U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB11-059)

Vulnerability Summary for the Week of February 21, 2011

Original release date: February 28, 2011 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- security_agent
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request. 2011-02-18 10.0 CVE-2011-0364
XF
MISC
VUPEN
SECTRACK
BID
BUGTRAQ
CISCO
SECUNIA
SECUNIA
cisco -- telepresence_system_software
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. 2011-02-25 10.0 CVE-2011-0372
CISCO
cisco -- telepresence_system_software
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. 2011-02-25 9.0 CVE-2011-0373
CISCO
cisco -- telepresence_system_software
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. 2011-02-25 9.0 CVE-2011-0374
CISCO
cisco -- telepresence_system_software
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. 2011-02-25 9.0 CVE-2011-0375
CISCO
cisco -- telepresence_system_software
The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876. 2011-02-25 10.0 CVE-2011-0376
CISCO
cisco -- telepresence_system_software
Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605. 2011-02-25 7.8 CVE-2011-0377
CISCO
cisco -- telepresence_system_software
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. 2011-02-25 8.3 CVE-2011-0378
CISCO
cisco -- adaptive_security_appliance_software
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761. 2011-02-25 7.9 CVE-2011-0379
CISCO
CISCO
CISCO
CISCO
cisco -- telepresence_manager
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562. 2011-02-25 7.5 CVE-2011-0380
CISCO
cisco -- telepresence_manager
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. 2011-02-25 10.0 CVE-2011-0381
CISCO
cisco -- telepresence_recording_server_software
The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221. 2011-02-25 10.0 CVE-2011-0382
CISCO
cisco -- telepresence_multipoint_switch_software
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. 2011-02-25 10.0 CVE-2011-0383
CISCO
CISCO
cisco -- telepresence_multipoint_switch_software
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253. 2011-02-25 10.0 CVE-2011-0384
CISCO
cisco -- telepresence_multipoint_switch_software
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. 2011-02-25 10.0 CVE-2011-0385
CISCO
CISCO
cisco -- telepresence_recording_server_software
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739. 2011-02-25 9.3 CVE-2011-0386
CISCO
cisco -- telepresence_multipoint_switch_software
The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164. 2011-02-25 8.0 CVE-2011-0387
CISCO
cisco -- telepresence_multipoint_switch_software
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. 2011-02-25 7.8 CVE-2011-0388
CISCO
CISCO
cisco -- telepresence_multipoint_switch_software
Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993. 2011-02-25 7.8 CVE-2011-0389
CISCO
cisco -- telepresence_multipoint_switch_software
The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534. 2011-02-25 7.8 CVE-2011-0390
CISCO
cisco -- telepresence_recording_server_software
Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad hoc recording" issue, aka Bug ID CSCtf97205. 2011-02-25 7.8 CVE-2011-0391
CISCO
cisco -- telepresence_recording_server_software
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833. 2011-02-25 7.5 CVE-2011-0392
CISCO
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707. 2011-02-25 7.8 CVE-2011-0393
CISCO
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances 500 series devices; and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(20), 3.2 before 3.2(20), 4.0 before 4.0(15), and 4.1 before 4.1(5) allow remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug IDs CSCtg69457 and CSCtl84952. 2011-02-25 7.8 CVE-2011-0394
CISCO
CISCO
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583. 2011-02-25 7.8 CVE-2011-0395
CISCO
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352. 2011-02-25 7.8 CVE-2011-0396
CISCO
fedoraproject -- 389_directory_server
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. 2011-02-23 7.5 CVE-2011-0019
CONFIRM
CONFIRM
BID
REDHAT
hex-rays -- ida
Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface." 2011-02-21 10.0 CVE-2011-1050
CONFIRM
VUPEN
hex-rays -- ida
Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. 2011-02-21 10.0 CVE-2011-1051
CONFIRM
hex-rays -- ida
Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. 2011-02-21 10.0 CVE-2011-1052
CONFIRM
hex-rays -- ida
Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors. 2011-02-21 10.0 CVE-2011-1054
CONFIRM
isc -- bind
ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. 2011-02-23 7.1 CVE-2011-0414
CERT-VN
CERT-VN
CONFIRM
CONFIRM
lingxia273 -- lingxia_i.c.e_cms
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm. 2011-02-21 7.5 CVE-2011-1055
XF
XF
MISC
BID
EXPLOIT-DB
SECUNIA
mihantools -- mihantools
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2011-02-21 7.5 CVE-2011-1048
BID
EXPLOIT-DB
SECUNIA
OSVDB
moinejf -- abcm2ps
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line. 2011-02-18 7.5 CVE-2010-3441
CONFIRM
MLIST
MLIST
MLIST
FEDORA
CONFIRM
VUPEN
BID
SECUNIA
SECUNIA
CONFIRM
moinejf -- abcm2ps
Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information. 2011-02-18 7.5 CVE-2010-4743
FEDORA
CONFIRM
CONFIRM
VUPEN
SECUNIA
SECUNIA
CONFIRM
moinejf -- abcm2ps
Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441. 2011-02-18 7.5 CVE-2010-4744
FEDORA
CONFIRM
CONFIRM
VUPEN
SECUNIA
CONFIRM
moxa -- device_manager
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321. 2011-02-18 9.3 CVE-2010-4741
MISC
CONFIRM
CERT-VN
CONFIRM
MISC
moxa -- activex_sdk
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. 2011-02-18 10.0 CVE-2010-4742
OSVDB
MISC
MISC
network_block_device -- nbd
Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression. 2011-02-22 7.5 CVE-2011-0530
CONFIRM
CONFIRM
MLIST
MLIST
FEDORA
FEDORA
VUPEN
SECUNIA
CONFIRM
novell -- zenworks_configuration_manager
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. 2011-02-18 10.0 CVE-2010-4323
XF
MISC
VUPEN
SECTRACK
BID
BUGTRAQ
CONFIRM
SECUNIA
novell -- iprint_open_enterprise_server_2
Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes. 2011-02-18 7.5 CVE-2010-4328
MISC
VUPEN
SECTRACK
BID
BUGTRAQ
CONFIRM
SECUNIA
OSVDB
CONFIRM
openafs -- openafs
Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors. 2011-02-18 7.5 CVE-2011-0430
VUPEN
VUPEN
BID
DEBIAN
SECUNIA
SECUNIA
pipi -- pipi_player
Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods. 2011-02-22 9.3 CVE-2011-1065
XF
MISC
MISC
BID
SECUNIA
pivotx -- pivotx
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors. 2011-02-18 7.5 CVE-2011-1035
CERT-VN
CONFIRM
CONFIRM
CONFIRM
VUPEN
SECUNIA
MISC
realnetworks -- realplayer
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. 2011-02-21 9.3 CVE-2011-0694
MISC
SECTRACK
BUGTRAQ
CONFIRM
SECUNIA
OSVDB
CONFIRM
redhat -- icedtea-web
The "JNLPClassLoader" class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." 2011-02-18 7.5 CVE-2011-0706
CONFIRM
MISC
BID
SECUNIA
FEDORA
FEDORA
ruby_on_rails -- ruby_on_rails
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. 2011-02-21 7.5 CVE-2011-0448
CONFIRM
MLIST
SECTRACK
SECUNIA
ruby_on_rails -- ruby_on_rails
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. 2011-02-21 7.5 CVE-2011-0449
CONFIRM
SECTRACK
SECUNIA
MLIST
ubuntu -- edubuntu
The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. 2011-02-18 7.5 CVE-2011-0724
XF
VUPEN
UBUNTU
BID
vasthtml -- forum_server
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, or (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php. 2011-02-21 7.5 CVE-2011-1047
BID
BUGTRAQ
BUGTRAQ
MISC
MISC
SECUNIA
webmastersite -- wsn_guest
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php. 2011-02-22 7.5 CVE-2011-1060
XF
BID
BUGTRAQ
SECUNIA
MISC
webmastersite -- wsn_guest
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter. 2011-02-22 7.5 CVE-2011-1061
BID
BUGTRAQ
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- tomcat
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Software Foundation Tomcat 7.0 before 7.0.6, 5.5 before 5.5.32, and 6.0 before 6.0.30 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. 2011-02-18 4.3 CVE-2011-0013
MISC
CONFIRM
CONFIRM
VUPEN
SECTRACK
BID
BUGTRAQ
MANDRIVA
DEBIAN
CONFIRM
SECUNIA
apple -- webkit
Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557. 2011-02-22 6.8 CVE-2011-1059
CONFIRM
CONFIRM
CONFIRM
CONFIRM
avahi -- avahi
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. 2011-02-22 5.0 CVE-2011-1002
CONFIRM
CONFIRM
MISC
XF
XF
VUPEN
BID
MLIST
SECUNIA
MLIST
MLIST
CONFIRM
cgiirc -- cgi:irc
Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter. 2011-02-18 4.3 CVE-2011-0050
VUPEN
BUGTRAQ
DEBIAN
MLIST
SECUNIA
OSVDB
cherry-software -- photopad
Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php. 2011-02-22 4.3 CVE-2011-1063
XF
BUGTRAQ
MISC
SECUNIA
clamav -- clamav
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. 2011-02-23 6.8 CVE-2011-1003
CONFIRM
CONFIRM
VUPEN
BID
SECTRACK
SECUNIA
MLIST
MLIST
CONFIRM
debian -- shadow
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. 2011-02-18 6.4 CVE-2011-0721
VUPEN
VUPEN
UBUNTU
BID
DEBIAN
SECUNIA
SECUNIA
dell -- dellsystemlite.scanner_activex_control
Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter. 2011-02-21 5.0 CVE-2011-0329
BID
MISC
SECUNIA
dell -- dellsystemlite.scanner_activex_control
The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software. 2011-02-21 5.0 CVE-2011-0330
BID
MISC
SECUNIA
f-secure -- internet_gatekeeper
F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. 2011-02-18 5.0 CVE-2011-0453
CONFIRM
JVNDB
JVN
VUPEN
SECUNIA
fedoraproject -- 389_directory_server
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. 2011-02-23 5.0 CVE-2010-4746
CONFIRM
CONFIRM
fedoraproject -- 389_directory_server
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. 2011-02-23 4.7 CVE-2011-0022
CONFIRM
BID
REDHAT
fedoraproject -- 389_directory_server
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2011-02-23 6.2 CVE-2011-0532
CONFIRM
BID
REDHAT
fedoraproject -- 389_directory_server
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. 2011-02-23 5.0 CVE-2011-1067
CONFIRM
CONFIRM
freedesktop -- telepathy_gabble
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. 2011-02-18 6.4 CVE-2011-1000
CONFIRM
MLIST
MLIST
VUPEN
VUPEN
UBUNTU
BID
DEBIAN
SECUNIA
SECUNIA
SECUNIA
gareth_watts -- phpxref
Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string. 2011-02-21 4.3 CVE-2010-4745
XF
BID
MISC
SECUNIA
CONFIRM
OSVDB
gnu -- mailman
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. 2011-02-22 4.3 CVE-2011-0707
MLIST
VUPEN
VUPEN
BID
DEBIAN
SECUNIA
SECUNIA
MLIST
google -- chrome_os
Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to connection attempts. 2011-02-18 4.3 CVE-2011-1042
CONFIRM
CONFIRM
CONFIRM
hex-rays -- ida
Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file. 2011-02-21 6.8 CVE-2011-1049
CONFIRM
VUPEN
SECUNIA
OSVDB
hex-rays -- ida
Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file. 2011-02-21 4.3 CVE-2011-1053
CONFIRM
ibm -- filenet_p8_content_manager
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. 2011-02-21 6.8 CVE-2011-1045
XF
VUPEN
BID
CONFIRM
SECUNIA
ibm -- filenet_p8_business_process_manager
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors. 2011-02-21 5.0 CVE-2011-1046
XF
VUPEN
BID
CONFIRM
SECUNIA
ibm -- lotus_sametime
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO. 2011-02-22 4.3 CVE-2011-1038
BID
BUGTRAQ
linux -- kernel
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. 2011-02-18 4.4 CVE-2010-4649
CONFIRM
CONFIRM
BID
CONFIRM
linux -- kernel
The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. 2011-02-18 5.0 CVE-2011-0709
MLIST
MLIST
MLIST
CONFIRM
MLIST
BID
CONFIRM
MLIST
linux -- kernel
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. 2011-02-18 6.2 CVE-2011-0712
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
XF
BID
linux -- kernel
mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. 2011-02-23 4.9 CVE-2011-0999
CONFIRM
MLIST
MLIST
CONFIRM
BID
CONFIRM
lunascape -- lunascape
Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory. 2011-02-24 6.2 CVE-2011-0452
SECUNIA
CONFIRM
JVNDB
JVN
metasploit -- metasploit_framework
The installer for Metasploit Framework 3.5.1, when running on Windows, uses insecure inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. 2011-02-21 4.0 CVE-2011-1056
VUPEN
SECUNIA
OSVDB
CONFIRM
metasploit -- metasploit_framework
The installer for Metasploit Framework 3.5.1, when running on Windows, uses insecure inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. 2011-02-21 4.0 CVE-2011-1057
VUPEN
SECUNIA
OSVDB
CONFIRM
openafs -- openafs
The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information. 2011-02-18 5.0 CVE-2011-0431
VUPEN
VUPEN
BID
DEBIAN
SECUNIA
SECUNIA
openssl -- openssl
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." 2011-02-18 5.0 CVE-2011-0014
CONFIRM
VUPEN
VUPEN
VUPEN
VUPEN
VUPEN
UBUNTU
SECTRACK
BID
MANDRIVA
DEBIAN
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
OSVDB
FEDORA
php -- php
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. 2011-02-18 5.0 CVE-2011-0420
CERT-VN
MISC
XF
BID
BUGTRAQ
BUGTRAQ
EXPLOIT-DB
SREASONRES
qibosoft -- qi_bo_cms
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter. 2011-02-22 6.8 CVE-2011-1064
XF
BID
SECUNIA
MISC
redhat -- policycoreutils
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. 2011-02-24 6.9 CVE-2011-1011
CONFIRM
CONFIRM
SECUNIA
MLIST
MLIST
FULLDISC
sebastian_heinlein -- aptdaemon
Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface. 2011-02-23 4.9 CVE-2011-0725
CONFIRM
UBUNTU
taskfreak -- taskfreak!
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information. 2011-02-22 4.3 CVE-2011-1062
MISC
EXPLOIT-DB
SECUNIA
OSVDB
OSVDB
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
linux -- kernel
The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. 2011-02-182.1 CVE-2011-0710
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
XF
BID
linux -- kernel
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. 2011-02-181.9 CVE-2011-1044
CONFIRM
CONFIRM
CONFIRM
microsoft -- windows_azure_sdk
Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. 2011-02-232.6 CVE-2011-1068
CONFIRM
SECUNIA
moinmo -- moinmoin
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. 2011-02-222.6 CVE-2011-1058
CONFIRM
reyero -- messaging
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. 2011-02-222.6 CVE-2011-1066
CONFIRM
XF
BID
SECUNIA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top