U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-207)

Vulnerability Summary for the Week of July 19, 2010

Original release date: July 26, 2010 | Last revised: November 06, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
artifex -- afpl_ghostscript
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program. 2010-07-22 7.2 CVE-2010-2055
CONFIRM
CONFIRM
VUPEN
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OSVDB
SECUNIA
SECUNIA
SECUNIA
CONFIRM
FEDORA
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRM
atutor -- acollab
AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. 2010-07-22 7.5 CVE-2009-4945
BUGTRAQ
BUGTRAQ
MISC
ghostscript -- ghostscript
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. 2010-07-22 9.3 CVE-2009-4897
BID
CONFIRM
XF
UBUNTU
OSVDB
SECUNIA
CONFIRM
hp -- client_automation_enterprise_infrastructure
The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests. 2010-07-22 9.0 CVE-2010-1972
SECTRACK
SECUNIA
HP
HP
ibm -- soliddb
solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. 2010-07-22 10.0 CVE-2010-2771
MISC
BID
SECTRACK
MISC
interspire -- activekb
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. 2010-07-22 7.5 CVE-2009-4957
XF
BID
joachim_ruhs -- locator
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2010-07-22 7.5 CVE-2009-4949
CONFIRM
CONFIRM
SECUNIA
microsoft -- windows_2003_server
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. 2010-07-22 9.3 CVE-2010-2568
CERT-VN
BID
CONFIRM
MISC
MISC
SECTRACK
SECUNIA
MISC
MISC
MISC
q2solutions -- connx
SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. 2010-07-22 7.5 CVE-2009-4947
XF
BID
BUGTRAQ
MISC
SECUNIA
serge_gebhardt -- dir_listing
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. 2010-07-22 10.0 CVE-2009-4952
CONFIRM
spirate -- small_pirate
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. 2010-07-22 7.5 CVE-2009-4936
XF
BUGTRAQ
SECUNIA
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
thomas_hempel -- th_ultracards
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2010-07-22 7.5 CVE-2009-4955
CONFIRM
CONFIRM
tim_lochmueller_&_thomas_buss -- a21glossary_advanced_output
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2010-07-22 7.5 CVE-2009-4950
CONFIRM
CONFIRM
warphd -- com_jvideo
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. 2010-07-22 7.5 CVE-2009-4938
BID
webkit -- webkit
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. 2010-07-22 7.5 CVE-2010-1766
CONFIRM
CONFIRM
VUPEN
CONFIRM
SECUNIA
FEDORA
FEDORA
websedit -- sk_calendar
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2010-07-22 7.5 CVE-2009-4954
CONFIRM
CONFIRM
zeuscart -- zeuscart
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. 2010-07-22 7.5 CVE-2009-4940
MILW0RM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
atutor -- acollab
Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. 2010-07-22 4.3 CVE-2009-4941
XF
OSVDB
SECUNIA
MISC
atutor -- acollab
Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items. 2010-07-22 4.3 CVE-2009-4942
XF
SECUNIA
MISC
atutor -- acollab
Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-07-22 4.3 CVE-2009-4944
XF
OSVDB
OSVDB
SECUNIA
hans_olthoff -- alternet_csa_out
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. 2010-07-22 5.0 CVE-2009-4951
CONFIRM
hp -- virtual_connect_enterprise_manager
Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. 2010-07-22 4.3 CVE-2010-1969
HP
HP
VUPEN
SECTRACK
SECUNIA
hp -- openvms
Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors. 2010-07-22 6.8 CVE-2010-1973
HP
HP
SECTRACK
impactsoftcompany -- adpeeps
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action. 2010-07-22 4.3 CVE-2009-4939
XF
XF
BUGTRAQ
BUGTRAQ
SECUNIA
OSVDB
MISC
impactsoftcompany -- adpeeps
index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number. 2010-07-22 5.0 CVE-2009-4943
XF
BUGTRAQ
BUGTRAQ
MISC
joachim_ruhs -- locator
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-07-22 4.3 CVE-2009-4948
CONFIRM
CONFIRM
SECUNIA
siemens -- simatic_pcs_7
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. 2010-07-22 6.9 CVE-2010-2772
MISC
CONFIRM
MISC
MISC
MISC
MISC
spirate -- small_pirate
Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. 2010-07-22 4.3 CVE-2009-4937
XF
BUGTRAQ
SECUNIA
OSVDB
stefan_geith -- sg_userdata
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-07-22 4.3 CVE-2009-4953
CONFIRM
thetricky -- com_messaging
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-07-22 6.8 CVE-2009-4946
XF
BID
SECUNIA
OSVDB
vmware -- studio
VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors. 2010-07-22 4.4 CVE-2010-2427
CONFIRM
MLIST
XF
VUPEN
BID
BUGTRAQ
SECTRACK
SECUNIA
vmware -- studio
Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance. 2010-07-22 6.0 CVE-2010-2667
CONFIRM
MLIST
XF
VUPEN
BID
BUGTRAQ
SECTRACK
SECUNIA
wapplersystems -- ws_stats
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-07-22 4.3 CVE-2009-4956
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
gnu -- gv
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. 2010-07-223.3 CVE-2010-2056
CONFIRM
CONFIRM
VUPEN
OSVDB
SECUNIA
SECUNIA
FEDORA
FEDORA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top