF
BID
MILW0RM
creative -- autoupdateStack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.2010-06-1510.0CVE-2010-0990
BID
BUGTRAQ
MISC
SECUNIA
cs-cart -- cs-cartSQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.2010-06-117.5CVE-2009-4891
XF
BID
MILW0RM
dojotoolkit -- dojoUnspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.2010-06-1510.0CVE-2010-2272
CONFIRM
SECUNIA
dojotoolkit -- dojoThe default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.2010-06-1510.0CVE-2010-2276
CONFIRM
VUPEN
AIXAPAR
CONFIRM
SECUNIA
SECUNIA
evological -- evocamBuffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.2010-06-167.5CVE-2010-2309
BID
EXPLOIT-DB
SECUNIA
google -- chromeThe implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.2010-06-159.3CVE-2010-2296
SECUNIA
CONFIRM
CONFIRM
google -- chromerendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.2010-06-159.3CVE-2010-2297
SECUNIA
CONFIRM
CONFIRM
google -- chromebrowser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.2010-06-1510.0CVE-2010-2298
SECUNIA
CONFIRM
CONFIRM
google -- chromeThe Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.2010-06-159.3CVE-2010-2299
SECUNIA
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759.2010-06-159.3CVE-2010-2300
SECUNIA
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771.2010-06-159.3CVE-2010-2302
SECUNIA
CONFIRM
CONFIRM
google -- chromepage/Geolocation.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not stop timers associated with geolocation upon deletion of a document, which has unspecified impact and remote attack vectors.2010-06-159.3CVE-2010-2303
SECUNIA
CONFIRM
CONFIRM
google -- chromeThe toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to list markers, aka rdar problem 8009118.2010-06-159.3CVE-2010-2304
SECUNIA
CONFIRM
CONFIRM
hauntmax -- haunted_house_directory_listing_cmsSQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action.2010-06-167.5CVE-2010-2312
EXPLOIT-DB
SECUNIA
OSVDB
hp -- openview_network_node_managerUnspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-683.2010-06-177.5CVE-2010-1964
HP
HP
BID
ibm -- lotus_connectionsThe Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.2010-06-157.6CVE-2010-2279
CONFIRM
VUPEN
AIXAPAR
SECUNIA
idevspot -- textadsSQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter.2010-06-177.5CVE-2010-2319
VUPEN
BID
MISC
microsoft -- windows_2003_serverThe MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL.2010-06-159.3CVE-2010-1885
CERT-VN
XF
VUPEN
SECTRACK
BID
BUGTRAQ
BUGTRAQ
CONFIRM
EXPLOIT-DB
SECUNIA
CONFIRM
MISC
FULLDISC
power-tab -- power_tab_editorStack-based buffer overflow in Power Tab Editor 1.7 build 80 allows user-assisted remote attackers to execute arbitrary code via a .ptb file with a long font name.2010-06-169.3CVE-2010-2311
XF
EXPLOIT-DB
MISC
SECUNIA
OSVDB
samba -- sambaBuffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.2010-06-177.5CVE-2010-2063
CONFIRM
CONFIRM
MLIST
VUPEN
CONFIRM
CONFIRM
SECUNIA
smartisoft -- phpbazarPHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.2010-06-177.5CVE-2010-2315
XF
BID
MISC
sophos -- anti-virusUnspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.2010-06-167.2CVE-2010-2308
VUPEN
CONFIRM
SECTRACK
BUGTRAQ
SECUNIA
MISC
standards_based_linux_instrumentation -- sblim-sfcbHeap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896.2010-06-1510.0CVE-2010-1937
VUPEN
CONFIRM
SECUNIA
CONFIRM
MLIST
standards_based_linux_instrumentation -- sblim-sfcbInteger overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information.2010-06-1510.0CVE-2010-2054
VUPEN
CONFIRM
SECUNIA
CONFIRM
MLIST
symantec -- sygate_personal_firewallBuffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method.2010-06-169.3CVE-2010-2305
XF
EXPLOIT-DB
MISC
symantec -- appstreamSymantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.2010-06-179.3CVE-2008-4389
CONFIRM
BID
todd_rogers -- phprecipebookSQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.2010-06-117.5CVE-2009-4883
XF
BID
MILW0RM
SECUNIA
unrealircd -- unrealircdUnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.2010-06-157.5CVE-2010-2075
VUPEN
CONFIRM
BID
MLIST
EXPLOIT-DB
GENTOO
SECUNIA
FULLDISC
FULLDISC
OSVDB
webjump -- webjump!SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php.2010-06-117.5CVE-2009-4892
BID
MILW0RM
wireshark -- wiresharkBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.2010-06-158.3CVE-2010-2284
VUPEN
CONFIRM
CONFIRM
BID
MLIST
MANDRIVA
SECUNIA
wireshark -- wiresharkBuffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.2010-06-158.3CVE-2010-2287
VUPEN
CONFIRM
CONFIRM
BID
MLIST
MANDRIVA
SECUNIA
wmsdesign -- wmscmsMultiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.2010-06-177.5CVE-2010-2317
VUPEN
BID
MISC
MISC
xnview -- xnviewHeap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.2010-06-169.3CVE-2010-1932
XF
VUPEN
SECTRACK
BID
MISC
SECUNIA

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
accoria -- rock_web_serverMultiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.2010-06-154.3CVE-2010-2267
CERT-VN
MISC
accoria -- rock_web_serverCross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts.2010-06-156.8CVE-2010-2268
CERT-VN
MISC
accoria -- rock_web_serverDirectory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.2010-06-155.0CVE-2010-2269
CERT-VN
MISC
adobe -- flash_playerAdobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.2010-06-154.3CVE-2010-2172
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
SECTRACK
adobe -- airCross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.2010-06-154.3CVE-2010-2179
CERT
CONFIRM
XF
VUPEN
BID
BID
REDHAT
REDHAT
SECTRACK
SECTRACK
anodyne-productions -- simm_management_systemDirectory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to index.php. NOTE: some of these details are obtained from third party information.2010-06-176.8CVE-2010-2313
XF
VUPEN
BID
MISC
SECUNIA
MISC
OSVDB
apple -- safariApple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.2010-06-114.3CVE-2010-1384
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.2010-06-114.3CVE-2010-1388
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.2010-06-114.3CVE-2010-1389
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.2010-06-114.3CVE-2010-1390
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariMultiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.2010-06-114.3CVE-2010-1391
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariThe Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.2010-06-114.3CVE-2010-1393
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.2010-06-114.3CVE-2010-1394
VUPEN
SECTRACK
APPLE
BID
CONFIRM
SECUNIA
apple -- safariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."2010-06-114.3CVE-2010-1395
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.2010-06-114.3CVE-2010-1406
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.2010-06-114.3CVE-2010-1408
VUPEN
BID
APPLE
BID
CONFIRM
SECTRACK
SECUNIA
apple -- safariIncomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.2010-06-115.8CVE-2010-1409
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.2010-06-115.0CVE-2010-1413
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."2010-06-114.3CVE-2010-1416
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.2010-06-114.3CVE-2010-1422
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.2010-06-114.3CVE-2010-0544
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.2010-06-114.3CVE-2010-1418
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariThe execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.2010-06-114.3CVE-2010-1421
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.2010-06-114.3CVE-2010-1762
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.2010-06-114.3CVE-2010-1764
VUPEN
BID
APPLE
CONFIRM
SECTRACK
SECUNIA
apple -- safariThe Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.2010-06-114.3CVE-2010-2264
VUPEN
BID
APPLE
BID
CONFIRM
SECTRACK
SECUNIA
apple -- mac_os_xCross-site request forgery (CSRF) vulnerability in the web interface in CUPS in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to hijack the authentication of administrators for requests that change settings.2010-06-176.0CVE-2010-0540
VUPEN
BID
CONFIRM
SECUNIA
APPLE
apple -- mac_os_xCross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.2010-06-174.3CVE-2010-0541
BID
CONFIRM
VUPEN
SECUNIA
APPLE
apple -- mac_os_xImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.2010-06-176.8CVE-2010-0543
VUPEN
BID
CONFIRM
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xThe Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.2010-06-174.4CVE-2010-0545
VUPEN
BID
CONFIRM
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xCross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."2010-06-174.3CVE-2010-1373
VUPEN
BID
CONFIRM
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xDirectory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.2010-06-174.3CVE-2010-1374
BID
CONFIRM
VUPEN
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xMultiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.2010-06-176.8CVE-2010-1376
BID
CONFIRM
VUPEN
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xPrinter Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.2010-06-175.0CVE-2010-1379
BID
CONFIRM
VUPEN
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xMultiple integer overflows in ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.2010-06-176.8CVE-2010-1411
CONFIRM
VUPEN
SECTRACK
SECUNIA
APPLE
apple -- mac_os_xThe web interface in CUPS in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors.2010-06-174.3CVE-2010-1748
BID
CONFIRM
VUPEN
SECUNIA
APPLE
bernhard_frohlich -- phpcomMultiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.2010-06-116.8CVE-2009-4884
XF
BUGTRAQ
MILW0RM
bernhard_frohlich -- phpcomCross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.2010-06-114.3CVE-2009-4885
XF
BUGTRAQ
MILW0RM
bernhard_frohlich -- phpcomMultiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php.2010-06-115.0CVE-2009-4886
XF
BUGTRAQ
MILW0RM
d-link -- di-604Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.2010-06-154.3CVE-2010-2292
XF
BID
BUGTRAQ
d-link -- di-604The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.2010-06-156.8CVE-2010-2293
XF
BID
BUGTRAQ
dojotoolkit -- dojoMultiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.2010-06-154.3CVE-2010-2273
CONFIRM
VUPEN
MISC
AIXAPAR
CONFIRM
SECUNIA
SECUNIA
CONFIRM
dojotoolkit -- dojoMultiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.2010-06-154.3CVE-2010-2274
CONFIRM
VUPEN
AIXAPAR
CONFIRM
SECUNIA
SECUNIA
dojotoolkit -- dojoCross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.2010-06-154.3CVE-2010-2275
VUPEN
MISC
AIXAPAR
AIXAPAR
CONFIRM
SECUNIA
SECUNIA
CONFIRM
edmondhui.homeip -- np_twitterPHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.2010-06-176.8CVE-2010-2314
VUPEN
BID
OSVDB
MISC
SECUNIA
MISC
google -- chromepage/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.2010-06-154.3CVE-2010-2295
CONFIRM
CONFIRM
SECUNIA
CONFIRM
CONFIRM
google -- chromeCross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.2010-06-154.3CVE-2010-2301
CONFIRM
SECUNIA
CONFIRM
CONFIRM
ibm -- lotus_connectionsMultiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.2010-06-154.3CVE-2010-2277
VUPEN
CONFIRM
SECUNIA
ibm -- lotus_connectionsThe bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.2010-06-154.0CVE-2010-2278
CONFIRM
VUPEN
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECUNIA
ibm -- lotus_connectionsOpen redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.2010-06-154.3CVE-2010-2280
CONFIRM
VUPEN
SECUNIA
juniper -- secure_accessCross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie.2010-06-154.3CVE-2010-2288
SECTRACK
BUGTRAQ
MISC
MISC
OSVDB
juniper -- secure_accessOpen redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter.2010-06-154.3CVE-2010-2289
XF
VUPEN
BID
BUGTRAQ
MISC
MISC
SECUNIA
OSVDB
linux -- kernelThe btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.2010-06-164.6CVE-2010-2071
MLIST
CONFIRM
MLIST
MLIST
mcafee -- unified_threat_management_firewall_firmwareCross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.2010-06-154.3CVE-2010-2290
CONFIRM
VUPEN
SECTRACK
BUGTRAQ
SECUNIA
SECUNIA
MISC
microsoft -- windows_2003_serverCross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.2010-06-154.3CVE-2010-2265
CERT-VN
XF
VUPEN
BID
BUGTRAQ
MISC
SECUNIA
MISC
MISC
FULLDISC
motorola -- surfboard_sbv6120eMultiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.2010-06-165.0CVE-2010-2307
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
nginx -- nginxnginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.2010-06-155.0CVE-2010-2263
BID
EXPLOIT-DB
EXPLOIT-DB
MISC
nginx -- nginxnginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.2010-06-155.0CVE-2010-2266
EXPLOIT-DB
nskate -- phortailCross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters.2010-06-114.3CVE-2009-4888
XF
VUPEN
BID
SECUNIA
MISC
OSVDB
phpcityportal -- phpcityportalCross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.2010-06-174.3CVE-2010-2318
BID
MISC
punbb -- punbbMultiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.2010-06-154.3CVE-2009-4894
CONFIRM
pxsystem -- plume-cmsCross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.2010-06-156.8CVE-2010-2294
XF
VUPEN
BUGTRAQ
SECUNIA
radovan_garabik -- pyftpdauth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.2010-06-165.0CVE-2010-2073
XF
BID
MLIST
CONFIRM
retrieve -- vbookMultiple cross-site scripting (XSS) vulnerabilities in the login application in vBook 4.2.17 allow remote attackers to inject arbitrary web script or HTML via the (1) title and (2) message parameters.2010-06-114.3CVE-2009-4890
XF
BID
BUGTRAQ
samba -- sambaThe chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.2010-06-175.0CVE-2010-1635
CONFIRM
CONFIRM
CONFIRM
MISC
BID
CONFIRM
CONFIRM
CONFIRM
samba -- sambaThe reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a xffxff security blob length in a Session Setup AndX request.2010-06-175.0CVE-2010-1642
CONFIRM
CONFIRM
CONFIRM
MISC
BID
CONFIRM
CONFIRM
CONFIRM
sbuilder -- cms_s.builderPHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.2010-06-116.8CVE-2009-4887
XF
BID
MILW0RM
solarwinds -- tftp_serverSolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request.2010-06-165.0CVE-2010-2310
XF
BID
EXPLOIT-DB
sourcefire -- 3d1000The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.2010-06-164.3CVE-2010-2306
MISC
XF
MISC
VUPEN
SECTRACK
BUGTRAQ
SECUNIA
OSVDB
tomatocms -- tomatocmsUnrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.2010-06-156.0CVE-2010-1514
BID
MISC
SECUNIA
MISC
tomatocms -- tomatocmsMultiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO.2010-06-154.3CVE-2010-2281
SECUNIA
MISC
tomatocms -- tomatocmsCross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password.2010-06-155.1CVE-2010-2282
SECUNIA
MISC
unrealircd -- unrealircdBuffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.2010-06-156.8CVE-2009-4893
CONFIRM
MLIST
GENTOO
w3m -- w3mistream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.