U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-193)

Vulnerability Summary for the Week of July 5, 2010

Original release date: July 12, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2daybiz -- job_search_engine_script
SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter. 2010-07-02 7.5 CVE-2010-2609
XF
VUPEN
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
2daybiz -- job_site_script
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php. 2010-07-02 7.5 CVE-2010-2610
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
OSVDB
OSVDB
alanzard -- tsoka:cms
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action. 2010-07-08 7.5 CVE-2010-2674
XF
EXPLOIT-DB
SECUNIA
MISC
OSVDB
alexander_v._lukyanov -- lftp
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. 2010-07-06 7.5 CVE-2010-2251
CONFIRM
CONFIRM
VUPEN
MISC
SECUNIA
MLIST
MLIST
MLIST
MLIST
FEDORA
CONFIRM
brotherscripts -- recipe_website
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-07-08 7.5 CVE-2010-2670
XF
VUPEN
BID
EXPLOIT-DB
cisco -- content_services_switch_11500
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. 2010-07-06 7.5 CVE-2010-1575
MISC
BID
BUGTRAQ
SECTRACK
cisco -- ace_4710
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. 2010-07-06 7.5 CVE-2010-1576
MISC
BID
BUGTRAQ
SECTRACK
SECTRACK
cisco -- ace_4710
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. 2010-07-06 7.5 CVE-2010-2629
MISC
BID
BUGTRAQ
SECTRACK
SECTRACK
cisco -- ios
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. 2010-07-08 10.0 CVE-2010-1574
XF
BID
CISCO
SECTRACK
SECUNIA
devana -- devana
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-07-08 7.5 CVE-2010-2673
EXPLOIT-DB
SECUNIA
MISC
OSVDB
ez -- ez_publish
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. 2010-07-08 7.5 CVE-2010-2672
CONFIRM
CONFIRM
CONFIRM
MISC
BID
SECUNIA
OSVDB
OSVDB
freeciv -- freeciv
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions. 2010-07-08 10.0 CVE-2010-2445
CONFIRM
OSVDB
MLIST
MLIST
google -- chrome
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. 2010-07-06 9.3 CVE-2010-2646
CONFIRM
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. 2010-07-06 9.3 CVE-2010-2647
CONFIRM
CONFIRM
google -- chrome
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2010-07-06 9.3 CVE-2010-2648
CONFIRM
CONFIRM
google -- chrome
Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." 2010-07-06 9.3 CVE-2010-2650
CONFIRM
CONFIRM
google -- chrome
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2010-07-06 9.3 CVE-2010-2651
CONFIRM
CONFIRM
grafik-power -- grafik_cms
SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action. 2010-07-02 7.5 CVE-2010-2614
VUPEN
BUGTRAQ
MISC
guillermo_vargas -- com_xmap
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. 2010-07-08 7.5 CVE-2010-2678
BID
BUGTRAQ
hitachi -- jp1/_serverconductor_/_deployment_manager
Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors. 2010-07-02 7.8 CVE-2010-2625
VUPEN
CONFIRM
SECUNIA
OSVDB
i-netsolution -- job_search_engine_script
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter. 2010-07-02 7.5 CVE-2010-2611
XF
VUPEN
EXPLOIT-DB
MISC
internetdm -- bed_and_breakfast
SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter. 2010-07-02 7.5 CVE-2010-2623
XF
VUPEN
BID
EXPLOIT-DB
iscripts -- easysnaps
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php. 2010-07-02 7.5 CVE-2010-2624
XF
BID
BUGTRAQ
MISC
EXPLOIT-DB
SECUNIA
joomanager -- joomanager
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. 2010-07-02 7.5 CVE-2010-2622
XF
BID
EXPLOIT-DB
joomla -- joomla!
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. 2010-07-08 7.5 CVE-2010-2679
BID
BUGTRAQ
MISC
libtiff -- libtiff
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." 2010-07-02 7.5 CVE-2010-2233
CONFIRM
CONFIRM
MISC
SECTRACK
SECUNIA
MLIST
CONFIRM
mahara -- mahara
SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2010-07-06 7.5 CVE-2010-1669
BID
XF
CONFIRM
CONFIRM
SECUNIA
mahara -- mahara
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. 2010-07-06 7.5 CVE-2010-1670
BID
CONFIRM
CONFIRM
CONFIRM
SECUNIA
miyabi-seo -- cgi_tools_seo_links
index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information. 2010-07-02 7.5 CVE-2010-2626
XF
BID
SECUNIA
OSVDB
FULLDISC
FULLDISC
open-ftpd -- open-ftpd
Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first. 2010-07-02 9.3 CVE-2010-2620
EXPLOIT-DB
SECUNIA
opera -- opera_browser
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. 2010-07-08 9.3 CVE-2010-2657
VUPEN
CONFIRM
CONFIRM
CONFIRM
SECUNIA
opera -- opera_browser
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. 2010-07-08 9.3 CVE-2010-2666
VUPEN
BID
CONFIRM
CONFIRM
CONFIRM
SECUNIA
ordasoft -- com_booklibrary
Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. 2010-07-02 7.5 CVE-2010-1522
MISC
MISC
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
paul_mcenery -- php_bible_search
SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter. 2010-07-02 7.5 CVE-2010-2616
XF
BID
MISC
tornadostore -- tornadostore
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3. 2010-07-06 7.5 CVE-2010-1327
XF
BID
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adaptivedisplays -- alpha_ethernet_adapter_ii_web_manager
Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. 2010-07-08 6.4 CVE-2010-2668
BID
BUGTRAQ
SECUNIA
OSVDB
FULLDISC
alanzard -- tsoka:cms
Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action. 2010-07-08 4.3 CVE-2010-2675
EXPLOIT-DB
MISC
arne_redlich_&_ross_walker -- iscsitarget
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. 2010-07-08 5.0 CVE-2010-2221
CONFIRM
BID
OSVDB
OSVDB
OSVDB
MLIST
SECUNIA
SECUNIA
SECUNIA
CONFIRM
CONFIRM
MLIST
FULLDISC
BUGTRAQ
bogofilter -- bogofilter
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. 2010-07-08 5.0 CVE-2010-2494
MLIST
CONFIRM
CONFIRM
BID
OSVDB
SECUNIA
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
cerberusftp -- ftp_server
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. 2010-07-02 4.0 CVE-2004-2769
BID
CONFIRM
CONFIRM
SECUNIA
dan_pascu -- python-cjson
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function. 2010-07-02 6.8 CVE-2010-1666
CONFIRM
SECUNIA
dan_pascu -- python-cjson
Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. 2010-07-02 4.3 CVE-2009-4924
MISC
MISC
ea -- battlefield_2
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via ".." (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL. 2010-07-02 6.8 CVE-2010-2627
BID
SECUNIA
OSVDB
MISC
ez -- ez_publish
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. 2010-07-08 4.3 CVE-2010-2671
CONFIRM
CONFIRM
CONFIRM
MISC
BID
SECUNIA
OSVDB
gnu -- wget
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. 2010-07-06 6.8 CVE-2010-2252
CONFIRM
CONFIRM
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
google -- chrome
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. 2010-07-06 4.3 CVE-2010-2645
CONFIRM
CONFIRM
google -- chrome
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image. 2010-07-06 4.3 CVE-2010-2649
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. 2010-07-06 5.0 CVE-2010-2652
CONFIRM
CONFIRM
grafik-power -- grafik_cms
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action. 2010-07-02 4.3 CVE-2010-2615
VUPEN
BUGTRAQ
MISC
MISC
harmistechnology -- com_awd_song
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. 2010-07-02 4.3 CVE-2010-2613
XF
BID
EXPLOIT-DB
MISC
htmlpurifier -- htmlpurifier
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-07-06 4.3 CVE-2010-2479
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
SECUNIA
CONFIRM
ibm -- advanced_management_module
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php. 2010-07-08 4.3 CVE-2010-2654
BID
EXPLOIT-DB
MISC
ibm -- advanced_management_module
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter. 2010-07-08 4.0 CVE-2010-2655
BID
EXPLOIT-DB
MISC
ibm -- advanced_management_module
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz. 2010-07-08 5.0 CVE-2010-2656
BID
EXPLOIT-DB
MISC
insanevisions -- adapcms
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. 2010-07-02 6.8 CVE-2010-2618
XF
BID
EXPLOIT-DB
MISC
intersect_alliance -- snare_agent
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. 2010-07-02 6.8 CVE-2010-2594
CERT-VN
BID
SECUNIA
MISC
libtiff -- libtiff
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." 2010-07-02 4.3 CVE-2010-2595
CONFIRM
SECUNIA
MLIST
CONFIRM
libtiff -- libtiff
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." 2010-07-02 4.3 CVE-2010-2596
CONFIRM
SECUNIA
MLIST
CONFIRM
libtiff -- libtiff
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. 2010-07-02 4.3 CVE-2010-2597
CONFIRM
CONFIRM
CONFIRM
SECUNIA
CONFIRM
libtiff -- libtiff
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. 2010-07-06 4.3 CVE-2010-2481
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
libtiff -- libtiff
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. 2010-07-06 4.3 CVE-2010-2482
CONFIRM
CONFIRM
CONFIRM
MLIST
SECUNIA
MLIST
MLIST
MLIST
CONFIRM
libtiff -- libtiff
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. 2010-07-06 4.3 CVE-2010-2483
CONFIRM
CONFIRM
MLIST
SECUNIA
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
libtiff -- libtiff
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. 2010-07-06 4.3 CVE-2010-2630
CONFIRM
CONFIRM
libtiff -- libtiff
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. 2010-07-06 4.3 CVE-2010-2631
CONFIRM
mahara -- mahara
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-07-06 4.3 CVE-2010-1667
BID
XF
CONFIRM
CONFIRM
CONFIRM
SECUNIA
mahara -- mahara
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2010-07-06 6.8 CVE-2010-1668
XF
BID
CONFIRM
CONFIRM
CONFIRM
SECUNIA
makotemplates -- mako
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. 2010-07-02 4.3 CVE-2010-2480
CONFIRM
SECUNIA
MISC
microsoft -- windows_server_2008
Use-after-free vulnerability in Microsoft Windows Vista and Server 2008 allows local users to cause a denial of service (crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, which causes a process object to be deleted while it is still in use. 2010-07-02 4.9 CVE-2010-2549
BID
EXPLOIT-DB
FULLDISC
nokia -- qt
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. 2010-07-02 5.0 CVE-2010-2621
VUPEN
BID
SECUNIA
OSVDB
MISC
MISC
novo-ws -- orbis_cms
Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2010-07-08 4.3 CVE-2010-2669
XF
BID
SECUNIA
OSVDB
MISC
openwebanalytics -- open_web_analytics
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. 2010-07-08 5.0 CVE-2010-2676
MISC
XF
MISC
EXPLOIT-DB
MISC
openwebanalytics -- open_web_analytics
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. 2010-07-08 6.8 CVE-2010-2677
CONFIRM
XF
MISC
EXPLOIT-DB
SECUNIA
MISC
OSVDB
opera -- opera_browser
Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. 2010-07-08 4.3 CVE-2010-2658
VUPEN
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
opera -- opera_browser
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. 2010-07-08 4.3 CVE-2010-2659
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
opera -- opera_browser
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. 2010-07-08 4.3 CVE-2010-2660
VUPEN
VUPEN
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
opera -- opera_browser
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. 2010-07-08 4.3 CVE-2010-2661
VUPEN
VUPEN
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
opera -- opera_browser
Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click." 2010-07-08 4.3 CVE-2010-2662
CONFIRM
CONFIRM
CONFIRM
opera -- opera_browser
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element. 2010-07-08 4.3 CVE-2010-2663
CONFIRM
CONFIRM
CONFIRM
opera -- opera_browser
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning. 2010-07-08 4.3 CVE-2010-2664
CONFIRM
CONFIRM
CONFIRM
opera -- opera_browser
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." 2010-07-08 4.3 CVE-2010-2665
VUPEN
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
paul_mcenery -- php_bible_search
Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. 2010-07-02 4.3 CVE-2010-2617
XF
BID
MISC
redhat -- enterprise_linux
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." 2010-07-02 4.3 CVE-2010-2598
CONFIRM
search.cpan -- libwww-perl
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. 2010-07-06 6.8 CVE-2010-2253
CONFIRM
CONFIRM
MISC
MLIST
MLIST
CONFIRM
tornadostore -- tornadostore
Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section. 2010-07-06 4.3 CVE-2010-1328
XF
BID
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
avahi -- avahi
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. 2010-07-082.9 CVE-2010-2244
CONFIRM
MLIST
MLIST
FEDORA
FEDORA
citrix -- xenserver
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." 2010-07-021.9 CVE-2010-2619
CONFIRM
VUPEN
SECTRACK
SECUNIA
hp -- openvms
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors. 2010-07-022.1 CVE-2010-2612
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
SECUNIA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top