U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-116)

Vulnerability Summary for the Week of April 19, 2010

Original release date: April 26, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. 2010-04-22 9.3 CVE-2010-1278
CONFIRM
MISC
BUGTRAQ
blizzard -- warcraft_3_the_frozen_throne
Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information. 2010-04-20 9.3 CVE-2009-4768
XF
BID
SECUNIA
CONFIRM
cisco -- pvc2300
The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726. 2010-04-22 9.0 CVE-2010-0593
CISCO
cognos_8_business_intelligence -- 8.4.1
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors. 2010-04-21 10.0 CVE-2010-1490
XF
VUPEN
BID
AIXAPAR
SECUNIA
community_cms -- community_cms
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php. 2010-04-22 7.5 CVE-2009-4794
BID
BUGTRAQ
diskos -- diskos_cms
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature. 2010-04-22 7.5 CVE-2009-4798
XF
XF
BID
MILW0RM
SECUNIA
focusdev -- com_mv_restaurantmenumanager
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php. 2010-04-19 7.5 CVE-2010-1468
MISC
BID
MISC
SECUNIA
MISC
glfusion -- glfusion
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php. 2010-04-22 7.5 CVE-2009-4796
XF
BID
BUGTRAQ
MILW0RM
CONFIRM
SECUNIA
OSVDB
grayscale -- bandsite_cms
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php. 2010-04-22 7.5 CVE-2009-4792
BID
MILW0RM
SECUNIA
hitachi -- cosminexus/opentp1_web_web_front-endset
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. 2010-04-21 9.3 CVE-2009-4776
VUPEN
BID
CONFIRM
SECUNIA
OSVDB
hp -- operations_manager
Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. 2010-04-21 9.3 CVE-2010-1033
XF
VUPEN
BID
MISC
MISC
SECTRACK
SECUNIA
MISC
HP
HP
ibm -- lotus_notes
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. 2010-04-20 7.2 CVE-2010-1487
BID
SECUNIA
jasper -- httpdx
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. 2010-04-20 9.3 CVE-2009-4769
VUPEN
MISC
MISC
OSVDB
OSVDB
jasper -- httpdx
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. 2010-04-20 7.5 CVE-2009-4770
MISC
joaktree -- joaktree
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. 2010-04-21 7.5 CVE-2009-4784
BID
SECUNIA
MISC
jobhut.spranger -- jobhut
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter. 2010-04-22 7.5 CVE-2009-4797
BID
MILW0RM
SECUNIA
MISC
linux -- kernel
The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. 2010-04-20 7.2 CVE-2010-1162
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
martin_hess -- com_sermonspeaker
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php. 2010-04-19 7.5 CVE-2010-1477
BID
MISC
SECUNIA
MISC
CONFIRM
CONFIRM
mntechsolutions -- theeta_cms
Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php. 2010-04-21 7.5 CVE-2009-4783
BUGTRAQ
SECUNIA
MISC
mojoblog -- mojoblog
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. 2010-04-21 7.5 CVE-2009-4789
BID
MISC
quick_news -- quick_news
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. 2010-04-21 7.5 CVE-2009-4785
BID
MISC
realnetworks -- helix_dna_server
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data. 2010-04-20 7.5 CVE-2010-1317
VUPEN
BID
CONFIRM
SECUNIA
realnetworks -- helix_mobile_server
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. 2010-04-20 10.0 CVE-2010-1318
VUPEN
BID
CONFIRM
SECUNIA
realnetworks -- helix_mobile_server
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length. 2010-04-20 10.0 CVE-2010-1319
VUPEN
BID
CONFIRM
SECUNIA
rim -- blackberry_enterprise_server
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. 2010-04-21 9.3 CVE-2009-4778
VUPEN
CONFIRM
SECTRACK
BID
SECUNIA
robert_garrigos -- nukehall
Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/. 2010-04-21 7.5 CVE-2009-4779
XF
MISC
rockettheme -- com_rokmodule
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. 2010-04-19 7.5 CVE-2010-1479
BID
CONFIRM
CONFIRM
MISC
SECUNIA
MISC
rockettheme -- com_rokmodule
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-04-19 7.5 CVE-2010-1480
MISC
MISC
SECUNIA
ryan_haudenschilt -- family_connections
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php. 2010-04-22 7.5 CVE-2009-4791
BID
BUGTRAQ
MILW0RM
CONFIRM
CONFIRM
SECUNIA
sun -- jdk
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. 2010-04-20 10.0 CVE-2010-0886
CONFIRM
sun -- java
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. 2010-04-20 10.0 CVE-2010-0887
CONFIRM
sysax -- multi_server
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-04-22 9.0 CVE-2009-4790
SECUNIA
tukeva -- password_reminder
TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection. 2010-04-21 7.2 CVE-2009-4781
CONFIRM
MISC
SECUNIA
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alphaplug -- com_alphauserpoints
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. 2010-04-19 6.8 CVE-2010-1476
BID
MISC
CONFIRM
SECUNIA
MISC
alvaro -- alvaros_messenger
aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate. 2010-04-20 5.8 CVE-2010-0744
MLIST
MLIST
CONFIRM
SECUNIA
BUGTRAQ
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
amsn -- amsn
login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. 2010-04-20 4.6 CVE-2008-7255
CONFIRM
CONFIRM
CONFIRM
apache -- apache_http_server
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials. 2010-04-20 6.8 CVE-2010-1151
CONFIRM
VUPEN
MANDRIVA
atlassian -- jira
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010. 2010-04-20 4.3 CVE-2010-1164
CONFIRM
CONFIRM
XF
XF
BID
MLIST
MLIST
SECUNIA
CONFIRM
atlassian -- jira
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. 2010-04-20 6.5 CVE-2010-1165
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
SECUNIA
CONFIRM
b_elektro -- com_addressbook
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 5.0 CVE-2010-1471
VUPEN
MISC
SECUNIA
MISC
cactushop -- cactushop
Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. 2010-04-22 4.3 CVE-2010-1486
BID
MISC
com_advertising -- com_advertising
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 6.8 CVE-2010-1473
MISC
SECUNIA
MISC
diskos -- diskos_cms
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. 2010-04-22 5.0 CVE-2009-4799
XF
MILW0RM
SECUNIA
e107 -- e107
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required. 2010-04-20 6.0 CVE-2010-0996
CONFIRM
XF
VUPEN
BID
BUGTRAQ
MISC
SECUNIA
MISC
e107 -- e107
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. 2010-04-20 4.3 CVE-2010-0997
CONFIRM
XF
VUPEN
BID
BUGTRAQ
MISC
SECUNIA
MISC
enlightenment -- imlib2
Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h. 2010-04-22 6.8 CVE-2010-0991
VUPEN
BUGTRAQ
MISC
SECUNIA
hitachi -- jp1_integrated_management_service_support
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file." 2010-04-21 4.3 CVE-2009-4777
XF
VUPEN
BID
CONFIRM
SECUNIA
OSVDB
hp -- hp-ux
Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors. 2010-04-21 4.9 CVE-2010-1032
VUPEN
HP
HP
ipswitch -- ws_ftp
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. 2010-04-21 4.3 CVE-2009-4775
XF
BID
MISC
MILW0RM
CONFIRM
karl_core -- bandsite_cms
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information. 2010-04-22 6.0 CVE-2009-4793
MILW0RM
SECUNIA
kazulah -- com_horoscope
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 5.0 CVE-2010-1472
VUPEN
MISC
SECUNIA
MISC
mediawiki -- mediawiki
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue. 2010-04-20 6.0 CVE-2010-1150
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
microsoft -- ie
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. 2010-04-20 4.3 CVE-2010-1489
MISC
MISC
CONFIRM
mit -- kerberos
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. 2010-04-22 4.0 CVE-2010-1320
BID
BUGTRAQ
CONFIRM
SECTRACK
CONFIRM
mntechsolutions -- theeta_cms
Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum.php; and (6) start parameter to blog/index.php. 2010-04-21 4.3 CVE-2009-4782
BUGTRAQ
SECUNIA
MISC
perl -- perl
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. 2010-04-20 5.0 CVE-2010-1158
MISC
MLIST
MLIST
CONFIRM
MISC
phpmyfaq -- phpmyfaq
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-04-21 4.3 CVE-2009-4780
BID
SECUNIA
pligg -- pligg_cms
Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. 2010-04-21 4.3 CVE-2009-4786
CONFIRM
SECUNIA
MISC
pligg -- pligg_cms
Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. 2010-04-21 6.8 CVE-2009-4787
CONFIRM
SECUNIA
MISC
pligg -- pligg_cms
Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. 2010-04-21 4.3 CVE-2009-4788
CONFIRM
SECUNIA
MISC
plohni -- shoutbox
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information. 2010-04-20 4.3 CVE-2009-4767
XF
MISC
SECUNIA
OSVDB
sun -- opensolaris
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225. 2010-04-21 4.0 CVE-2009-4774
SUNALERT
VUPEN
BID
SECUNIA
supachai_teasakul -- com_sweetykeeper
Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 6.8 CVE-2010-1474
XF
BID
MISC
SECUNIA
MISC
sysax -- multi_server
Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command. 2010-04-22 4.0 CVE-2009-4800
XF
BID
MILW0RM
SECUNIA
OSVDB
ternaria -- com_jprojectmanager
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 6.8 CVE-2010-1469
BID
MISC
SECUNIA
MISC
ternaria -- com_preventive
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 6.8 CVE-2010-1475
XF
BID
MISC
SECUNIA
MISC
ternaria -- com_jfeedback
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 6.8 CVE-2010-1478
BID
MISC
SECUNIA
MISC
tweakfs -- tweakfs_zip_utility
Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive. 2010-04-20 6.8 CVE-2010-1458
XF
BID
OSVDB
MISC
MISC
SECUNIA
FULLDISC
typo3 -- typo3
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. 2010-04-20 6.8 CVE-2010-1153
MLIST
CONFIRM
MLIST
ubercart -- ubercart
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. 2010-04-20 5.0 CVE-2009-4771
XF
BID
SECUNIA
OSVDB
CONFIRM
ubercart -- ubercart
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. 2010-04-20 4.3 CVE-2009-4772
BID
CONFIRM
XF
SECUNIA
OSVDB
ubercart -- ubercart
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2010-04-20 6.8 CVE-2009-4773
BID
CONFIRM
XF
SECUNIA
OSVDB
webtv -- com_webtv
Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-19 6.8 CVE-2010-1470
VUPEN
MISC
SECUNIA
MISC
xlightftpd -- xlight_ftp_server
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command. 2010-04-22 6.8 CVE-2009-4795
BID
XF
CONFIRM
MISC
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
linux -- kernel
The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation. 2010-04-202.1 CVE-2010-1488
CONFIRM
MLIST
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top