U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-102)

Vulnerability Summary for the Week of April 5, 2010

Original release date: April 12, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat_reader
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. 2010-04-05 9.3 CVE-2009-4764
MISC
MISC
MLIST
MLIST
adobe -- acrobat_reader
Adobe Reader 9.3.1 on Windows does not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. 2010-04-05 9.3 CVE-2010-1240
MLIST
MISC
adobe -- acrobat_reader
The custom heap management system in Adobe Reader 9.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted PDF document, aka FG-VD-10-005. 2010-04-05 9.3 CVE-2010-1241
MISC
MLIST
MISC
apache -- couchdb
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. 2010-04-05 7.5 CVE-2010-0009
CONFIRM
CONFIRM
BID
BUGTRAQ
OSVDB
SECUNIA
BUGTRAQ
bjsintay -- sitex
SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter. 2010-04-09 7.5 CVE-2010-1343
XF
BID
MISC
ca -- xosoft_content_distribution
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service. 2010-04-07 10.0 CVE-2010-1223
CONFIRM
BID
MISC
MISC
BUGTRAQ
BUGTRAQ
BUGTRAQ
centreon -- centreon
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter. 2010-04-07 7.5 CVE-2010-1301
BID
MISC
SECUNIA
MISC
OSVDB
clamav -- clamav
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. 2010-04-08 10.0 CVE-2010-0098
BID
CONFIRM
SECUNIA
CONFIRM
cookex -- com_ckforms
SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php. 2010-04-09 7.5 CVE-2010-1344
BID
XF
OSVDB
MISC
SECUNIA
MISC
ekith -- com_dcs_flashgames
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. 2010-04-06 7.5 CVE-2010-1265
BID
MISC
SECUNIA
MISC
emweb -- wt
Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors. 2010-04-06 9.3 CVE-2010-1273
CONFIRM
BID
OSVDB
SECUNIA
foxitsoftware -- foxit_reader
Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836. 2010-04-05 9.3 CVE-2010-1239
CERT-VN
CONFIRM
CONFIRM
MISC
MISC
MISC
heartlogic -- hl-sitemanager
SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors. 2010-04-09 7.5 CVE-2010-1331
XF
CONFIRM
JVNDB
JVN
ibm -- webi
The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. 2010-04-05 7.5 CVE-2010-1243
CONFIRM
VUPEN
SECUNIA
invohost -- invohost
Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information. 2010-04-09 7.5 CVE-2010-1336
XF
XF
BID
MISC
SECUNIA
OSVDB
OSVDB
justsystems -- ichitaro
Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter." 2010-04-06 9.3 CVE-2009-4737
VUPEN
CONFIRM
XF
BID
OSVDB
MISC
MISC
SECUNIA
JVNDB
JVN
kjetiltroan -- webmaid_cms
Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php. 2010-04-06 7.5 CVE-2010-1266
XF
VUPEN
BID
MISC
MISC
MISC
komputer.boo -- gnat-tgp
PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. 2010-04-06 7.5 CVE-2010-1272
XF
BID
MISC
MISC
linux -- kernel
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c. 2010-04-06 7.1 CVE-2010-1084
CONFIRM
MLIST
CONFIRM
MISC
linux -- kernel
The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error. 2010-04-06 7.1 CVE-2010-1085
CONFIRM
MLIST
MISC
MLIST
linux -- kernel
The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. 2010-04-06 7.8 CVE-2010-1086
CONFIRM
MLIST
CONFIRM
linux -- kernel
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. 2010-04-06 7.8 CVE-2010-1087
CONFIRM
MLIST
CONFIRM
lussumo -- vanilla
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters. 2010-04-09 7.5 CVE-2010-1337
XF
BID
MISC
mahara -- mahara
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username. 2010-04-07 7.5 CVE-2010-0400
CONFIRM
BID
DEBIAN
mozilla -- firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-04-05 9.3 CVE-2010-0173
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
XF
VUPEN
CONFIRM
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-04-05 10.0 CVE-2010-0174
CONFIRM
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefox
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to a certain event handler. 2010-04-05 9.3 CVE-2010-0175
CONFIRM
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefox
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." 2010-04-05 9.3 CVE-2010-0176
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
mozilla -- firefox
The window.navigator.plugins object in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not properly manage memory during a page reload, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger deletion of referenced objects, related to a "dangling pointer vulnerability." 2010-04-05 9.3 CVE-2010-0177
CONFIRM
XF
VUPEN
VUPEN
VUPEN
VUPEN
REDHAT
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
mozilla -- firefox
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. 2010-04-05 7.6 CVE-2010-0178
CONFIRM
XF
VUPEN
VUPEN
VUPEN
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
mozilla -- firefox
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. 2010-04-05 9.3 CVE-2010-0179
CONFIRM
XF
VUPEN
VUPEN
VUPEN
REDHAT
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
SECUNIA
novell -- netware_ftp_server
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. 2010-04-05 7.5 CVE-2003-1593
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. 2010-04-05 7.5 CVE-2003-1594
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. 2010-04-05 10.0 CVE-2003-1595
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. 2010-04-05 7.5 CVE-2003-1596
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords. 2010-04-05 7.5 CVE-2005-4887
CONFIRM
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. 2010-04-05 7.5 CVE-2007-6735
CONFIRM
CONFIRM
phpscripte24 -- niedrig_gebote_pro_auktions_system_ii
SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. 2010-04-06 7.5 CVE-2010-1269
XF
MISC
SECUNIA
MISC
MISC
phpscripte24 -- multi_suktions_komplett_system
SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. 2010-04-06 7.5 CVE-2010-1270
XF
BID
OSVDB
MISC
SECUNIA
MISC
MISC
roberto_aloi -- com_joomlapicasa2
Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-04-08 7.5 CVE-2010-1306
BID
MISC
SECUNIA
MISC
robertotto -- teamsite_hack_plugin
SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action. 2010-04-09 7.5 CVE-2010-1338
XF
BID
MISC
SECUNIA
MISC
OSVDB
MISC
MISC
smart-plugs -- smartplugs
SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter. 2010-04-06 7.5 CVE-2010-1271
XF
BID
MISC
SECUNIA
MISC
MISC
systemsoftware -- community_black_forum
SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter. 2010-04-09 7.5 CVE-2010-1341
XF
OSVDB
MISC
SECUNIA
varnish.projects.linpro -- varnish
** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless." 2010-04-05 7.5 CVE-2009-2936
MISC
MISC
BUGTRAQ
BUGTRAQ
yamamah -- yamamah
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter. 2010-04-07 7.5 CVE-2010-1300
XF
MISC
SECUNIA
MISC
OSVDB
zabbix -- zabbix
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php. 2010-04-06 7.5 CVE-2010-1277
MISC
VUPEN
BID
BUGTRAQ
OSVDB
SECUNIA
MISC
MISC
FULLDISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alex_rabe -- nextgen_gallery
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. 2010-04-07 4.3 CVE-2010-1186
CONFIRM
BID
MISC
almas -- compiere
Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-04-09 4.3 CVE-2010-1333
CONFIRM
XF
XF
SECUNIA
OSVDB
JVNDB
JVNDB
JVN
JVN
apache -- activemq
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action. 2010-04-05 6.8 CVE-2010-1244
CONFIRM
CONFIRM
CONFIRM
XF
SECUNIA
apple -- airport_utility
AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. 2010-04-05 6.8 CVE-2009-2822
VUPEN
BID
CONFIRM
APPLE
XF
OSVDB
SECTRACK
SECUNIA
bbsxp -- bbsxp
Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter. 2010-04-06 4.3 CVE-2010-1275
BID
BUGTRAQ
SECUNIA
bbsxp -- bbsxp
Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-04-06 4.3 CVE-2010-1276
SECUNIA
ca -- xosoft_content_distribution
CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. 2010-04-07 5.0 CVE-2010-1221
CONFIRM
BID
BUGTRAQ
ca -- xosoft_content_distribution
CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. 2010-04-07 5.0 CVE-2010-1222
CONFIRM
BID
BUGTRAQ
clamav -- clamav
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. 2010-04-08 5.0 CVE-2010-1311
BID
CONFIRM
SECUNIA
CONFIRM
cookex -- com_ckforms
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-09 5.0 CVE-2010-1345
OSVDB
MISC
SECUNIA
MISC
decryptweb -- com_dwgraphs
Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. 2010-04-07 5.0 CVE-2010-1302
BID
MISC
SECUNIA
MISC
OSVDB
directnews -- direct_news
Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information. 2010-04-09 6.8 CVE-2010-1342
BID
MISC
SECUNIA
dynpg -- dynpg_cms
Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information. 2010-04-07 5.1 CVE-2010-1299
BID
BUGTRAQ
MISC
CONFIRM
SECUNIA
MISC
OSVDB
ermenegildo_fiorito -- irmin_cms
Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information. 2010-04-07 6.8 CVE-2008-7254
MISC
SECUNIA
MISC
OSVDB
ermenegildo_fiorito -- irmin_cms
Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php. 2010-04-08 5.0 CVE-2010-1309
MISC
fh54 -- justvisual
Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information. 2010-04-06 6.8 CVE-2010-1268
XF
BID
MISC
SECUNIA
MISC
OSVDB
gnu -- emacs
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. 2010-04-05 4.4 CVE-2010-0825
CONFIRM
XF
VUPEN
UBUNTU
SECUNIA
ibm -- webi
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-04-05 4.3 CVE-2010-1242
CONFIRM
VUPEN
SECUNIA
ijoomla -- com_news_portal
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-08 5.0 CVE-2010-1312
BID
MISC
SECUNIA
MISC
iscsitarget -- iscsitarget
Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. 2010-04-08 5.0 CVE-2010-0743
CONFIRM
CONFIRM
CONFIRM
XF
BID
SECUNIA
MLIST
joomla-research -- com_jresearch
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-09 5.0 CVE-2010-1340
XF
BID
SECUNIA
MISC
OSVDB
joomlamo -- com_userstatus
Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-08 5.0 CVE-2010-1304
XF
BID
MISC
joomlamo -- com_jinventory
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-08 5.0 CVE-2010-1305
MISC
VUPEN
BID
MISC
SECUNIA
MISC
joomlamo -- com_weberpcustomer
Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-04-08 5.0 CVE-2010-1315
XF
MISC
SECUNIA
MISC
joomlanook -- com_hsconfig
Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-04-08 5.0 CVE-2010-1314
BID
MISC
SECUNIA
MISC
kjetiltroan -- webmaid_cms
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php. 2010-04-06 5.0 CVE-2010-1267
VUPEN
BID
MISC
MISC
MISC
la-souris-verte -- com_svmap
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-08 5.0 CVE-2010-1308
VUPEN
MISC
SECUNIA
MISC
linux -- kernel
The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). 2010-04-06 4.7 CVE-2010-1083
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
linux -- kernel
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. 2010-04-06 5.4 CVE-2010-1088
CONFIRM
MLIST
CONFIRM
mielke -- brltty
Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. 2010-04-05 6.9 CVE-2008-3279
CONFIRM
VUPEN
REDHAT
SECUNIA
miftahovn -- insky_cms
Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information. 2010-04-09 6.8 CVE-2010-1335
XF
MISC
SECUNIA
MISC
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
mit -- kerberos
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. 2010-04-07 4.0 CVE-2010-0629
BID
CONFIRM
BUGTRAQ
SECTRACK
CONFIRM
CONFIRM
moinmo -- moinmoin
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. 2010-04-05 5.0 CVE-2010-1238
DEBIAN
mozilla -- firefox
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. 2010-04-05 4.3 CVE-2010-0181
CONFIRM
XF
VUPEN
CONFIRM
SECUNIA
mozilla -- firefox
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. 2010-04-05 4.3 CVE-2010-0182
CONFIRM
XF
VUPEN
CONFIRM
novell -- netware_ftp_server
Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password. 2010-04-05 5.0 CVE-2003-1592
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. 2010-04-05 4.3 CVE-2004-2767
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed. 2010-04-05 5.0 CVE-2005-4888
CONFIRM
CONFIRM
novell -- netware_ftp_server
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors. 2010-04-05 4.0 CVE-2007-6734
CONFIRM
CONFIRM
novell -- netware_ftp_server
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD or (2) RMD command. 2010-04-05 6.5 CVE-2010-0625
CONFIRM
VUPEN
BID
BUGTRAQ
MISC
CONFIRM
SECTRACK
SECUNIA
opera -- opera_browser
Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. 2010-04-08 5.0 CVE-2010-1310
CONFIRM
CONFIRM
SECUNIA
prettybook -- prettyformmail
Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-04-09 4.3 CVE-2010-1332
XF
JVNDB
JVN
pulsecms -- pulse_cms
Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-04-06 4.0 CVE-2010-1298
SECUNIA
pulsecms -- pulse_cms
Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks. 2010-04-09 6.8 CVE-2010-0992
CONFIRM
MISC
SECUNIA
pulsecms -- pulse_cms
Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. 2010-04-09 6.0 CVE-2010-0993
CONFIRM
MISC
SECUNIA
pulsecms -- pulse_cms
Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different vulnerability than CVE-2010-0993. 2010-04-09 6.0 CVE-2010-1334
SECUNIA
rafal_wojtczuk -- libnids
The ip_evictor function in ip_fragment.c in libnids 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets. 2010-04-06 5.0 CVE-2010-0751
VUPEN
VUPEN
MISC
XF
BID
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
CONFIRM
ribafs -- mini_cms_ribafs
SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information. 2010-04-09 6.8 CVE-2010-1346
XF
BID
MISC
SECUNIA
MISC
OSVDB
robertotto -- teamsite_hack_plugin
Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-04-09 4.3 CVE-2010-1339
SECUNIA
roshan_singh -- open_direct_connect_hub
Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message. 2010-04-06 6.0 CVE-2010-1147
CONFIRM
BUGTRAQ
MISC
MLIST
MLIST
MISC
seber -- com_sebercart
Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-04-08 4.3 CVE-2010-1313
BID
MISC
SECUNIA
software.realtyna -- com_joomlaupdater
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-08 5.0 CVE-2010-1307
VUPEN
MISC
SECUNIA
MISC
webtoolkit -- wt
Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection. 2010-04-06 4.3 CVE-2010-1274
XF
CONFIRM
BID
OSVDB
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- activemq
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. 2010-04-053.5 CVE-2010-0684
BID
CONFIRM
CONFIRM
CONFIRM
XF
BUGTRAQ
MISC
SECTRACK
SECUNIA
freedesktop -- policykit
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. 2010-04-062.1 CVE-2010-0750
CONFIRM
CONFIRM
CONFIRM
SECUNIA
MLIST
MLIST
jim_berry -- taxonomy_filter
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus. 2010-04-082.1 CVE-2010-1303
CONFIRM
CONFIRM
XF
OSVDB
SECUNIA
moinmo -- moinmoin
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. 2010-04-053.5 CVE-2010-0828
CONFIRM
CONFIRM
CONFIRM
XF
VUPEN
BID
DEBIAN
SECUNIA
SECUNIA
CONFIRM
piotr_roszatycki -- libnss-db
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module. 2010-04-051.9 CVE-2010-0826
CONFIRM
VUPEN
UBUNTU
BID
SECUNIA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top