U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-312)

Vulnerability Summary for the Week of November 1, 2010

Original release date: November 08, 2010 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
4site -- 4site_cms
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646. 2010-11-03 7.5 CVE-2010-4152
BID
BUGTRAQ
MISC
SECUNIA
adobe -- shockwave_player
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. 2010-10-29 9.3 CVE-2010-2581
CONFIRM
adobe -- shockwave_player
An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code. 2010-10-29 9.3 CVE-2010-2582
CONFIRM
adobe -- acrobat
Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.95.2 and earlier on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. 2010-10-29 9.3 CVE-2010-3654
CERT-VN
BID
CONFIRM
SECUNIA
MISC
adobe -- shockwave_player
Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors. 2010-10-29 9.3 CVE-2010-3655
CONFIRM
adobe -- shockwave_player
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. 2010-10-29 9.3 CVE-2010-4084
CONFIRM
adobe -- shockwave_player
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088. 2010-10-29 9.3 CVE-2010-4085
CONFIRM
adobe -- shockwave_player
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088. 2010-10-29 9.3 CVE-2010-4086
CONFIRM
adobe -- shockwave_player
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089. 2010-10-29 9.3 CVE-2010-4087
CONFIRM
adobe -- shockwave_player
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086. 2010-10-29 9.3 CVE-2010-4088
CONFIRM
adobe -- shockwave_player
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4087. 2010-10-29 9.3 CVE-2010-4089
CONFIRM
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2010-10-29 9.3 CVE-2010-4090
CONFIRM
anyconnect -- anyconnect
Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. 2010-11-01 9.3 CVE-2010-4148
XF
BID
OSVDB
MISC
SECUNIA
MISC
BUGTRAQ
aspindir -- kisisel_radyo_script
SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. 2010-11-01 7.5 CVE-2010-4144
XF
BID
EXPLOIT-DB
SECUNIA
MISC
avactis -- avactis_shopping_cart
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php. 2010-11-01 7.5 CVE-2010-4147
XF
CONFIRM
BID
OSVDB
OSVDB
SECUNIA
MISC
cisco -- ciscoworks_common_services
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. 2010-10-29 10.0 CVE-2010-3036
BID
CISCO
VUPEN
SECTRACK
SECUNIA
crossftp -- crossftp_pro
Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. 2010-11-03 9.3 CVE-2010-4153
XF
BID
OSVDB
MISC
SECUNIA
freshwebmaster -- fresh_ftp
Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. 2010-11-01 9.3 CVE-2010-4149
XF
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
MISC
hp -- insight_control_performance_management
Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors. 2010-11-01 8.0 CVE-2010-4031
VUPEN
HP
HP
realflex -- realwin
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests. 2010-11-01 10.0 CVE-2010-4142
BID
EXPLOIT-DB
EXPLOIT-DB
SECUNIA
MISC
rhinosoft -- ftp_voyager
Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. 2010-11-03 9.3 CVE-2010-4154
XF
BID
OSVDB
MISC
SECUNIA
MISC
BUGTRAQ
sonicwall -- ssl-vpn_end-point_interrogator/installer_activex_control
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. 2010-11-03 9.3 CVE-2010-2583
XF
SECTRACK
BID
BUGTRAQ
CONFIRM
MISC
SECUNIA
vim -- gvim
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. 2010-11-03 9.3 CVE-2010-3914
JVN
CONFIRM
BID
SECUNIA
JVNDB
wsn -- links
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. 2010-11-03 7.5 CVE-2010-4006
MISC
BID
BUGTRAQ
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
acegisecurity -- acegi-security
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. 2010-10-29 5.0 CVE-2010-3700
MISC
BID
BUGTRAQ
aspindir -- kisisel_radyo_script
Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. 2010-11-01 5.0 CVE-2010-4145
EXPLOIT-DB
SECUNIA
MISC
attachmate -- reflection_for_the_web
Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-11-01 4.3 CVE-2010-4146
XF
BID
CONFIRM
SECUNIA
OSVDB
deliciousdays -- cforms
Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. 2010-11-03 4.3 CVE-2010-3977
BID
BUGTRAQ
MISC
SECUNIA
deluxebb -- deluxebb
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033. 2010-11-03 6.8 CVE-2010-4151
XF
CONFIRM
BID
BUGTRAQ
MISC
SECUNIA
MISC
exv2 -- exv2
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. 2010-11-03 4.3 CVE-2010-4155
XF
MISC
BID
MISC
hp -- insight_control_performance_management
Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-11-01 4.3 CVE-2010-4030
VUPEN
HP
HP
hp -- insight_control_performance_management
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2010-11-01 6.8 CVE-2010-4032
VUPEN
HP
HP
hp -- insight_control_performance_management
Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors. 2010-11-01 5.0 CVE-2010-4100
VUPEN
HP
HP
hp -- insight_recovery
Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-11-01 4.3 CVE-2010-4101
VUPEN
BID
HP
HP
SECUNIA
hp -- insight_recovery
Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors. 2010-11-01 5.0 CVE-2010-4102
VUPEN
BID
HP
HP
SECUNIA
hp -- insight_managed_system_setup_wizard
Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. 2010-11-01 5.0 CVE-2010-4103
XF
VUPEN
BID
HP
HP
SECUNIA
hp -- insight_orchestration
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. 2010-11-01 5.0 CVE-2010-4104
VUPEN
BID
HP
HP
SECUNIA
hp -- insight_orchestration
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors. 2010-11-01 6.4 CVE-2010-4105
VUPEN
BID
HP
HP
SECUNIA
hp -- insight_control_for_linux
Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2010-11-01 6.8 CVE-2010-4106
XF
VUPEN
BID
HP
HP
SECUNIA
phpcheckz -- phpcheckz
SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-11-01 6.8 CVE-2010-4143
EXPLOIT-DB
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top