U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB11-052)

Vulnerability Summary for the Week of February 14, 2011

Original release date: February 21, 2011 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
aretimes -- com_maianmedia
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php. 2011-02-15 7.5 CVE-2010-4739
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
djangoproject -- django
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. 2011-02-14 7.5 CVE-2011-0698
CONFIRM
MLIST
ecommercemax -- digital-goods_seller
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter. 2011-02-15 7.5 CVE-2010-4735
BID
EXPLOIT-DB
SECUNIA
OSVDB
gatesoft -- docusafe
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information. 2011-02-15 7.5 CVE-2010-4736
BID
EXPLOIT-DB
SECUNIA
MISC
hotwebscripts -- hotweb_rentals
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. 2011-02-15 7.5 CVE-2010-4737
BID
EXPLOIT-DB
SECUNIA
MISC
ibm -- informix_dynamic_server
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. 2011-02-14 9.3 CVE-2011-1033
MISC
XF
VUPEN
BID
BUGTRAQ
SECUNIA
MISC
intellicom -- netbiter_easyconnect_ec150
cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463. 2011-02-14 9.0 CVE-2010-4732
MISC
CERT-VN
BUGTRAQ
intellicom -- netbiter_easyconnect_ec150
WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463. 2011-02-14 10.0 CVE-2010-4733
MISC
BUGTRAQ
microsoft -- windows_2003_server
Heap-based buffer overflow in Mrxsmb.sys in Microsoft Windows Server 2003 Active Directory allows remote attackers to execute arbitrary code via a crafted BROWSER ELECTION request. 2011-02-15 10.0 CVE-2011-0654
BID
EXPLOIT-DB
FULLDISC
raemedia -- real_estate_single_and_multi_agent_system
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System. 2011-02-15 7.5 CVE-2010-4738
BID
BID
SECUNIA
MISC
OSVDB
OSVDB
scadaengine -- bacnet_opc_client
Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message. 2011-02-15 9.3 CVE-2010-4740
MISC
CERT-VN
BID
SECUNIA
MISC
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. 2011-02-17 7.6 CVE-2010-4422
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. 2011-02-17 7.6 CVE-2010-4451
CONFIRM
sun -- jdk
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. 2011-02-17 10.0 CVE-2010-4452
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. 2011-02-17 10.0 CVE-2010-4454
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. 2011-02-17 10.0 CVE-2010-4462
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. 2011-02-17 10.0 CVE-2010-4463
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. 2011-02-17 10.0 CVE-2010-4465
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. 2011-02-17 10.0 CVE-2010-4467
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. 2011-02-17 10.0 CVE-2010-4469
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. 2011-02-17 10.0 CVE-2010-4473
CONFIRM
vmware -- esx
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451. 2011-02-17 7.8 CVE-2011-0355
XF
VUPEN
VUPEN
CONFIRM
BID
BUGTRAQ
OSVDB
CONFIRM
SECTRACK
SECUNIA
MLIST
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- continuum
Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table. 2011-02-17 4.3 CVE-2011-0533
CONFIRM
CONFIRM
FULLDISC
XF
VUPEN
BID
BUGTRAQ
SECTRACK
SECUNIA
MLIST
CONFIRM
CONFIRM
djangoproject -- django
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. 2011-02-14 6.8 CVE-2011-0696
CONFIRM
CONFIRM
MLIST
djangoproject -- django
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. 2011-02-14 4.3 CVE-2011-0697
CONFIRM
CONFIRM
MLIST
ibm -- lotus_connections
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." 2011-02-14 4.3 CVE-2011-1030
AIXAPAR
CONFIRM
SECTRACK
SECUNIA
ibm -- websphere_application_server
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. 2011-02-14 4.3 CVE-2008-7274
AIXAPAR
ibm -- lotus_connections
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. 2011-02-14 6.8 CVE-2011-1032
CONFIRM
AIXAPAR
SECUNIA
ibm -- rational_build_forge
Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information. 2011-02-15 4.3 CVE-2011-1034
VUPEN
BID
OSVDB
AIXAPAR
SECTRACK
SECUNIA
intellicom -- netbiter_easyconnect_ec150
Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463. 2011-02-14 6.8 CVE-2010-4730
MISC
CERT-VN
BUGTRAQ
intellicom -- netbiter_easyconnect_ec150
Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463. 2011-02-14 6.8 CVE-2010-4731
MISC
CERT-VN
BUGTRAQ
phpmyadmin -- phpmyadmin
phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. 2011-02-14 5.0 CVE-2011-0986
CONFIRM
CONFIRM
MANDRIVA
phpmyadmin -- phpmyadmin
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. 2011-02-14 6.5 CVE-2011-0987
CONFIRM
CONFIRM
VUPEN
MANDRIVA
ruby_on_rails -- ruby_on_rails
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. 2011-02-14 4.3 CVE-2011-0446
MLIST
ruby_on_rails -- ruby_on_rails
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. 2011-02-14 6.8 CVE-2011-0447
CONFIRM
MLIST
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. 2011-02-17 4.3 CVE-2010-4447
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. 2011-02-17 5.0 CVE-2010-4466
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. 2011-02-17 4.0 CVE-2010-4468
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. 2011-02-17 5.0 CVE-2010-4470
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. 2011-02-17 5.0 CVE-2010-4471
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. 2011-02-17 4.3 CVE-2010-4475
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect availability via unknown vectors related to Java Language and unspecified APIs. 2011-02-17 5.0 CVE-2010-4476
CONFIRM
zohocorp -- manageengine_adselfservice_plus
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. 2011-02-17 4.3 CVE-2010-3272
XF
VUPEN
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
zohocorp -- manageengine_adselfservice_plus
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. 2011-02-17 5.0 CVE-2010-3273
XF
VUPEN
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
zohocorp -- manageengine_adselfservice_plus
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. 2011-02-17 4.3 CVE-2010-3274
XF
VUPEN
BID
BUGTRAQ
OSVDB
OSVDB
MISC
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
amix -- skeletonz_cms_1.0
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information. 2011-02-152.6 CVE-2010-4734
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
daniel_friesel -- feh
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. 2011-02-143.3 CVE-2011-0702
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
SECUNIA
daniel_friesel -- feh
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. 2011-02-143.3 CVE-2011-1031
CONFIRM
CONFIRM
CONFIRM
MISC
SECUNIA
ibm -- rational_team_concert
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. 2011-02-143.5 CVE-2011-1029
XF
VUPEN
BID
AIXAPAR
SECUNIA
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. 2011-02-172.6 CVE-2010-4448
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. 2011-02-173.7 CVE-2010-4450
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. 2011-02-172.6 CVE-2010-4472
CONFIRM
sun -- jdk
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. 2011-02-172.1 CVE-2010-4474
CONFIRM
vmware -- vcenter_server
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. 2011-02-152.1 CVE-2010-2928
CONFIRM
CONFIRM
BUGTRAQ
SECUNIA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top