U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB11-038)

Vulnerability Summary for the Week of January 31, 2011

Original release date: February 07, 2011 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
automatedsolutions -- modbus/tcp_master_opc_server
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field. 2011-01-28 7.6 CVE-2010-4709
CERT-VN
VUPEN
MISC
BID
EXPLOIT-DB
SECUNIA
CONFIRM
cisco -- ios
Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth17178, a different vulnerability than CVE-2011-0350. 2011-01-28 7.8 CVE-2011-0349
XF
VUPEN
BID
CISCO
SECTRACK
SECUNIA
OSVDB
cisco -- ios
Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth41891, a different vulnerability than CVE-2011-0349. 2011-01-28 7.8 CVE-2011-0350
XF
VUPEN
BID
CISCO
SECTRACK
SECUNIA
OSVDB
cisco -- webex_advanced_recording_format_player
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044. 2011-02-02 9.3 CVE-2010-3041
XF
BID
MISC
CISCO
CONFIRM
SECTRACK
cisco -- webex_advanced_recording_format_player
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044. 2011-02-02 9.3 CVE-2010-3042
CISCO
CONFIRM
XF
BID
SECTRACK
cisco -- webex_advanced_recording_format_player
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044. 2011-02-02 9.3 CVE-2010-3043
XF
BID
CISCO
CONFIRM
SECTRACK
cisco -- webex_advanced_recording_format_player
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043. 2011-02-02 9.3 CVE-2010-3044
CISCO
CONFIRM
XF
BID
MISC
SECTRACK
cisco -- webex_advanced_recording_format_player
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism. 2011-02-02 9.3 CVE-2010-3269
MISC
CISCO
CONFIRM
XF
VUPEN
BID
BUGTRAQ
SECTRACK
cisco -- tandberg_endpoint
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. 2011-02-03 10.0 CVE-2011-0354
CERT-VN
BID
EXPLOIT-DB
CISCO
CONFIRM
SECTRACK
SECUNIA
harmistechnology -- com_jeauto
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page. 2011-02-01 7.5 CVE-2010-4720
BID
CONFIRM
SECUNIA
OSVDB
hp -- openview_storage_data_protector
Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to cause a denial of service via unknown vectors. 2011-01-28 7.1 CVE-2011-0275
XF
VUPEN
BID
SECTRACK
SECUNIA
OSVDB
HP
HP
hp -- openview_performance_insight
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class. 2011-02-01 10.0 CVE-2011-0276
XF
MISC
VUPEN
SECTRACK
BID
BUGTRAQ
SECUNIA
HP
HP
ibm -- db2
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. 2011-02-01 7.5 CVE-2011-0731
BID
OSVDB
AIXAPAR
AIXAPAR
AIXAPAR
SECUNIA
ibm -- tivoli_common_reporting
Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs." 2011-02-01 10.0 CVE-2011-0732
AIXAPAR
SECUNIA
icon-labs -- iconfidant_ssl_server
Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value. 2011-01-28 7.5 CVE-2011-0651
XF
MISC
BID
SECUNIA
OSVDB
isc -- dhcp
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address. 2011-01-31 7.8 CVE-2011-0413
CERT-VN
XF
VUPEN
VUPEN
BID
OSVDB
CONFIRM
SECTRACK
SECUNIA
SECUNIA
SECUNIA
FEDORA
maradns -- maradns
The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow. 2011-01-28 7.5 CVE-2011-0520
XF
BID
MLIST
MLIST
SECUNIA
OSVDB
CONFIRM
mediawiki -- mediawiki
Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function. 2011-02-03 7.5 CVE-2011-0537
MLIST
MISC
CONFIRM
VUPEN
MLIST
MLIST
mhproducts -- immo_makler
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter. 2011-02-01 7.5 CVE-2010-4721
OSVDB
EXPLOIT-DB
SECUNIA
modxcms -- evolution
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. 2011-02-01 7.5 CVE-2010-3929
XF
CONFIRM
JVNDB
JVN
mozilla -- bugzilla
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function. 2011-01-28 7.5 CVE-2010-4568
CONFIRM
CONFIRM
CONFIRM
XF
VUPEN
BID
CONFIRM
SECUNIA
OSVDB
novell -- groupwise
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message. 2011-01-28 10.0 CVE-2010-4325
CONFIRM
XF
MISC
VUPEN
BID
BUGTRAQ
CONFIRM
SECUNIA
OSVDB
novell -- groupwise
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message. 2011-01-28 10.0 CVE-2010-4326
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
XF
MISC
VUPEN
BID
CONFIRM
CONFIRM
novell -- groupwise
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. 2011-01-28 9.0 CVE-2010-2777
CONFIRM
MISC
CONFIRM
novell -- groupwise
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command. 2011-01-31 7.5 CVE-2010-4711
CONFIRM
MISC
CONFIRM
CONFIRM
novell -- groupwise
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data. 2011-01-31 10.0 CVE-2010-4712
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
novell -- groupwise
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header. 2011-01-31 10.0 CVE-2010-4713
CONFIRM
MISC
CONFIRM
CONFIRM
novell -- groupwise
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent. 2011-01-31 10.0 CVE-2010-4714
CONFIRM
MISC
CONFIRM
CONFIRM
novell -- zenworks_handheld_management
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400. 2011-02-01 10.0 CVE-2011-0742
XF
MISC
VUPEN
SECTRACK
BID
BUGTRAQ
CONFIRM
MISC
SECUNIA
OSVDB
openvas -- openvas_manager
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). 2011-01-28 9.0 CVE-2011-0018
CONFIRM
XF
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
SECUNIA
OSVDB
opera -- opera_browser
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file. 2011-01-31 7.6 CVE-2011-0450
CONFIRM
CONFIRM
OSVDB
JVNDB
JVN
opera -- opera_browser
Opera before 11.01 does not properly handle large form inputs, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document. 2011-01-31 9.3 CVE-2011-0682
CONFIRM
CONFIRM
CONFIRM
CONFIRM
opera -- opera_browser
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation. 2011-01-31 7.8 CVE-2011-0684
CONFIRM
CONFIRM
CONFIRM
CONFIRM
OSVDB
plone -- plone
Unspecified vulnerability in Plone 2.5 through 4.0 allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. 2011-02-03 7.5 CVE-2011-0720
XF
BID
SECUNIA
CONFIRM
OSVDB
realnetworks -- realplayer
Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file. 2011-01-31 9.3 CVE-2010-4393
XF
MISC
VUPEN
BID
CONFIRM
SECTRACK
SECUNIA
OSVDB
smarty -- smarty
Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors. 2011-02-03 10.0 CVE-2009-5052
CONFIRM
smarty -- smarty
Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file. 2011-02-03 7.5 CVE-2009-5053
CONFIRM
smarty -- smarty
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations. 2011-02-03 7.5 CVE-2009-5054
CONFIRM
smarty -- smarty
Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors. 2011-02-03 10.0 CVE-2010-4722
CONFIRM
smarty -- smarty
Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors. 2011-02-03 9.3 CVE-2010-4723
CONFIRM
smarty -- smarty
Multiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors. 2011-02-03 10.0 CVE-2010-4724
CONFIRM
smarty -- smarty
Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors. 2011-02-03 10.0 CVE-2010-4725
CONFIRM
smarty -- smarty
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669. 2011-02-03 10.0 CVE-2010-4726
CONFIRM
smarty -- smarty
Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors. 2011-02-03 10.0 CVE-2010-4727
CONFIRM
sun -- openoffice.org
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files. 2011-01-28 9.3 CVE-2010-3450
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
REDHAT
REDHAT
CONFIRM
DEBIAN
UBUNTU
SECUNIA
SECUNIA
SECUNIA
SECUNIA
OSVDB
sun -- openoffice.org
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document. 2011-01-28 9.3 CVE-2010-3451
CONFIRM
XF
VUPEN
VUPEN
SECTRACK
BID
REDHAT
REDHAT
CONFIRM
DEBIAN
MISC
UBUNTU
SECUNIA
SECUNIA
SECUNIA
SECUNIA
OSVDB
sun -- openoffice.org
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document. 2011-01-28 9.3 CVE-2010-3452
CONFIRM
XF
VUPEN
VUPEN
SECTRACK
BID
REDHAT
REDHAT
CONFIRM
DEBIAN
MISC
UBUNTU
SECUNIA
SECUNIA
SECUNIA
SECUNIA
OSVDB
sun -- openoffice.org
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. 2011-01-28 9.3 CVE-2010-3453
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
REDHAT
REDHAT
CONFIRM
DEBIAN
MISC
UBUNTU
SECUNIA
SECUNIA
SECUNIA
SECUNIA
OSVDB
sun -- openoffice.org
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. 2011-01-28 9.3 CVE-2010-3454
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
REDHAT
REDHAT
CONFIRM
DEBIAN
MISC
UBUNTU
SECUNIA
SECUNIA
SECUNIA
SECUNIA
OSVDB
sun -- openoffice.org
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. 2011-01-28 9.3 CVE-2010-4253
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
REDHAT
CONFIRM
DEBIAN
UBUNTU
SECUNIA
SECUNIA
SECUNIA
OSVDB
sun -- openoffice.org
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. 2011-01-28 9.3 CVE-2010-4643
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
REDHAT
REDHAT
CONFIRM
DEBIAN
UBUNTU
SECUNIA
SECUNIA
SECUNIA
SECUNIA
symantec -- antivirus
Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service. 2011-01-31 9.3 CVE-2010-0110
XF
MISC
MISC
MISC
MISC
VUPEN
CONFIRM
BID
SECTRACK
SECUNIA
SECUNIA
symantec -- antivirus
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. 2011-01-31 9.3 CVE-2010-0111
XF
XF
MISC
VUPEN
CONFIRM
BID
SECTRACK
SECUNIA
SECUNIA
symantec -- antivirus
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information. 2011-01-31 9.3 CVE-2011-0688
XF
VUPEN
CONFIRM
BID
SECTRACK
SECUNIA
symantec -- im_manager
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method. 2011-02-01 8.5 CVE-2010-3719
XF
MISC
VUPEN
CONFIRM
BID
BUGTRAQ
SECUNIA
tibco -- enterprise_message_service
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), and (3) Rendezvous Secure Routing Daemon (rvsrd). 2011-02-03 7.2 CVE-2011-0649
CONFIRM
BID
SECUNIA
SECUNIA
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- coldfusion
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion, possibly before 9.0.1 CHF1, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. 2011-02-01 4.3 CVE-2011-0733
MISC
SECTRACK
FULLDISC
adobe -- coldfusion
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. 2011-02-01 4.3 CVE-2011-0734
MISC
SECTRACK
FULLDISC
adobe -- coldfusion
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." 2011-02-01 4.3 CVE-2011-0735
MISC
FULLDISC
adobe -- coldfusion
Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. 2011-02-01 4.3 CVE-2011-0736
MISC
FULLDISC
adobe -- coldfusion
Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. 2011-02-01 5.0 CVE-2011-0737
MISC
FULLDISC
apache -- couchdb
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-02-01 4.3 CVE-2010-3854
XF
VUPEN
SECTRACK
BID
BUGTRAQ
SECUNIA
OSVDB
MLIST
balabit -- syslog-ng
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. 2011-01-28 6.9 CVE-2011-0343
CONFIRM
BUGTRAQ
cisco -- ios
Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917. 2011-01-28 6.4 CVE-2011-0348
XF
VUPEN
BID
CISCO
SECTRACK
SECUNIA
OSVDB
cisco -- webex_meeting_center
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed. 2011-02-02 6.8 CVE-2010-3270
VUPEN
BID
BUGTRAQ
MISC
CONFIRM
SECTRACK
emc -- networker
librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands. 2011-02-01 6.4 CVE-2011-0321
XF
VUPEN
BID
OSVDB
SECTRACK
SECUNIA
CONFIRM
BUGTRAQ
exim -- exim
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. 2011-02-01 6.9 CVE-2011-0017
MLIST
XF
VUPEN
VUPEN
BID
DEBIAN
SECUNIA
SECUNIA
OSVDB
CONFIRM
fxwebdesign -- com_jradio
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. 2011-02-01 5.0 CVE-2010-4719
XF
BID
CONFIRM
EXPLOIT-DB
SECUNIA
MISC
globus -- globus_toolkit
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation. 2011-02-01 4.3 CVE-2011-0738
MLIST
XF
BID
SECUNIA
SECUNIA
OSVDB
FEDORA
FEDORA
MISC
google -- android
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service. 2011-01-31 5.0 CVE-2011-0680
MISC
CONFIRM
CONFIRM
MISC
CONFIRM
BID
MISC
MISC
MISC
MISC
MISC
greenbone -- security_assistant
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018. 2011-01-28 6.8 CVE-2011-0650
XF
BUGTRAQ
ibm -- websphere_portal
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." 2011-01-28 5.0 CVE-2011-0679
VUPEN
BID
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECUNIA
OSVDB
ibm -- db2
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. 2011-02-02 6.5 CVE-2011-0757
XF
BID
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
CONFIRM
CONFIRM
CONFIRM
SECUNIA
janrain -- janrain_engage_module
Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. 2011-02-03 6.8 CVE-2011-0771
BID
CONFIRM
XF
XF
SECUNIA
OSVDB
linux -- kernel
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value. 2011-02-02 6.9 CVE-2011-0521
MLIST
MLIST
CONFIRM
XF
BID
CONFIRM
SECUNIA
lockon -- ec-cube
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-02-03 4.3 CVE-2011-0451
CONFIRM
XF
BID
CONFIRM
SECUNIA
JVNDB
JVN
lomtec -- activeweb
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm. 2011-01-28 6.8 CVE-2011-0678
CERT-VN
VUPEN
BID
MISC
SECUNIA
OSVDB
lyften -- com_lyftenbloggie
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php. 2011-02-01 4.3 CVE-2010-4718
BID
SECUNIA
MISC
mediawiki -- mediawiki
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability." 2011-02-03 4.3 CVE-2011-0047
MLIST
CONFIRM
VUPEN
BID
SECUNIA
microsoft -- windows_2003_server
The MHTML implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer. 2011-01-31 4.3 CVE-2011-0096
CERT-VN
XF
VUPEN
SECTRACK
CONFIRM
EXPLOIT-DB
MISC
SECUNIA
OSVDB
CONFIRM
CONFIRM
mikel_lindsaar -- mail
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. 2011-02-01 6.8 CVE-2011-0739
MISC
CONFIRM
XF
VUPEN
BID
SECUNIA
OSVDB
mj2 -- majordomo_2
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. 2011-02-03 5.0 CVE-2011-0049
CONFIRM
CONFIRM
CONFIRM
MISC
XF
BID
BUGTRAQ
EXPLOIT-DB
SECUNIA
modxcms -- evolution
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427. 2011-02-01 5.0 CVE-2010-3930
CONFIRM
JVNDB
JVN
modxcms -- evolution
Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor. 2011-02-01 4.3 CVE-2011-0741
CONFIRM
mozilla -- bugzilla
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field. 2011-01-28 4.3 CVE-2010-4567
CONFIRM
XF
VUPEN
BID
CONFIRM
SECUNIA
OSVDB
mozilla -- bugzilla
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI. 2011-01-28 4.3 CVE-2010-4569
CONFIRM
MISC
MISC
VUPEN
BID
CONFIRM
OSVDB
mozilla -- bugzilla
Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI. 2011-01-28 4.3 CVE-2010-4570
CONFIRM
MISC
MISC
VUPEN
BID
CONFIRM
mozilla -- bugzilla
CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411. 2011-01-28 4.3 CVE-2010-4572
CONFIRM
VUPEN
BID
CONFIRM
SECUNIA
mozilla -- bugzilla
Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi. 2011-01-28 6.8 CVE-2011-0046
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
XF
VUPEN
BID
CONFIRM
SECUNIA
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
mozilla -- bugzilla
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI. 2011-01-28 4.3 CVE-2011-0048
CONFIRM
XF
VUPEN
BID
CONFIRM
SECUNIA
OSVDB
novell -- groupwise
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit." 2011-01-28 4.3 CVE-2010-2778
CONFIRM
MISC
CONFIRM
novell -- groupwise
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." 2011-01-28 4.3 CVE-2010-2779
CONFIRM
MISC
CONFIRM
novell -- groupwise
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information. 2011-01-31 5.0 CVE-2010-4715
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
novell -- groupwise
Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-01-31 4.3 CVE-2010-4716
CONFIRM
CONFIRM
CONFIRM
novell -- groupwise
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command. 2011-01-31 6.5 CVE-2010-4717
CONFIRM
MISC
CONFIRM
CONFIRM
opera -- opera_browser
The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL. 2011-01-31 4.3 CVE-2011-0681
CONFIRM
CONFIRM
CONFIRM
OSVDB
opera -- opera_browser
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. 2011-01-31 4.3 CVE-2011-0683
CONFIRM
CONFIRM
CONFIRM
CONFIRM
OSVDB
opera -- opera_browser
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru. 2011-01-31 5.0 CVE-2011-0686
CONFIRM
CONFIRM
CONFIRM
OSVDB
opera -- opera_browser
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document. 2011-01-31 4.3 CVE-2011-0687
CONFIRM
CONFIRM
CONFIRM
OSVDB
php -- php
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. 2011-02-02 5.0 CVE-2011-0752
CONFIRM
CONFIRM
CONFIRM
MLIST
php -- php
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals. 2011-02-02 4.3 CVE-2011-0753
CONFIRM
CONFIRM
php -- php
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. 2011-02-02 4.4 CVE-2011-0754
CONFIRM
CONFIRM
php -- php
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax. 2011-02-02 5.0 CVE-2011-0755
CONFIRM
CONFIRM
pivotx -- pivotx
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php. 2011-02-03 4.3 CVE-2011-0772
CONFIRM
XF
BID
BUGTRAQ
BUGTRAQ
OSVDB
OSVDB
MISC
MISC
SECUNIA
pivotx -- pivotx
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX 2.2.2 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the image parameter. 2011-02-03 4.3 CVE-2011-0773
CONFIRM
XF
BID
MISC
CONFIRM
SECUNIA
MISC
OSVDB
pivotx -- pivotx
PivotX 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message. 2011-02-03 5.0 CVE-2011-0774
CONFIRM
MISC
pivotx -- pivotx
pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2011-02-03 5.0 CVE-2011-0775
XF
SECUNIA
OSVDB
pleer -- rss_feed_reader
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. 2011-02-01 4.3 CVE-2011-0740
XF
BID
MISC
SECUNIA
OSVDB
postgresql -- postgresql
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. 2011-02-01 6.5 CVE-2010-4015
CONFIRM
XF
VUPEN
BID
CONFIRM
CONFIRM
SECUNIA
OSVDB
proftpd -- proftpd
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. 2011-02-01 6.8 CVE-2010-4652
CONFIRM
MISC
VUPEN
BID
CONFIRM
MISC
FEDORA
FEDORA
sun -- openoffice.org
soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2011-01-28 6.9 CVE-2010-3689
CONFIRM
VUPEN
VUPEN
SECTRACK
BID
REDHAT
CONFIRM
DEBIAN
UBUNTU
SECUNIA
SECUNIA
SECUNIA
OSVDB
tsugio_okamoto -- lha
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. 2011-02-03 6.8 CVE-2004-0694
REDHAT
REDHAT
yahoo -- yui
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. 2011-01-28 4.3 CVE-2010-4710
CONFIRM
MISC
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
looknstop -- look_'n'_stop_firewall
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information. 2011-01-282.1 CVE-2011-0652
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
opera -- opera_browser
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation. 2011-01-313.6 CVE-2011-0685
XF
CONFIRM
CONFIRM
CONFIRM
CONFIRM
OSVDB
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top