Vulnerability Summary for the Week of February 21, 2011
Released
Feb 28, 2011
Document ID
SB11-059
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- security_agent | The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request. | 2011-02-18 | 10.0 | CVE-2011-0364 XF MISC VUPEN SECTRACK BID BUGTRAQ CISCO SECUNIA SECUNIA |
| cisco -- telepresence_system_software | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. | 2011-02-25 | 10.0 | CVE-2011-0372 CISCO |
| cisco -- telepresence_system_software | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | 2011-02-25 | 9.0 | CVE-2011-0373 CISCO |
| cisco -- telepresence_system_software | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. | 2011-02-25 | 9.0 | CVE-2011-0374 CISCO |
| cisco -- telepresence_system_software | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. | 2011-02-25 | 9.0 | CVE-2011-0375 CISCO |
| cisco -- telepresence_system_software | The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876. | 2011-02-25 | 10.0 | CVE-2011-0376 CISCO |
| cisco -- telepresence_system_software | Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605. | 2011-02-25 | 7.8 | CVE-2011-0377 CISCO |
| cisco -- telepresence_system_software | The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. | 2011-02-25 | 8.3 | CVE-2011-0378 CISCO |
| cisco -- adaptive_security_appliance_software | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761. | 2011-02-25 | 7.9 | CVE-2011-0379 CISCO CISCO CISCO CISCO |
| cisco -- telepresence_manager | Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562. | 2011-02-25 | 7.5 | CVE-2011-0380 CISCO |
| cisco -- telepresence_manager | Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. | 2011-02-25 | 10.0 | CVE-2011-0381 CISCO |
| cisco -- telepresence_recording_server_software | The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221. | 2011-02-25 | 10.0 | CVE-2011-0382 CISCO |
| cisco -- telepresence_multipoint_switch_software | The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. | 2011-02-25 | 10.0 | CVE-2011-0383 CISCO CISCO |
| cisco -- telepresence_multipoint_switch_software | The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253. | 2011-02-25 | 10.0 | CVE-2011-0384 CISCO |
| cisco -- telepresence_multipoint_switch_software | The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. | 2011-02-25 | 10.0 | CVE-2011-0385 CISCO CISCO |
| cisco -- telepresence_recording_server_software | The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739. | 2011-02-25 | 9.3 | CVE-2011-0386 CISCO |
| cisco -- telepresence_multipoint_switch_software | The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164. | 2011-02-25 | 8.0 | CVE-2011-0387 CISCO |
| cisco -- telepresence_multipoint_switch_software | Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. | 2011-02-25 | 7.8 | CVE-2011-0388 CISCO CISCO |
| cisco -- telepresence_multipoint_switch_software | Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993. | 2011-02-25 | 7.8 | CVE-2011-0389 CISCO |
| cisco -- telepresence_multipoint_switch_software | The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534. | 2011-02-25 | 7.8 | CVE-2011-0390 CISCO |
| cisco -- telepresence_recording_server_software | Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad hoc recording" issue, aka Bug ID CSCtf97205. | 2011-02-25 | 7.8 | CVE-2011-0391 CISCO |
| cisco -- telepresence_recording_server_software | Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833. | 2011-02-25 | 7.5 | CVE-2011-0392 CISCO |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707. | 2011-02-25 | 7.8 | CVE-2011-0393 CISCO |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances 500 series devices; and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(20), 3.2 before 3.2(20), 4.0 before 4.0(15), and 4.1 before 4.1(5) allow remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug IDs CSCtg69457 and CSCtl84952. | 2011-02-25 | 7.8 | CVE-2011-0394 CISCO CISCO |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583. | 2011-02-25 | 7.8 | CVE-2011-0395 CISCO |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352. | 2011-02-25 | 7.8 | CVE-2011-0396 CISCO |
| fedoraproject -- 389_directory_server | slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. | 2011-02-23 | 7.5 | CVE-2011-0019 CONFIRM CONFIRM BID REDHAT |
| hex-rays -- ida | Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface." | 2011-02-21 | 10.0 | CVE-2011-1050 CONFIRM VUPEN |
| hex-rays -- ida | Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. | 2011-02-21 | 10.0 | CVE-2011-1051 CONFIRM |
| hex-rays -- ida | Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. | 2011-02-21 | 10.0 | CVE-2011-1052 CONFIRM |
| hex-rays -- ida | Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors. | 2011-02-21 | 10.0 | CVE-2011-1054 CONFIRM |
| isc -- bind | ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. | 2011-02-23 | 7.1 | CVE-2011-0414 CERT-VN CERT-VN CONFIRM CONFIRM |
| lingxia273 -- lingxia_i.c.e_cms | SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm. | 2011-02-21 | 7.5 | CVE-2011-1055 XF XF MISC BID EXPLOIT-DB SECUNIA |
| mihantools -- mihantools | SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2011-02-21 | 7.5 | CVE-2011-1048 BID EXPLOIT-DB SECUNIA OSVDB |
| moinejf -- abcm2ps | Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line. | 2011-02-18 | 7.5 | CVE-2010-3441 CONFIRM MLIST MLIST MLIST FEDORA CONFIRM VUPEN BID SECUNIA SECUNIA CONFIRM |
| moinejf -- abcm2ps | Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information. | 2011-02-18 | 7.5 | CVE-2010-4743 FEDORA CONFIRM CONFIRM VUPEN SECUNIA SECUNIA CONFIRM |
| moinejf -- abcm2ps | Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441. | 2011-02-18 | 7.5 | CVE-2010-4744 FEDORA CONFIRM CONFIRM VUPEN SECUNIA CONFIRM |
| moxa -- device_manager | Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321. | 2011-02-18 | 9.3 | CVE-2010-4741 MISC CONFIRM CERT-VN CONFIRM MISC |
| moxa -- activex_sdk | Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. | 2011-02-18 | 10.0 | CVE-2010-4742 OSVDB MISC MISC |
| network_block_device -- nbd | Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression. | 2011-02-22 | 7.5 | CVE-2011-0530 CONFIRM CONFIRM MLIST MLIST FEDORA FEDORA VUPEN SECUNIA CONFIRM |
| novell -- zenworks_configuration_manager | Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. | 2011-02-18 | 10.0 | CVE-2010-4323 XF MISC VUPEN SECTRACK BID BUGTRAQ CONFIRM SECUNIA |
| novell -- iprint_open_enterprise_server_2 | Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes. | 2011-02-18 | 7.5 | CVE-2010-4328 MISC VUPEN SECTRACK BID BUGTRAQ CONFIRM SECUNIA OSVDB CONFIRM |
| openafs -- openafs | Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors. | 2011-02-18 | 7.5 | CVE-2011-0430 VUPEN VUPEN BID DEBIAN SECUNIA SECUNIA |
| pipi -- pipi_player | Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods. | 2011-02-22 | 9.3 | CVE-2011-1065 XF MISC MISC BID SECUNIA |
| pivotx -- pivotx | The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors. | 2011-02-18 | 7.5 | CVE-2011-1035 CERT-VN CONFIRM CONFIRM CONFIRM VUPEN SECUNIA MISC |
| realnetworks -- realplayer | RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. | 2011-02-21 | 9.3 | CVE-2011-0694 MISC SECTRACK BUGTRAQ CONFIRM SECUNIA OSVDB CONFIRM |
| redhat -- icedtea-web | The "JNLPClassLoader" class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." | 2011-02-18 | 7.5 | CVE-2011-0706 CONFIRM MISC BID SECUNIA FEDORA FEDORA |
| ruby_on_rails -- ruby_on_rails | Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. | 2011-02-21 | 7.5 | CVE-2011-0448 CONFIRM MLIST SECTRACK SECUNIA |
| ruby_on_rails -- ruby_on_rails | actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. | 2011-02-21 | 7.5 | CVE-2011-0449 CONFIRM SECTRACK SECUNIA MLIST |
| ubuntu -- edubuntu | The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. | 2011-02-18 | 7.5 | CVE-2011-0724 XF VUPEN UBUNTU BID |
| vasthtml -- forum_server | Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, or (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php. | 2011-02-21 | 7.5 | CVE-2011-1047 BID BUGTRAQ BUGTRAQ MISC MISC SECUNIA |
| webmastersite -- wsn_guest | SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php. | 2011-02-22 | 7.5 | CVE-2011-1060 XF BID BUGTRAQ SECUNIA MISC |
| webmastersite -- wsn_guest | SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter. | 2011-02-22 | 7.5 | CVE-2011-1061 BID BUGTRAQ MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- tomcat | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Software Foundation Tomcat 7.0 before 7.0.6, 5.5 before 5.5.32, and 6.0 before 6.0.30 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | 2011-02-18 | 4.3 | CVE-2011-0013 MISC CONFIRM CONFIRM VUPEN SECTRACK BID BUGTRAQ MANDRIVA DEBIAN CONFIRM SECUNIA |
| apple -- webkit | Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557. | 2011-02-22 | 6.8 | CVE-2011-1059 CONFIRM CONFIRM CONFIRM CONFIRM |
| avahi -- avahi | avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. | 2011-02-22 | 5.0 | CVE-2011-1002 CONFIRM CONFIRM MISC XF XF VUPEN BID MLIST SECUNIA MLIST MLIST CONFIRM |
| cgiirc -- cgi:irc | Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter. | 2011-02-18 | 4.3 | CVE-2011-0050 VUPEN BUGTRAQ DEBIAN MLIST SECUNIA OSVDB |
| cherry-software -- photopad | Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php. | 2011-02-22 | 4.3 | CVE-2011-1063 XF BUGTRAQ MISC SECUNIA |
| clamav -- clamav | Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. | 2011-02-23 | 6.8 | CVE-2011-1003 CONFIRM CONFIRM VUPEN BID SECTRACK SECUNIA MLIST MLIST CONFIRM |
| debian -- shadow | Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. | 2011-02-18 | 6.4 | CVE-2011-0721 VUPEN VUPEN UBUNTU BID DEBIAN SECUNIA SECUNIA |
| dell -- dellsystemlite.scanner_activex_control | Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter. | 2011-02-21 | 5.0 | CVE-2011-0329 BID MISC SECUNIA |
| dell -- dellsystemlite.scanner_activex_control | The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software. | 2011-02-21 | 5.0 | CVE-2011-0330 BID MISC SECUNIA |
| f-secure -- internet_gatekeeper | F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | 2011-02-18 | 5.0 | CVE-2011-0453 CONFIRM JVNDB JVN VUPEN SECUNIA |
| fedoraproject -- 389_directory_server | Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. | 2011-02-23 | 5.0 | CVE-2010-4746 CONFIRM CONFIRM |
| fedoraproject -- 389_directory_server | The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. | 2011-02-23 | 4.7 | CVE-2011-0022 CONFIRM BID REDHAT |
| fedoraproject -- 389_directory_server | The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2011-02-23 | 6.2 | CVE-2011-0532 CONFIRM BID REDHAT |
| fedoraproject -- 389_directory_server | slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. | 2011-02-23 | 5.0 | CVE-2011-1067 CONFIRM CONFIRM |
| freedesktop -- telepathy_gabble | jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. | 2011-02-18 | 6.4 | CVE-2011-1000 CONFIRM MLIST MLIST VUPEN VUPEN UBUNTU BID DEBIAN SECUNIA SECUNIA SECUNIA |
| gareth_watts -- phpxref | Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string. | 2011-02-21 | 4.3 | CVE-2010-4745 XF BID MISC SECUNIA CONFIRM OSVDB |
| gnu -- mailman | Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. | 2011-02-22 | 4.3 | CVE-2011-0707 MLIST VUPEN VUPEN BID DEBIAN SECUNIA SECUNIA MLIST |
| google -- chrome_os | Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to connection attempts. | 2011-02-18 | 4.3 | CVE-2011-1042 CONFIRM CONFIRM CONFIRM |
| hex-rays -- ida | Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file. | 2011-02-21 | 6.8 | CVE-2011-1049 CONFIRM VUPEN SECUNIA OSVDB |
| hex-rays -- ida | Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file. | 2011-02-21 | 4.3 | CVE-2011-1053 CONFIRM |
| ibm -- filenet_p8_content_manager | Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. | 2011-02-21 | 6.8 | CVE-2011-1045 XF VUPEN BID CONFIRM SECUNIA |
| ibm -- filenet_p8_business_process_manager | IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors. | 2011-02-21 | 5.0 | CVE-2011-1046 XF VUPEN BID CONFIRM SECUNIA |
| ibm -- lotus_sametime | Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO. | 2011-02-22 | 4.3 | CVE-2011-1038 BID BUGTRAQ |
| linux -- kernel | Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. | 2011-02-18 | 4.4 | CVE-2010-4649 CONFIRM CONFIRM BID CONFIRM |
| linux -- kernel | The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. | 2011-02-18 | 5.0 | CVE-2011-0709 MLIST MLIST MLIST CONFIRM MLIST BID CONFIRM MLIST |
| linux -- kernel | Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. | 2011-02-18 | 6.2 | CVE-2011-0712 CONFIRM MLIST MLIST MLIST CONFIRM CONFIRM XF BID |
| linux -- kernel | mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. | 2011-02-23 | 4.9 | CVE-2011-0999 CONFIRM MLIST MLIST CONFIRM BID CONFIRM |
| lunascape -- lunascape | Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2011-02-24 | 6.2 | CVE-2011-0452 SECUNIA CONFIRM JVNDB JVN |
| metasploit -- metasploit_framework | The installer for Metasploit Framework 3.5.1, when running on Windows, uses insecure inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. | 2011-02-21 | 4.0 | CVE-2011-1056 VUPEN SECUNIA OSVDB CONFIRM |
| metasploit -- metasploit_framework | The installer for Metasploit Framework 3.5.1, when running on Windows, uses insecure inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. | 2011-02-21 | 4.0 | CVE-2011-1057 VUPEN SECUNIA OSVDB CONFIRM |
| openafs -- openafs | The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information. | 2011-02-18 | 5.0 | CVE-2011-0431 VUPEN VUPEN BID DEBIAN SECUNIA SECUNIA |
| openssl -- openssl | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | 2011-02-18 | 5.0 | CVE-2011-0014 CONFIRM VUPEN VUPEN VUPEN VUPEN VUPEN UBUNTU SECTRACK BID MANDRIVA DEBIAN SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA OSVDB FEDORA |
| php -- php | The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. | 2011-02-18 | 5.0 | CVE-2011-0420 CERT-VN MISC XF BID BUGTRAQ BUGTRAQ EXPLOIT-DB SREASONRES |
| qibosoft -- qi_bo_cms | SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter. | 2011-02-22 | 6.8 | CVE-2011-1064 XF BID SECUNIA MISC |
| redhat -- policycoreutils | The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. | 2011-02-24 | 6.9 | CVE-2011-1011 CONFIRM CONFIRM SECUNIA MLIST MLIST FULLDISC |
| sebastian_heinlein -- aptdaemon | Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface. | 2011-02-23 | 4.9 | CVE-2011-0725 CONFIRM UBUNTU |
| taskfreak -- taskfreak! | Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information. | 2011-02-22 | 4.3 | CVE-2011-1062 MISC EXPLOIT-DB SECUNIA OSVDB OSVDB |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| linux -- kernel | The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. | 2011-02-18 | 2.1 | CVE-2011-0710 CONFIRM CONFIRM MLIST MLIST CONFIRM XF BID |
| linux -- kernel | The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. | 2011-02-18 | 1.9 | CVE-2011-1044 CONFIRM CONFIRM CONFIRM |
| microsoft -- windows_azure_sdk | Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. | 2011-02-23 | 2.6 | CVE-2011-1068 CONFIRM SECUNIA |
| moinmo -- moinmoin | Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. | 2011-02-22 | 2.6 | CVE-2011-1058 CONFIRM |
| reyero -- messaging | Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. | 2011-02-22 | 2.6 | CVE-2011-1066 CONFIRM XF BID SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.