U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-074)

Vulnerability Summary for the Week of March 8, 2010

Original release date: March 15, 2010 | Last revised: November 02, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
chumby -- chumby_classic
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. 2010-03-10 10.0 CVE-2010-0418
CONFIRM
MISC
cowon_america -- jetaudio
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information. 2010-03-05 9.3 CVE-2009-4668
BUGTRAQ
MILW0RM
SECUNIA
MISC
dev4u -- dev4u_cms
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter. 2010-03-10 7.5 CVE-2010-0951
XF
BID
MISC
MISC
energizer -- duo_usb
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. 2010-03-10 9.3 CVE-2010-0103
CERT-VN
MISC
BID
MISC
grafxsoftware -- minicwb
Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/. 2010-03-10 7.5 CVE-2009-4693
XF
VUPEN
BID
MILW0RM
grupenet -- wp-lytebox
Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter. 2010-03-05 7.5 CVE-2009-4672
BID
MILW0RM
SECUNIA
hotbrackets -- com_hotbrackets
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. 2010-03-08 7.5 CVE-2010-0945
XF
VUPEN
BID
MISC
MISC
hp -- openview_performance_insight
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. 2010-03-10 10.0 CVE-2010-0447
XF
MISC
VUPEN
BID
SECUNIA
HP
HP
hypersilence -- silentum_guestbook
SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter. 2010-03-10 7.5 CVE-2009-4687
XF
MILW0RM
ibm -- vios
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. 2010-03-10 7.2 CVE-2010-0960
VUPEN
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECTRACK
ibm -- vios
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. 2010-03-10 7.2 CVE-2010-0961
VUPEN
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECTRACK
inertialfate -- com_if_nexus
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. 2010-03-08 7.5 CVE-2009-4679
BID
OSVDB
MISC
SECUNIA
kiss-software -- com_ksadvertiser
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. 2010-03-08 7.5 CVE-2010-0946
XF
BID
MISC
media-products -- bild_flirt_community
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-03-10 7.5 CVE-2010-0955
XF
BID
MISC
SECUNIA
MISC
OSVDB
MISC
microsoft -- excel
Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." 2010-03-10 9.3 CVE-2010-0257
MS
microsoft -- excel
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." 2010-03-10 9.3 CVE-2010-0258
MS
microsoft -- excel
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability." 2010-03-10 9.3 CVE-2010-0260
MS
microsoft -- excel
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." 2010-03-10 9.3 CVE-2010-0261
MS
microsoft -- excel
Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." 2010-03-10 9.3 CVE-2010-0262
MS
microsoft -- excel
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability." 2010-03-10 9.3 CVE-2010-0263
MS
MISC
microsoft -- excel
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." 2010-03-10 9.3 CVE-2010-0264
MS
microsoft -- producer
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." 2010-03-10 9.3 CVE-2010-0265
MS
microsoft -- ie
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010. 2010-03-10 9.3 CVE-2010-0806
CERT-VN
VUPEN
BID
CONFIRM
SECUNIA
CONFIRM
natychmiast-cms -- natychmiast-cms
Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php. 2010-03-10 7.5 CVE-2010-0950
XF
BID
BUGTRAQ
MISC
opencart -- opencart
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. 2010-03-10 7.5 CVE-2010-0956
BID
MISC
phpdirectorysource -- phpdirectorysource
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter. 2010-03-10 7.5 CVE-2009-4680
BID
MILW0RM
SECUNIA
MISC
preprojects -- pre_e-learning_portal
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. 2010-03-10 7.5 CVE-2010-0954
XF
BID
MISC
SECUNIA
OSVDB
MISC
radscripts -- radlance
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. 2010-03-10 7.5 CVE-2009-4695
XF
BID
OSVDB
MILW0RM
SECUNIA
radscripts -- radnics
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. 2010-03-10 7.5 CVE-2009-4696
XF
BID
OSVDB
MILW0RM
SECUNIA
resalecode -- php_shopping_cart_selling_website_script
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. 2010-03-10 7.5 CVE-2009-4689
VUPEN
SECUNIA
MISC
resalecode -- classified_linktrader_script
SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter. 2010-03-10 7.5 CVE-2009-4691
VUPEN
SECUNIA
MISC
samba -- samba
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. 2010-03-10 8.5 CVE-2010-0728
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
scriptsez -- good/bad_vote
Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information. 2010-03-10 7.5 CVE-2009-4683
OSVDB
MILW0RM
SECUNIA
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- airport_express
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. 2010-03-10 5.0 CVE-2010-0962
XF
BID
BUGTRAQ
BUGTRAQ
FULLDISC
bbsmax -- bbsmax
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. 2010-03-10 4.3 CVE-2010-0947
BID
BUGTRAQ
MISC
bfs.kilu -- bigforum
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-03-10 6.8 CVE-2010-0948
XF
BID
MISC
SECUNIA
MISC
OSVDB
edgephp -- ezodiak
Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter. 2010-03-10 4.3 CVE-2009-4684
XF
SECUNIA
MISC
OSVDB
ibm -- enovia_smarteam
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. 2010-03-10 4.3 CVE-2010-0959
BID
BUGTRAQ
insanevisions -- onecms
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. 2010-03-10 6.8 CVE-2010-0952
XF
BID
MISC
SECUNIA
MISC
joomlart -- com_jashowcase
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. 2010-03-08 5.0 CVE-2010-0943
XF
BID
MISC
SECUNIA
MISC
jvideodirect -- com_jvideodirect
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-03-08 5.0 CVE-2010-0942
XF
BID
MISC
MISC
natychmiast-cms -- natychmiast-cms
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. 2010-03-10 4.3 CVE-2010-0949
XF
BID
BUGTRAQ
MISC
phpcoin -- phpcoin
Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. 2010-03-10 6.8 CVE-2010-0953
XF
BID
MISC
phpdirectorysource -- phpdirectorysource
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter. 2010-03-10 4.3 CVE-2009-4681
BID
MILW0RM
SECUNIA
MISC
phplemon -- adquick
Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter. 2010-03-10 4.3 CVE-2009-4686
XF
SECUNIA
MISC
OSVDB
phpscriptsnow -- astrology
Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter. 2010-03-10 4.3 CVE-2009-4685
XF
SECUNIA
MISC
OSVDB
radscripts -- radlance
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action. 2010-03-10 4.3 CVE-2009-4692
XF
BID
OSVDB
MILW0RM
SECUNIA
radscripts -- radlance
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-10 4.3 CVE-2009-4694
XF
SECUNIA
OSVDB
radscripts -- radnics
Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action. 2010-03-10 4.3 CVE-2009-4697
XF
BID
OSVDB
MILW0RM
SECUNIA
resalecode -- php_shopping_cart_selling_website_script
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters. 2010-03-10 4.3 CVE-2009-4688
VUPEN
SECUNIA
MISC
sanusart -- simple_php_guestbook
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. 2010-03-08 4.3 CVE-2010-0940
XF
MISC
SECUNIA
MISC
OSVDB
saskia_bruckner -- saskias_shopsystem
Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter. 2010-03-10 6.8 CVE-2010-0957
XF
BID
MISC
MISC
scriptsez -- good/bad_vote
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action. 2010-03-10 4.3 CVE-2009-4682
OSVDB
MILW0RM
SECUNIA
thomas_perez -- tribisur
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information. 2010-03-10 6.8 CVE-2010-0958
BID
MISC
SECUNIA
MISC
thorsten_riess -- com_jcollection
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-03-08 5.0 CVE-2010-0944
XF
BID
MISC
MISC
web-site-development -- etek_systems_hit_counter
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php. 2010-03-08 4.3 CVE-2010-0941
XF
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
yourfreeworld -- programs_rating_script
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php. 2010-03-10 4.3 CVE-2009-4690
XF
VUPEN
BID
SECUNIA
MISC
OSVDB
OSVDB
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
ncpfs -- ncpfs
sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. 2010-03-102.1 CVE-2010-0790
FULLDISC
BID
BUGTRAQ
BUGTRAQ
ncpfs -- ncpfs
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. 2010-03-102.1 CVE-2010-0791
FULLDISC
BID
BUGTRAQ
BUGTRAQ
samba -- samba
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. 2010-03-103.5 CVE-2010-0926
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
FULLDISC
CONFIRM
MISC
FULLDISC
FULLDISC
FULLDISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top