U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-326)

Vulnerability Summary for the Week of November 15, 2010

Original release date: November 22, 2010 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
LANdesk gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack. 2010-11-15 8.5 CVE-2010-2892
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
MISC
SECTRACK
SECUNIA
CONFIRM
accimoveis -- descargarvista_acc_imoveis
SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-11-16 7.5 CVE-2010-4273
XF
BID
EXPLOIT-DB
MISC
apple -- mac_os_x
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. 2010-11-15 7.5 CVE-2010-1378
CONFIRM
APPLE
apple -- mac_os_x
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. 2010-11-15 7.5 CVE-2010-1840
CONFIRM
APPLE
apple -- mac_os_x
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image. 2010-11-15 9.3 CVE-2010-1841
CONFIRM
APPLE
apple -- mac_os_x
Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation. 2010-11-15 9.3 CVE-2010-1842
CONFIRM
APPLE
apple -- mac_os_x
Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet. 2010-11-16 7.8 CVE-2010-1843
CONFIRM
APPLE
apple -- mac_os_x
Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. 2010-11-16 7.1 CVE-2010-1844
CONFIRM
APPLE
camtron -- cmnc-200_firmware
Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method. 2010-11-16 9.3 CVE-2010-4230
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmware
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. 2010-11-16 7.8 CVE-2010-4231
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmware
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. 2010-11-16 10.0 CVE-2010-4232
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmware
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface. 2010-11-16 10.0 CVE-2010-4233
MISC
BUGTRAQ
EXPLOIT-DB
camtron -- cmnc-200_firmware
The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval. 2010-11-16 7.8 CVE-2010-4234
MISC
BUGTRAQ
EXPLOIT-DB
hp -- 9000
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. 2010-11-17 7.8 CVE-2010-4107
XF
VUPEN
HP
HP
SECTRACK
SECUNIA
ibm -- omnifind
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password. 2010-11-12 9.3 CVE-2010-3894
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
ibm -- omnifind
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. 2010-11-12 7.2 CVE-2010-3895
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
MISC
ibm -- omnifind
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. 2010-11-12 7.5 CVE-2010-3896
VUPEN
BID
BUGTRAQ
MISC
impresscms -- impresscms
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2010-11-16 7.5 CVE-2010-4271
BID
CONFIRM
SECUNIA
OSVDB
o-dyn -- collabtive
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action. 2010-11-16 7.5 CVE-2010-4269
XF
EXPLOIT-DB
MISC
openssl -- openssl
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. 2010-11-17 7.6 CVE-2010-3864
CONFIRM
SECTRACK
CONFIRM
REDHAT
SECUNIA
pulseinfotech -- com_flipwall
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. 2010-11-16 7.5 CVE-2010-4268
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
pulseinfotech -- com_sponsorwall
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. 2010-11-16 7.5 CVE-2010-4272
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- mac_os_x
Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume. 2010-11-15 4.3 CVE-2010-1803
CONFIRM
APPLE
apple -- mac_os_x
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets. 2010-11-15 5.0 CVE-2010-1828
CONFIRM
APPLE
apple -- mac_os_x
Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share. 2010-11-15 6.0 CVE-2010-1829
CONFIRM
APPLE
apple -- mac_os_x
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors. 2010-11-15 5.0 CVE-2010-1830
CONFIRM
APPLE
apple -- mac_os_x
Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document. 2010-11-15 6.8 CVE-2010-1831
CONFIRM
APPLE
apple -- mac_os_x
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document. 2010-11-15 6.8 CVE-2010-1832
CONFIRM
APPLE
apple -- mac_os_x
Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document. 2010-11-15 6.8 CVE-2010-1833
CONFIRM
APPLE
apple -- mac_os_x
CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address. 2010-11-15 5.8 CVE-2010-1834
CONFIRM
APPLE
apple -- mac_os_x
Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. 2010-11-15 6.8 CVE-2010-1836
CONFIRM
APPLE
apple -- mac_os_x
CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document. 2010-11-15 6.8 CVE-2010-1837
CONFIRM
APPLE
apple -- mac_os_x
Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. 2010-11-15 4.4 CVE-2010-1838
CONFIRM
APPLE
apple -- mac_os_x
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. 2010-11-16 6.8 CVE-2010-1845
CONFIRM
APPLE
apple -- mac_os_x
Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image. 2010-11-16 6.8 CVE-2010-1846
CONFIRM
APPLE
apple -- mac_os_x
The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors. 2010-11-16 4.9 CVE-2010-1847
CONFIRM
APPLE
apple -- mac_os_x_server
Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. 2010-11-16 6.8 CVE-2010-3783
CONFIRM
APPLE
apple -- mac_os_x
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. 2010-11-16 5.0 CVE-2010-3784
CONFIRM
APPLE
apple -- mac_os_x
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. 2010-11-16 6.8 CVE-2010-3785
CONFIRM
APPLE
apple -- mac_os_x
QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file. 2010-11-16 6.8 CVE-2010-3786
CONFIRM
APPLE
apple -- mac_os_x
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. 2010-11-16 6.8 CVE-2010-3787
CONFIRM
APPLE
apple -- quicktime
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. 2010-11-16 6.8 CVE-2010-3788
CONFIRM
APPLE
apple -- quicktime
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file. 2010-11-16 6.8 CVE-2010-3789
CONFIRM
APPLE
apple -- quicktime
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. 2010-11-16 6.8 CVE-2010-3790
CONFIRM
APPLE
apple -- quicktime
Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. 2010-11-16 6.8 CVE-2010-3791
CONFIRM
APPLE
apple -- quicktime
Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. 2010-11-16 6.8 CVE-2010-3792
CONFIRM
APPLE
apple -- quicktime
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file. 2010-11-16 6.8 CVE-2010-3793
CONFIRM
APPLE
apple -- mac_os_x
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. 2010-11-16 6.8 CVE-2010-3794
CONFIRM
APPLE
apple -- mac_os_x
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. 2010-11-16 6.8 CVE-2010-3795
CONFIRM
APPLE
apple -- mac_os_x
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. 2010-11-16 4.3 CVE-2010-3796
CONFIRM
APPLE
apple -- mac_os_x
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive. 2010-11-16 6.8 CVE-2010-3798
CONFIRM
APPLE
apple -- mac_os_x
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. 2010-11-16 6.8 CVE-2010-4010
CONFIRM
XF
APPLE
apple -- safari
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. 2010-11-16 4.3 CVE-2010-4008
SECUNIA
SECUNIA
MLIST
CONFIRM
CONFIRM
MISC
apple -- mac_os_x_server
Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." 2010-11-16 4.0 CVE-2010-4011
CONFIRM
APPLE
foswiki -- foswiki
UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. 2010-11-16 6.5 CVE-2010-4215
CONFIRM
XF
BID
MLIST
SECUNIA
ibm -- websphere_mq
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. 2010-11-12 4.3 CVE-2010-2637
XF
CONFIRM
CONFIRM
ibm -- omnifind
Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. 2010-11-12 4.3 CVE-2010-3890
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifind
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. 2010-11-12 6.8 CVE-2010-3891
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
ibm -- omnifind
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. 2010-11-12 4.3 CVE-2010-3892
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifind
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. 2010-11-12 6.8 CVE-2010-3893
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifind
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. 2010-11-12 5.0 CVE-2010-3897
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifind
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. 2010-11-12 5.0 CVE-2010-3898
VUPEN
BID
BUGTRAQ
MISC
ibm -- omnifind
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. 2010-11-12 5.0 CVE-2010-3899
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
ibm -- omnifind
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. 2010-11-12 4.6 CVE-2010-4236
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
MISC
ibm -- websphere_mq
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. 2010-11-15 4.0 CVE-2010-2638
XF
ibm -- director_agent
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. 2010-11-16 4.4 CVE-2010-4274
XF
VUPEN
BID
AIXAPAR
SECTRACK
SECUNIA
mozilla -- firefox
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. 2010-11-12 4.3 CVE-2009-5017
CONFIRM
CONFIRM
MISC
CONFIRM
netshinesoftware -- com_netinvoice
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. 2010-11-16 5.0 CVE-2010-4270
CONFIRM
BID
CONFIRM
SECUNIA
OSVDB
novell -- mono
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2010-11-17 6.9 CVE-2010-4159
CONFIRM
MLIST
CONFIRM
BID
CONFIRM
SECUNIA
MLIST
MLIST
MLIST
openttd -- openttd
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp. 2010-11-17 5.0 CVE-2010-4168
CONFIRM
CONFIRM
VUPEN
CONFIRM
MLIST
MLIST
php -- php
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. 2010-11-12 6.8 CVE-2010-3870
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MANDRIVA
MISC
MISC
MISC
MISC
CONFIRM
MISC
php -- php
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. 2010-11-12 6.8 CVE-2009-5016
MISC
MISC
CONFIRM
redhat -- certificate_system
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. 2010-11-17 5.8 CVE-2010-3868
CONFIRM
REDHAT
REDHAT
CONFIRM
OSVDB
SECTRACK
SECUNIA
redhat -- certificate_system
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN. 2010-11-17 4.0 CVE-2010-3869
CONFIRM
REDHAT
REDHAT
CONFIRM
OSVDB
SECTRACK
SECUNIA
spreecommerce -- spree
Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue. 2010-11-17 5.0 CVE-2010-3978
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISC
MISC
MISC
CONFIRM
symantec -- mobile_security
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. 2010-11-15 6.0 CVE-2010-0113
CONFIRM
BID
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- mac_os_x_server
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2010-11-163.5 CVE-2010-3797
CONFIRM
APPLE
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top