U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-270)

Vulnerability Summary for the Week of September 20, 2010

Original release date: September 27, 2010 | Last revised: November 06, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- ios The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. 2010-09-23 7.1 CVE-2010-2830
CISCO
boutikone -- boutikone
SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. 2010-09-22 7.5 CVE-2010-3479
XF
VUPEN
EXPLOIT-DB
MISC
bouzouste -- primitive_cms
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters. 2010-09-22 7.5 CVE-2010-3483
VUPEN
EXPLOIT-DB
SECUNIA
MISC
cisco -- ios
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759. 2010-09-23 7.8 CVE-2010-2828
CISCO
cisco -- ios
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567. 2010-09-23 7.8 CVE-2010-2829
CISCO
e-soft24 -- banner_exchange_script
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. 2010-09-22 7.5 CVE-2009-5003
XF
BID
EXPLOIT-DB
MISC
egroupware -- egroupware
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters. 2010-09-22 7.5 CVE-2010-3313
CONFIRM
MLIST
EXPLOIT-DB
DEBIAN
endonesia -- endonesia
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394. 2010-09-17 7.5 CVE-2010-3461
XF
EXPLOIT-DB
lightneasy -- lightneasy
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. 2010-09-22 7.5 CVE-2010-3484
VUPEN
BID
EXPLOIT-DB
SECUNIA
MISC
lightneasy -- lightneasy
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-09-22 7.5 CVE-2010-3485
SECUNIA
linux -- kernel
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. 2010-09-22 7.2 CVE-2010-3301
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
symphony-cms -- symphony_cms
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. 2010-09-17 7.5 CVE-2010-3458
XF
BID
EXPLOIT-DB
SECUNIA
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apphp -- php_microcms
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. 2010-09-22 6.8 CVE-2010-3480
XF
BID
EXPLOIT-DB
SECUNIA
SECUNIA
OSVDB
apphp -- php_microcms
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable. 2010-09-22 6.8 CVE-2010-3481
XF
BID
EXPLOIT-DB
VIM
SECUNIA
SECUNIA
OSVDB
apple -- mac_os_x
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. 2010-09-21 6.8 CVE-2010-1820
APPLE
BID
CONFIRM
arg0 -- encfs
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte. 2010-09-17 5.0 CVE-2010-3075
CONFIRM
VUPEN
MLIST
MLIST
MLIST
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
FULLDISC
atutor -- achecker
Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter. 2010-09-17 4.3 CVE-2010-3455
BUGTRAQ
MISC
SECUNIA
MISC
bouzouste -- primitive_cms
Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication. 2010-09-22 6.5 CVE-2010-3482
VUPEN
EXPLOIT-DB
MISC
digitalworkroom -- cms_digital_workroom
Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter. 2010-09-22 4.3 CVE-2010-3489
MISC
BID
OSVDB
SECUNIA
MISC
drupal -- drupal
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. 2010-09-21 5.5 CVE-2010-3092
CONFIRM
BID
DEBIAN
MLIST
MLIST
e-xoopport -- samsara
SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action. 2010-09-17 6.8 CVE-2010-3467
XF
EXPLOIT-DB
SECUNIA
MISC
ecommercesoft -- xse_shopping_cart
Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx. 2010-09-17 4.3 CVE-2010-3465
XF
SECUNIA
MISC
OSVDB
OSVDB
egroupware -- egroupware
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 2010-09-22 4.3 CVE-2010-3314
CONFIRM
MLIST
EXPLOIT-DB
DEBIAN
energyscripts -- simple_download
Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 2010-09-17 5.0 CVE-2010-3456
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
flock -- flock
Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. 2010-09-20 4.3 CVE-2010-3262
XF
BID
BUGTRAQ
CONFIRM
gecad -- axigen_mail_server
Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-09-17 4.3 CVE-2010-3459
VUPEN
CONFIRM
XF
BID
OSVDB
SECUNIA
gecad -- axigen_mail_server
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. 2010-09-17 5.0 CVE-2010-3460
VUPEN
CONFIRM
XF
BID
OSVDB
MISC
SECUNIA
MISC
houbysoft -- quickshare
Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL. 2010-09-22 5.0 CVE-2010-3488
XF
BID
MISC
SECUNIA
MISC
OSVDB
hp -- system_management_homepage
CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. 2010-09-17 5.0 CVE-2010-3011
HP
HP
SECUNIA
SECUNIA
hp -- system_management_homepage
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error. 2010-09-17 4.3 CVE-2010-3012
HP
HP
SECUNIA
SECUNIA
ibm -- filenet_p8_application_engine
The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. 2010-09-20 4.0 CVE-2006-7241
CONFIRM
ibm -- filenet_p8_application_engine
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. 2010-09-20 4.0 CVE-2006-7242
CONFIRM
ibm -- filenet_p8_application_engine
Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. 2010-09-20 4.3 CVE-2009-4999
AIXAPAR
CONFIRM
ibm -- filenet_p8_application_engine
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. 2010-09-20 4.3 CVE-2009-5000
CONFIRM
ibm -- filenet_p8_application_engine
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. 2010-09-20 4.0 CVE-2009-5001
CONFIRM
ibm -- filenet_p8_application_engine
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. 2010-09-20 6.4 CVE-2009-5002
AIXAPAR
CONFIRM
ibm -- filenet_p8_application_engine
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-09-20 4.3 CVE-2010-3470
VUPEN
BID
BID
AIXAPAR
SECUNIA
SECUNIA
CONFIRM
CONFIRM
ibm -- filenet_p8_application_engine
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. 2010-09-20 4.3 CVE-2010-3471
BID
SECUNIA
CONFIRM
ibm -- filenet_p8_application_engine
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-09-20 4.3 CVE-2010-3472
VUPEN
BID
AIXAPAR
SECUNIA
CONFIRM
ibm -- filenet_p8_application_engine
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2010-09-20 5.8 CVE-2010-3473
VUPEN
BID
AIXAPAR
SECUNIA
CONFIRM
ibm -- db2
IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. 2010-09-20 5.0 CVE-2010-3474
XF
VUPEN
SECTRACK
BID
CONFIRM
AIXAPAR
SECUNIA
OSVDB
ibm -- db2
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. 2010-09-20 4.0 CVE-2010-3475
XF
VUPEN
SECTRACK
BID
CONFIRM
AIXAPAR
SECUNIA
OSVDB
ibm -- websphere_application_server
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. 2010-09-21 4.0 CVE-2010-0781
XF
CONFIRM
linux -- kernel
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. 2010-09-21 4.9 CVE-2010-3067
CONFIRM
CONFIRM
CONFIRM
XF
linux -- kernel
Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. 2010-09-21 4.9 CVE-2010-3080
CONFIRM
CONFIRM
BID
MLIST
CONFIRM
CONFIRM
microsoft -- ie
The toStaticHTML function in Microsoft Internet Explorer 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, a different vulnerability than CVE-2010-1257. 2010-09-17 4.3 CVE-2010-3324
MISC
FULLDISC
microsoft -- word
MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. 2010-09-20 4.3 CVE-2010-3200
BUGTRAQ
microsoft -- .net_framework
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack. 2010-09-22 5.0 CVE-2010-3332
XF
VUPEN
MISC
MISC
BID
CONFIRM
MISC
MISC
CONFIRM
MISC
MISC
SECTRACK
SECUNIA
MISC
MISC
CONFIRM
mollify -- mollify
Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information. 2010-09-17 4.3 CVE-2010-3462
BID
MISC
SECUNIA
MISC
netartmedia -- iboutique.mall
Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information. 2010-09-17 4.3 CVE-2010-3466
XF
BID
SECUNIA
MISC
otrs -- otrs
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080. 2010-09-20 5.0 CVE-2010-3476
XF
BID
CONFIRM
SECUNIA
CONFIRM
santafox -- santafox
Cross-site scripting (XSS) vulnerability in modules/search/search.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the search parameter to search.html. 2010-09-17 4.3 CVE-2010-3463
BUGTRAQ
MISC
SECUNIA
MISC
santafox -- santafox
Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php. 2010-09-17 6.8 CVE-2010-3464
BUGTRAQ
MISC
SECUNIA
MISC
smartertools -- smartermail
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. 2010-09-22 5.0 CVE-2010-3486
XF
BID
EXPLOIT-DB
MISC
MISC
squid-cache -- squid
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. 2010-09-20 5.0 CVE-2010-3072
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
symphony-cms -- symphony_cms
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. 2010-09-17 4.3 CVE-2010-3457
XF
BID
EXPLOIT-DB
SECUNIA
MISC
yellosoft -- pinky
Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. 2010-09-22 5.0 CVE-2010-3487
OSVDB
MISC
SECUNIA
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
arg0 -- encfs
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. 2010-09-172.1 CVE-2010-3073
CONFIRM
VUPEN
MLIST
MLIST
MLIST
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
CONFIRM
FULLDISC
arg0 -- encfs
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack. 2010-09-172.1 CVE-2010-3074
CONFIRM
VUPEN
MLIST
MLIST
MLIST
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
FULLDISC
drupal -- drupal
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. 2010-09-213.5 CVE-2010-3093
CONFIRM
BID
DEBIAN
MLIST
MLIST
drupal -- drupal
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. 2010-09-212.1 CVE-2010-3094
CONFIRM
BID
DEBIAN
MLIST
MLIST
ibm -- filenet_p8_application_engine
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. 2010-09-202.1 CVE-2008-7261
CONFIRM
ibm -- filenet_p8_application_engine
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. 2010-09-202.6 CVE-2009-4998
AIXAPAR
CONFIRM
CONFIRM
linux -- kernel
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. 2010-09-212.1 CVE-2010-2942
CONFIRM
CONFIRM
CONFIRM
BID
MLIST
MLIST
CONFIRM
linux -- kernel
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. 2010-09-212.1 CVE-2010-3078
CONFIRM
BID
MLIST
MLIST
MLIST
CONFIRM
SECTRACK
SECUNIA
CONFIRM
linux -- kernel
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. 2010-09-212.1 CVE-2010-3477
CONFIRM
CONFIRM
otrs -- otrs
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2010-09-203.5 CVE-2010-2080
XF
BID
CONFIRM
SECUNIA
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top