Vulnerability Summary for the Week of October 10, 2011

Released
Oct 18, 2011
Document ID
SB11-290

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
a-blog -- a-blog SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter. 2011-10-087.5CVE-2010-4917
allinta -- allinta_cms Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp. 2011-10-097.5CVE-2010-4922
allpcscript -- allpc SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. 2011-10-097.5CVE-2010-4946
apple -- mac_os_x Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. 2011-10-147.5CVE-2011-0230
apple -- itunes CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. 2011-10-127.6CVE-2011-0259
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2338
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2339
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2341
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2352
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2354
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2356
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2809
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2811
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2813
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2814
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2815
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2816
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2817
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2820
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-2831
apple -- mac_os_x The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. 2011-10-147.6CVE-2011-3213
apple -- itunes Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. 2011-10-129.3CVE-2011-3219
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3233
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3235
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3236
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3237
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3238
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3239
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3241
apple -- itunes WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. 2011-10-127.6CVE-2011-3244
apple -- itunes Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. 2011-10-129.3CVE-2011-3252
apple -- iphone_os The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. 2011-10-149.3CVE-2011-3430
bluecms -- bluecms SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action. 2011-10-087.5CVE-2010-4897
brothersoft -- saurus_cms Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. 2011-10-097.5CVE-2010-4943
chillycms -- chillycms SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. 2011-10-087.5CVE-2010-4894
clearbudget -- clearbudget ** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party. 2011-10-097.5CVE-2010-4924
coldgen -- coldcalendar SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action. 2011-10-087.5CVE-2010-4910
coldgen -- coldbookmarks SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action. 2011-10-087.5CVE-2010-4915
coldgen -- coldusergroup Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter. 2011-10-087.5CVE-2010-4916
cubecart -- cubecart SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. 2011-10-087.5CVE-2010-4903
deltascripts -- php_classifieds PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter. 2011-10-087.5CVE-2010-4914
dev-team_typoheads -- webkitpdf SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2011-10-097.5CVE-2010-4961
dev-team_typoheads -- webkitpdf Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. 2011-10-097.5CVE-2010-4962
discuz -- ucenter_home SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. 2011-10-087.5CVE-2010-4912
dlink -- dcs-2121_firmware recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. 2011-10-169.0CVE-2010-4964
dlink -- dcs-2121_firmware /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. 2011-10-169.0CVE-2010-4965
dmxready -- polling_booth_manager SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action. 2011-10-087.5CVE-2010-4921
e-xoopport -- samsara SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter. 2011-10-097.5CVE-2010-4942
ehulihanapplications -- hulihan_bxr SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. 2011-10-097.5CVE-2010-4963
gambio -- xt:commerce_gambio_2008 SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. 2011-10-097.5CVE-2010-4954
gantry-framework -- com_gantry SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. 2011-10-087.5CVE-2010-4898
geeklog -- geeklog SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter. 2011-10-097.5CVE-2010-4933
ijoomla -- com_magazine PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php. 2011-10-087.5CVE-2010-4918
joachim_ruhs -- event SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2011-10-097.5CVE-2010-4950
joachim_ruhs -- festat SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2011-10-097.5CVE-2010-4952
joomla -- com_weblinks SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2011-10-097.5CVE-2010-4938
joomla -- com_elite_experts SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php. 2011-10-097.5CVE-2010-4944
joomla -- com_camelcitydb2 SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. 2011-10-097.5CVE-2010-4945
joomla-clantools -- clantools Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php. 2011-10-087.5CVE-2010-4902
joomlamo -- com_teams SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php. 2011-10-097.5CVE-2010-4941
joostina-cms -- com_ezautos SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. 2011-10-097.5CVE-2010-4929
jw_calendar -- jw_calendar Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. 2011-10-0910.0CVE-2010-4953
khader_abbeb -- entrans SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter. 2011-10-097.5CVE-2010-4935
linux -- kernel net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. 2011-10-107.8CVE-2011-2189
marco_hezel -- hm_tinymarket Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. 2011-10-0710.0CVE-2010-4889
micronetsoft -- rv_dealer_website SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter. 2011-10-087.5CVE-2010-4919
micronetsoft -- rental_property_website SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter. 2011-10-087.5CVE-2010-4920
microsoft -- windows_2003_server Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." 2011-10-119.3CVE-2011-1247
microsoft -- .net_framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." 2011-10-119.3CVE-2011-1253
microsoft -- forefront_unified_access_gateway Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." 2011-10-119.3CVE-2011-1969
microsoft -- windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." 2011-10-117.2CVE-2011-1985
microsoft -- ie Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-1993
microsoft -- ie Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-1995
microsoft -- ie Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-1996
microsoft -- ie Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-1997
microsoft -- ie Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-1998
microsoft -- ie Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-1999
microsoft -- ie Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-2000
microsoft -- ie Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." 2011-10-119.3CVE-2011-2001
microsoft -- windows_2003_server Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." 2011-10-119.3CVE-2011-2003
microsoft -- windows_2003_server afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." 2011-10-117.2CVE-2011-2005
microsoft -- windows_media_center_tv_pack Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." 2011-10-119.3CVE-2011-2009
microsoft -- windows_2003_server Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." 2011-10-117.2CVE-2011-2011
nadine_schwingler -- ke_questionnaire SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2011-10-097.5CVE-2010-4957
novell -- groupwise Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error." 2011-10-0710.0CVE-2011-0333
novell -- groupwise Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file. 2011-10-0710.0CVE-2011-0334
novell -- groupwise Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message. 2011-10-0710.0CVE-2011-2662
novell -- groupwise Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message. 2011-10-0710.0CVE-2011-2663
nuked-klan -- partenaires_module SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter. 2011-10-097.5CVE-2010-4925
photoindochina -- com_restaurantguide SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php. 2011-10-097.5CVE-2010-4927
php-fusion -- php-fusion ** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party. 2011-10-0910.0CVE-2010-4931
php-programs -- apboard_developers_apboard SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078. 2011-10-097.5CVE-2010-4955
phpgalleryscript -- php_free_photo_gallery PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. 2011-10-097.5CVE-2010-4948
plone -- plone Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. 2011-10-109.3CVE-2011-3587
plone -- cmfeditions The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587. 2011-10-109.3CVE-2011-4030
pradoportal -- prado_portal SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. 2011-10-097.5CVE-2010-4958
preproject -- pre_podcast_portal SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter. 2011-10-097.5CVE-2010-4959
quagga -- quagga Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. 2011-10-107.5CVE-2011-3327
raphael_zschorsch -- commentsbe SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2011-10-077.5CVE-2010-4887
robitbt -- com_amblog Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php. 2011-10-097.5CVE-2010-4937
scripts.bdr130 -- mailform PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. 2011-10-097.5CVE-2010-4939
sellatsite -- php_classifieds_ads SQL injection vulnerability in classi/detail.php in PHP Classifieds Ads allows remote attackers to execute arbitrary SQL commands via the sid parameter. 2011-10-087.5CVE-2010-4911
simon_philips -- com_aardvertiser SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. 2011-10-087.5CVE-2010-4904
softbizscripts -- article_directory_script SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter. 2011-10-087.5CVE-2010-4905
svcreation -- get_tube SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. 2011-10-097.5CVE-2010-4934
timetrack -- com_timetrack SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php. 2011-10-097.5CVE-2010-4926
virtuenetz -- virtue_shopping_mall SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter. 2011-10-087.5CVE-2010-4908
virtuenetz -- virtue_book_store SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter. 2011-10-097.5CVE-2010-4923
vmware -- ams Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image. 2011-10-079.3CVE-2011-3868
wanewsletter -- wanewsletter SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2011-10-097.5CVE-2010-4940
webmanager-pro -- cms_webmanager-pro SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2011-10-087.5CVE-2010-4899
webmaster-tips -- com_slideshow SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. 2011-10-097.5CVE-2010-4936
zenphoto -- zenphoto SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information. 2011-10-087.5CVE-2010-4906

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
N/A -- N/A Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter. 2011-10-084.3CVE-2010-4901
adam_kennedy -- crypt-dsa The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. 2011-10-105.8CVE-2011-3599
allpcscript -- allpc Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. 2011-10-094.3CVE-2010-4947
apple -- mac_os_x Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. 2011-10-144.4CVE-2011-0185
apple -- mac_os_x CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. 2011-10-146.8CVE-2011-0224
apple -- mac_os_x Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. 2011-10-146.8CVE-2011-0229
apple -- mac_os_x CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." 2011-10-145.0CVE-2011-0231
apple -- mac_os_x The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window. 2011-10-144.6CVE-2011-0260
apple -- mac_os_x IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. 2011-10-144.6CVE-2011-3214
apple -- mac_os_x MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. 2011-10-146.8CVE-2011-3217
apple -- mac_os_x QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. 2011-10-144.3CVE-2011-3220
apple -- mac_os_x QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. 2011-10-146.8CVE-2011-3221
apple -- mac_os_x Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. 2011-10-146.8CVE-2011-3222
apple -- mac_os_x Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. 2011-10-146.8CVE-2011-3223
apple -- mac_os_x The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. 2011-10-145.0CVE-2011-3225
apple -- mac_os_x Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. 2011-10-146.8CVE-2011-3226
apple -- mac_os_x libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. 2011-10-146.8CVE-2011-3227
apple -- mac_os_x QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. 2011-10-146.8CVE-2011-3228
apple -- safari Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. 2011-10-146.8CVE-2011-3229
apple -- safari Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. 2011-10-146.8CVE-2011-3230
apple -- safari The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. 2011-10-146.8CVE-2011-3231
apple -- safari The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. 2011-10-145.0CVE-2011-3242
apple -- safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. 2011-10-144.3CVE-2011-3243
apple -- iphone_os CFNetwork in Apple iOS before 5 and Mac OS X 10.7 before 10.7.2 does not properly restrict transmission of cookies, which allows remote attackers to obtain sensitive information via a crafted (1) http or (2) https URL. 2011-10-145.0CVE-2011-3246
apple -- iphone_os Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. 2011-10-144.3CVE-2011-3254
apple -- iphone_os CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. 2011-10-144.3CVE-2011-3255
apple -- iphone_os FreeType in CoreGraphics in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font. 2011-10-144.3CVE-2011-3256
apple -- apple_tv The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. 2011-10-145.0CVE-2011-3259
apple -- iphone_os Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. 2011-10-146.8CVE-2011-3260
apple -- iphone_os Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. 2011-10-146.8CVE-2011-3261
apple -- iphone_os Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. 2011-10-144.3CVE-2011-3426
apple -- iphone_os The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. 2011-10-145.0CVE-2011-3432
apple -- iphone_os The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. 2011-10-144.3CVE-2011-3434
apple -- mac_os_x Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. 2011-10-146.5CVE-2011-3436
apple -- mac_os_x Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document. 2011-10-146.8CVE-2011-3437
atmail -- webmail Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action. 2011-10-094.3CVE-2010-4930
chillycms -- chillycms Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information. 2011-10-084.3CVE-2010-4895
coldgen -- coldusergroup Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information. 2011-10-084.3CVE-2010-4913
evnix -- freichat Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window. 2011-10-094.3CVE-2010-4949
expinion.net -- member_management_system Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter. 2011-10-084.3CVE-2010-4896
festengine -- festos Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action. 2011-10-084.3CVE-2010-4893
hp -- onboard_administrator Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors. 2011-10-116.4CVE-2011-3155
insanevisions -- onecms Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter. 2011-10-074.3CVE-2010-4877
khader_abbeb -- entrans Cross-site scripting (XSS) vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter. 2011-10-094.3CVE-2010-4932
martin_hesse -- mh_branchenbuch Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-10-094.3CVE-2010-4960
mechbunny -- paysitereviewcms Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php. 2011-10-084.3CVE-2010-4909
microsoft -- forefront_unified_access_gateway CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." 2011-10-114.3CVE-2011-1895
microsoft -- forefront_unified_access_gateway Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." 2011-10-114.3CVE-2011-1896
microsoft -- forefront_unified_access_gateway Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." 2011-10-114.3CVE-2011-1897
microsoft -- windows_7 win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." 2011-10-114.7CVE-2011-2002
microsoft -- host_integration_server Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." 2011-10-115.0CVE-2011-2007
microsoft -- host_integration_server Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." 2011-10-115.0CVE-2011-2008
microsoft -- forefront_unified_access_gateway Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." 2011-10-115.0CVE-2011-2012
nadine_schwingler -- ke_questionnaire Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-10-094.3CVE-2010-4956
novell -- identity_manager_roles_based_provisioning_module Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972. 2011-10-074.3CVE-2011-1696
novell -- groupwise Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219. 2011-10-075.0CVE-2011-2218
novell -- groupwise Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218. 2011-10-075.0CVE-2011-2219
novell -- identity_manager_roles_based_provisioning_module Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603. 2011-10-074.3CVE-2011-2227
novell -- groupwise Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter. 2011-10-074.3CVE-2011-2661
photoindochina -- com_restaurantguide Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. 2011-10-094.3CVE-2010-4928
phppgadmin -- phppgadmin Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php. 2011-10-074.3CVE-2011-3598
quagga -- quagga The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. 2011-10-105.0CVE-2011-3323
quagga -- quagga The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. 2011-10-105.0CVE-2011-3324
quagga -- quagga ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. 2011-10-105.0CVE-2011-3325
quagga -- quagga The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. 2011-10-105.0CVE-2011-3326
thomas_mammitzsch -- vx_xajax_shoutbox Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-10-095.0CVE-2010-4951
utage -- enkai-kun Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-10-104.3CVE-2011-2675
webmanager-pro -- cms_webmanager-pro Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2011-10-085.8CVE-2010-4900
zenphoto -- zenphoto Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562. 2011-10-084.3CVE-2010-4907

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apple -- mac_os_x CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. 2011-10-142.1CVE-2011-3212
apple -- mac_os_x The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. 2011-10-142.1CVE-2011-3215
apple -- mac_os_x The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. 2011-10-142.1CVE-2011-3216
apple -- mac_os_x The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. 2011-10-142.6CVE-2011-3218
apple -- mac_os_x The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. 2011-10-142.6CVE-2011-3224
apple -- iphone_os The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. 2011-10-142.1CVE-2011-3245
apple -- iphone_os CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. 2011-10-142.6CVE-2011-3253
apple -- iphone_os The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. 2011-10-142.1CVE-2011-3257
apple -- apple_tv The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. 2011-10-142.6CVE-2011-3427
apple -- iphone_os The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. 2011-10-142.1CVE-2011-3429
apple -- iphone_os The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. 2011-10-142.1CVE-2011-3431
apple -- mac_os_x Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. 2011-10-142.1CVE-2011-3435

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.