U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-123)

Vulnerability Summary for the Week of April 26, 2010

Original release date: May 03, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
bluestrikeweb -- phpraincheck
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-04-26 7.5 CVE-2010-1538
XF
BID
MISC
MISC
francois_bissonnette -- phpcdb
Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php, (2) newfolder.php, (3) showfolders.php, (4) newlang.php, (5) showinnerfolder.php, (6) writecode.php, and (7) showcode.php. 2010-04-26 7.5 CVE-2010-1537
XF
BID
MISC
MISC
freestyle -- faqs_lite
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php. 2010-04-26 7.5 CVE-2010-1529
XF
BID
MISC
SECUNIA
MISC
kolab -- kolab_server
Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form." 2010-04-27 7.5 CVE-2009-4824
SECUNIA
OSVDB
CONFIRM
martin_hess -- com_sermonspeaker
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information. 2010-04-27 7.5 CVE-2010-1559
SECUNIA
CONFIRM
CONFIRM
openx -- openx
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. 2010-04-27 10.0 CVE-2009-4830
MISC
CONFIRM
BID
SECUNIA
OSVDB
uiga -- proxy
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. 2010-04-26 7.5 CVE-2010-1528
XF
BID
OSVDB
MISC
SECUNIA
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
8pixel.net -- simple_blog
8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb. 2010-04-27 5.0 CVE-2009-4825
XF
MISC
SECUNIA
OSVDB
acme -- micro_httpd
micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80. 2010-04-26 5.0 CVE-2010-1544
BID
SECUNIA
MISC
andy_stedemos -- the_uploader
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. 2010-04-27 5.0 CVE-2009-4816
XF
MISC
SECUNIA
OSVDB
apple -- mac_os_x
The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions. 2010-04-27 4.9 CVE-2010-0105
BID
SREASONRES
aspindir -- angelo-emlak
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. 2010-04-27 5.0 CVE-2009-4820
XF
MISC
SECUNIA
OSVDB
cpanel -- cpanel
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. 2010-04-27 4.3 CVE-2009-4823
VUPEN
BID
MISC
SECUNIA
OSVDB
dlink -- dir-615
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. 2010-04-27 5.0 CVE-2009-4821
BID
MISC
SECUNIA
dragonfrugal -- dfd_cart
Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php. 2010-04-26 4.3 CVE-2010-1541
BID
SECUNIA
OSVDB
OSVDB
MISC
dragonfrugal -- dfd_cart
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings. 2010-04-26 6.8 CVE-2010-1542
SECUNIA
OSVDB
MISC
element-it -- ultimate_uploader
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/. 2010-04-27 6.8 CVE-2009-4817
XF
MISC
SECUNIA
OSVDB
etracker -- etracker
Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site. 2010-04-26 4.3 CVE-2010-1543
CONFIRM
XF
BID
SECUNIA
CONFIRM
givesight -- com_powermail
Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-26 5.0 CVE-2010-1532
BID
MISC
SECUNIA
MISC
ibm -- websphere_mq
Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data." 2010-04-27 4.0 CVE-2010-0772
XF
ibm -- db2
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. 2010-04-27 4.0 CVE-2010-1560
CONFIRM
VUPEN
AIXAPAR
SECUNIA
joomla.batjo -- com_shoutbox
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-26 5.0 CVE-2010-1534
XF
BID
MISC
SECUNIA
OSVDB
kasseler-cms -- kasseler_cms
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters. 2010-04-27 4.3 CVE-2009-4822
XF
BID
MISC
mybboard -- mybb
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action. 2010-04-27 4.3 CVE-2009-4813
BID
MISC
SECUNIA
OSVDB
myblog -- myblog
Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information. 2010-04-26 5.0 CVE-2010-1540
BID
MISC
SECUNIA
peter_hocherl -- tweetla
Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-04-26 5.0 CVE-2010-1533
MISC
SECUNIA
peter_hocherl -- travelbook
Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-04-26 5.0 CVE-2010-1535
MISC
SECUNIA
php_web_scripts -- ad_manager_pro
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information. 2010-04-27 6.8 CVE-2009-4828
VUPEN
MISC
SECUNIA
phpsimplicity -- simplicity_of_upload
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. 2010-04-27 6.8 CVE-2009-4818
XF
BID
MISC
redcomponent -- redshop
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. 2010-04-26 5.0 CVE-2010-1531
XF
BID
OSVDB
MISC
SECUNIA
MISC
MISC
scriptez -- mini_hosting_panel
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action. 2010-04-27 6.8 CVE-2009-4826
VUPEN
MISC
SECUNIA
scriptez -- mail_manager_pro
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action. 2010-04-27 6.8 CVE-2009-4827
VUPEN
MISC
SECUNIA
serv-u -- serv-u
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. 2010-04-27 4.0 CVE-2009-4815
XF
VUPEN
CONFIRM
BID
SECUNIA
stoverud -- phphotoalbum
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/. 2010-04-27 6.8 CVE-2009-4819
XF
BID
MISC
vmware -- ace
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a x25x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. 2010-04-27 5.0 CVE-2009-4811
MISC
MLIST
BID
MISC
MISC
FULLDISC
BUGTRAQ
wolfram -- webmathematica
Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message. 2010-04-27 5.0 CVE-2009-4812
FULLDISC
wolfram -- webmathematica
Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script. 2010-04-27 4.3 CVE-2009-4814
XF
BID
SECUNIA
OSVDB
FULLDISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
james_glasgow -- autologout
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. 2010-04-272.1 CVE-2009-4829
BID
CONFIRM
CONFIRM
CONFIRM
VUPEN
SECUNIA
OSVDB
john_vandyk -- workflow
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. 2010-04-262.1 CVE-2010-1539
BID
CONFIRM
CONFIRM
CONFIRM
XF
SECUNIA
mearra -- addthis
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. 2010-04-262.1 CVE-2010-1536
BID
CONFIRM
CONFIRM
CONFIRM
SECUNIA
reyero -- i18n
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input. 2010-04-262.1 CVE-2010-1530
BID
CONFIRM
CONFIRM
SECUNIA
OSVDB
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top