U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-319)

Vulnerability Summary for the Week of November 8, 2010

Original release date: November 15, 2010 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- shockwave_player
Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player 11.5.9.615 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-11-05 9.3 CVE-2010-4092
XF
BID
SECUNIA
OSVDB
adobe -- flash_player
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. 2010-11-07 9.3 CVE-2010-3636
CONFIRM
adobe -- flash_player
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. 2010-11-07 9.3 CVE-2010-3637
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. 2010-11-07 9.3 CVE-2010-3639
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3640
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3641
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3642
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3643
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3644
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3645
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3646
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3647
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3648
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3649
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. 2010-11-07 9.3 CVE-2010-3650
CONFIRM
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. 2010-11-07 9.3 CVE-2010-3652
CONFIRM
adobe -- acrobat_reader
The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. 2010-11-07 9.3 CVE-2010-4091
XF
VUPEN
BID
EXPLOIT-DB
SECUNIA
OSVDB
MISC
MISC
FULLDISC
adobe -- flash_media_server
Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability." 2010-11-09 10.0 CVE-2010-3635
CONFIRM
apple -- cups
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. 2010-11-05 7.9 CVE-2010-2941
CONFIRM
XF
VUPEN
BID
OSVDB
SECTRACK
REDHAT
cisco -- intelligent_contact_manager
Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. 2010-11-09 10.0 CVE-2010-3040
MISC
MISC
MISC
MISC
VUPEN
BID
CONFIRM
SECTRACK
SECUNIA
energine -- energine
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie. 2010-11-05 7.5 CVE-2010-4185
BUGTRAQ
EXPLOIT-DB
SECUNIA
google -- chrome
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. 2010-11-05 9.3 CVE-2010-4197
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 7.0.517.44 does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. 2010-11-05 9.3 CVE-2010-4198
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. 2010-11-05 9.3 CVE-2010-4199
CONFIRM
CONFIRM
google -- chrome
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections. 2010-11-05 9.3 CVE-2010-4201
CONFIRM
CONFIRM
google -- chrome
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. 2010-11-05 9.3 CVE-2010-4202
CONFIRM
CONFIRM
google -- chrome
WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2010-11-05 9.3 CVE-2010-4203
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 7.0.517.44 accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2010-11-05 9.3 CVE-2010-4204
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2010-11-05 9.3 CVE-2010-4205
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds array index during processing of an SVG document, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2010-11-05 9.3 CVE-2010-4206
CONFIRM
CONFIRM
ibm -- enovia
Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet." 2010-11-09 10.0 CVE-2010-4218
VUPEN
AIXAPAR
CONFIRM
justsystems -- ichitaro
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916. 2010-11-05 9.3 CVE-2010-3915
XF
VUPEN
MISC
BID
CONFIRM
MISC
SECUNIA
OSVDB
JVNDB
JVN
justsystems -- ichitaro
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915. 2010-11-05 9.3 CVE-2010-3916
VUPEN
BID
CONFIRM
MISC
SECUNIA
OSVDB
JVNDB
JVN
microsoft -- ie
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue, as exploited in the wild in November 2010. 2010-11-05 9.3 CVE-2010-3962
CERT-VN
XF
VUPEN
MISC
SECTRACK
CONFIRM
EXPLOIT-DB
EXPLOIT-DB
SECUNIA
CONFIRM
microsoft -- powerpoint
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." 2010-11-09 9.3 CVE-2010-2572
MS
microsoft -- office
Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." 2010-11-09 9.3 CVE-2010-2573
MS
microsoft -- office
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." 2010-11-09 9.3 CVE-2010-3333
MS
microsoft -- office
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." 2010-11-09 9.3 CVE-2010-3334
MS
microsoft -- office
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." 2010-11-09 9.3 CVE-2010-3335
MS
microsoft -- office
Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." 2010-11-09 9.3 CVE-2010-3336
MS
microsoft -- office
Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. 2010-11-09 9.3 CVE-2010-3337
MS
nullsoft -- winamp
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream. 2010-11-05 9.3 CVE-2010-1523
BUGTRAQ
MISC
CONFIRM
onlinetechtools.com -- oasys_professional
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. 2010-11-05 7.5 CVE-2010-4186
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
proftpd -- proftpd
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. 2010-11-09 7.1 CVE-2010-3867
VUPEN
BID
CONFIRM
MLIST
SLACKWARE
SECUNIA
SECUNIA
CONFIRM
proftpd -- proftpd
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. 2010-11-09 10.0 CVE-2010-4221
MISC
BID
CONFIRM
SECUNIA
CONFIRM
turbogears -- turbogears2
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. 2010-11-05 7.5 CVE-2009-5014
MLIST
turbogears -- turbogears2
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. 2010-11-05 7.5 CVE-2009-5015
MLIST
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- flash_player
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. 2010-11-07 4.3 CVE-2010-3638
CONFIRM
adobe -- flash_media_server
Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors. 2010-11-09 5.0 CVE-2010-3633
CONFIRM
adobe -- flash_media_server
Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors. 2010-11-09 5.0 CVE-2010-3634
CONFIRM
apache -- shiro
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. 2010-11-05 5.0 CVE-2010-3863
XF
VUPEN
BID
BUGTRAQ
SECUNIA
OSVDB
FULLDISC
apple -- cups
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. 2010-11-05 6.8 CVE-2010-3702
CONFIRM
BID
MISC
CONFIRM
UBUNTU
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
DEBIAN
FEDORA
FEDORA
FEDORA
bankofamerica -- bank_of_america
The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. 2010-11-08 4.3 CVE-2010-4213
MISC
MISC
MISC
banshee-project -- banshee
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2010-11-05 6.9 CVE-2010-3998
CONFIRM
cisco -- unified_communications_manager
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. 2010-11-09 6.8 CVE-2010-3039
VUPEN
BID
MISC
CONFIRM
SECUNIA
FULLDISC
cstr -- festival
festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2010-11-05 6.9 CVE-2010-3996
CONFIRM
BID
MLIST
foolabs -- xpdf
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. 2010-11-05 6.8 CVE-2010-3704
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
DEBIAN
FEDORA
FEDORA
FEDORA
gnome -- gnome-shell
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2010-11-05 6.9 CVE-2010-4000
CONFIRM
gnome -- tomboy
The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. 2010-11-05 6.9 CVE-2010-4005
CONFIRM
gnucash -- gnucash
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2010-11-05 6.9 CVE-2010-3999
CONFIRM
VUPEN
BID
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
google -- chrome
Google Chrome before 7.0.517.44 reads from invalid memory locations during processing of XPath expressions, which allows remote attackers to cause a denial of service via unspecified vectors. 2010-11-05 4.3 CVE-2010-4200
CONFIRM
CONFIRM
gromacs -- gromacs
** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script. 2010-11-05 4.6 CVE-2010-4001
MISC
horde -- horde_application_framework
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. 2010-11-09 4.3 CVE-2010-3077
FULLDISC
MLIST
CONFIRM
CONFIRM
horde -- horde_application_framework
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. 2010-11-09 6.8 CVE-2010-3694
MLIST
CONFIRM
htmlpurifier -- htmlpurifier
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479. 2010-11-05 4.3 CVE-2010-4183
CONFIRM
CONFIRM
ibm -- websphere_application_server
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-11-09 4.3 CVE-2010-0783
XF
OSVDB
CONFIRM
CONFIRM
SECTRACK
SECUNIA
SECUNIA
ibm -- websphere_application_server
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-11-09 4.3 CVE-2010-0784
XF
VUPEN
BID
CONFIRM
CONFIRM
AIXAPAR
SECUNIA
ibm -- websphere_application_server
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2010-11-09 6.0 CVE-2010-0785
XF
VUPEN
BID
CONFIRM
AIXAPAR
AIXAPAR
SECUNIA
ibm -- websphere_application_server
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. 2010-11-09 5.0 CVE-2010-0786
XF
CONFIRM
ibm -- websphere_commerce
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." 2010-11-09 6.5 CVE-2010-2635
XF
ibm -- websphere_commerce
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. 2010-11-09 4.3 CVE-2010-2636
XF
ibm -- tivoli_directory_server
IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address. 2010-11-09 5.0 CVE-2010-4216
XF
VUPEN
BID
AIXAPAR
SECUNIA
ibm -- tivoli_directory_server
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. 2010-11-09 5.0 CVE-2010-4217
VUPEN
VUPEN
BID
OSVDB
AIXAPAR
AIXAPAR
SECTRACK
SECUNIA
ibm -- websphere_portal
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. 2010-11-09 4.3 CVE-2010-4219
VUPEN
AIXAPAR
ibm -- websphere_application_server
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." 2010-11-09 4.3 CVE-2010-4220
CONFIRM
AIXAPAR
SECUNIA
mahara -- mahara
Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. 2010-11-09 4.3 CVE-2010-3871
XF
BID
CONFIRM
SECUNIA
microsoft -- forefront_unified_access_gateway
Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." 2010-11-09 5.8 CVE-2010-2732
MS
microsoft -- forefront_unified_access_gateway
Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." 2010-11-09 4.3 CVE-2010-2733
MS
microsoft -- forefront_unified_access_gateway
Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." 2010-11-09 4.3 CVE-2010-2734
MS
microsoft -- forefront_unified_access_gateway
Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." 2010-11-09 4.3 CVE-2010-3936
MS
mozilla -- bugzilla
The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. 2010-11-05 5.0 CVE-2010-3764
CONFIRM
VUPEN
CONFIRM
netsupportsoftware -- netsupport_manager
NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. 2010-11-05 5.0 CVE-2010-4184
CERT-VN
XF
CONFIRM
nongnu -- cvs
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. 2010-11-05 6.9 CVE-2010-3846
CONFIRM
VUPEN
CONFIRM
XF
OSVDB
SECUNIA
FEDORA
php -- php
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. 2010-11-08 5.0 CVE-2010-3436
CONFIRM
CONFIRM
MANDRIVA
CONFIRM
php -- php
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. 2010-11-08 4.3 CVE-2010-3709
CONFIRM
CONFIRM
MANDRIVA
EXPLOIT-DB
SREASONRES
poppler -- poppler
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference. 2010-11-05 4.3 CVE-2010-3703
CONFIRM
UBUNTU
MLIST
FEDORA
FEDORA
FEDORA
CONFIRM
proftpd -- proftpd
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. 2010-11-09 4.0 CVE-2008-7265
CONFIRM
pythonpaste -- paste
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. 2010-11-05 4.3 CVE-2010-2477
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
redhat -- luci
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. 2010-11-05 6.4 CVE-2010-3852
CONFIRM
XF
VUPEN
VUPEN
BID
SECUNIA
SECUNIA
OSVDB
FEDORA
FEDORA
FEDORA
CONFIRM
scottmac -- libmbfl
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). 2010-11-09 5.0 CVE-2010-4156
MLIST
MLIST
MISC
MISC
BID
SECUNIA
transware -- active!_mail
CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. 2010-11-05 4.3 CVE-2010-3913
CONFIRM
OSVDB
SECUNIA
JVNDB
JVN
usaa -- usaa
The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. 2010-11-08 4.3 CVE-2010-4212
MISC
MISC
MISC
wellsfargo -- wells_fargo_mobile
The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. 2010-11-08 4.3 CVE-2010-4214
MISC
MISC
MISC
yahoo -- yui
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. 2010-11-07 4.3 CVE-2010-4207
CONFIRM
VUPEN
MLIST
CONFIRM
SECUNIA
CONFIRM
yahoo -- yui
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. 2010-11-07 4.3 CVE-2010-4208
CONFIRM
VUPEN
MLIST
CONFIRM
SECUNIA
CONFIRM
yahoo -- yui
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. 2010-11-07 4.3 CVE-2010-4209
CONFIRM
VUPEN
MLIST
CONFIRM
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
ebay -- paypal
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. 2010-11-082.9 CVE-2010-4211
XF
VUPEN
BID
MISC
MISC
MISC
MISC
MISC
mozilla -- bugzilla
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. 2010-11-052.6 CVE-2010-3172
CONFIRM
VUPEN
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top