U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-130)

Vulnerability Summary for the Week of May 3, 2010

Original release date: May 10, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2daybiz -- polls_script
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information. 2010-05-04 7.5 CVE-2010-1704
XF
XF
BID
MISC
SECUNIA
MISC
2daybiz -- auction_script
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information. 2010-05-04 7.5 CVE-2010-1706
XF
VUPEN
BID
MISC
SECUNIA
MISC
OSVDB
abc_backup -- abc_backup
Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. 2010-05-05 9.3 CVE-2010-1686
VUPEN
VUPEN
MISC
SECUNIA
SECUNIA
adobe -- photoshop_cs4
Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. 2010-05-05 9.3 CVE-2010-1279
CONFIRM
VUPEN
BID
SECUNIA
alibabaclone -- b2b_gold_script
SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-05-06 7.5 CVE-2010-1744
XF
BID
MISC
SECUNIA
MISC
OSVDB
alibabaplatinumscript -- alibaba_clone_platinum
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-05-06 7.5 CVE-2010-1725
XF
BID
MISC
MISC
aspsiteware -- jobpost
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information. 2010-05-06 7.5 CVE-2010-1727
XF
BID
MISC
SECUNIA
MISC
base -- basic_analysis_and_security_engine
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. 2010-05-06 7.5 CVE-2009-4838
CONFIRM
SECUNIA
CONFIRM
billwerx -- billwerx_rc
SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter. 2010-05-06 7.5 CVE-2010-1741
XF
BID
MISC
cacti -- cacti
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. 2010-05-04 7.5 CVE-2010-1431
CONFIRM
CONFIRM
VUPEN
DEBIAN
SECUNIA
SECUNIA
FULLDISC
campware.org -- campsite
SQL injection vulnerability in javascript/tinymce/plugins/campsiteattachment/attachments.php in Campsite 3.2 through 3.3.5 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. 2010-05-06 7.5 CVE-2010-1745
CONFIRM
XF
BID
SECUNIA
MISC
OSVDB
cursorarts -- zipwrangler
Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename. 2010-05-04 9.3 CVE-2010-1685
MISC
SECUNIA
OSVDB
ec21clone -- ec21_clone
SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-05-06 7.5 CVE-2010-1726
XF
BID
MISC
MISC
freeguppy -- guppy
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter. 2010-05-06 7.5 CVE-2010-1740
XF
BID
MISC
MISC
freerealty.rwcinc -- free_realty
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter). 2010-05-04 7.5 CVE-2010-1708
XF
BID
MISC
MISC
google -- chrome
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. 2010-05-03 7.5 CVE-2010-1665
VUPEN
SECUNIA
CONFIRM
CONFIRM
internetdownloadmanager -- internet_download_manager
Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server. 2010-05-06 10.0 CVE-2010-0995
BID
BUGTRAQ
MISC
MISC
SECUNIA
joomla -- com_agenda
SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. 2010-05-04 7.5 CVE-2010-1716
XF
BID
OSVDB
MISC
MISC
SECUNIA
joomla -- joomla
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php. 2010-05-04 7.5 CVE-2010-1721
XF
BID
MISC
SECUNIA
OSVDB
MISC
joomla -- com_newsfeeds
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php. 2010-05-06 7.5 CVE-2010-1739
XF
BID
MISC
MISC
lexmark -- 25xxn
The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. 2010-05-04 7.8 CVE-2010-0101
CONFIRM
microsoft -- visio
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. 2010-05-06 7.6 CVE-2010-1681
BID
BUGTRAQ
MISC
moviephp -- movie_php_script
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter. 2010-05-06 7.5 CVE-2009-4836
VUPEN
MILW0RM
SECUNIA
OSVDB
opera -- opera_browser
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. 2010-05-06 9.3 CVE-2010-1728
XF
VUPEN
CONFIRM
CONFIRM
CONFIRM
SECUNIA
CONFIRM
MISC
postnuke -- postnuke
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action. 2010-05-04 7.5 CVE-2010-1713
XF
BID
MISC
MISC
qproje -- com_qpersonel
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php. 2010-05-04 7.5 CVE-2010-1720
XF
MISC
BID
MISC
SECUNIA
OSVDB
rocky.nu -- php_video_battle_script
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter. 2010-05-04 7.5 CVE-2010-1701
VUPEN
MISC
SECUNIA
rocky.nu -- modelbook
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter. 2010-05-04 7.5 CVE-2010-1705
VUPEN
MISC
SECUNIA
roxio -- cineplayer
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method. 2010-05-06 9.3 CVE-2009-4840
XF
MILW0RM
roxio -- cineplayer
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559. 2010-05-06 9.3 CVE-2009-4841
MILW0RM
satyadeep -- scratcher
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-05-06 7.5 CVE-2010-1743
XF
BID
MISC
SECUNIA
MISC
OSVDB
taskfreak -- taskfreak
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action. 2010-05-06 7.5 CVE-2010-1583
XF
MISC
BID
MISC
MISC
tetex -- tetex
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. 2010-05-07 7.5 CVE-2010-0827
CONFIRM
UBUNTU
CONFIRM
CONFIRM
CONFIRM
toutvirtual -- virtualiq
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console. 2010-05-07 7.5 CVE-2009-4843
BUGTRAQ
MISC
SECUNIA
whmcs -- whmcs
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. 2010-05-04 7.5 CVE-2010-1702
XF
BID
MISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2daybiz -- polls_script
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field. 2010-05-04 4.3 CVE-2010-1703
XF
XF
BID
MISC
SECUNIA
MISC
apple -- safari
WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. 2010-05-06 4.3 CVE-2010-1729
MISC
aspindir -- krm_haber
KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. 2010-05-06 5.0 CVE-2010-1736
XF
SECUNIA
MISC
OSVDB
base -- basic_analysis_and_security_engine
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information. 2010-05-06 4.3 CVE-2009-4837
MISC
CONFIRM
SECUNIA
CONFIRM
base -- basic_analysis_and_security_engine
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php. 2010-05-06 4.3 CVE-2009-4839
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
carlos_eduardo_sotelo_pinto -- 0.1.0
PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter. 2010-05-06 6.8 CVE-2010-1737
VUPEN
BID
MISC
SECUNIA
MISC
cisco -- router_and_security_device_manager
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. 2010-05-04 4.3 CVE-2010-0594
JVNDB
JVN
dev.pucit.edu.pk -- com_arcadegames
Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-04 5.0 CVE-2010-1714
XF
VUPEN
OSVDB
MISC
SECUNIA
MISC
dolphin -- dolphin_browser
Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. 2010-05-06 5.0 CVE-2010-1730
MISC
g5-scripts -- auto-img-gallery
Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters. 2010-05-04 4.3 CVE-2010-1709
XF
MISC
BID
SECUNIA
google -- chrome
Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. 2010-05-06 4.3 CVE-2010-1731
MISC
joomla -- com_if_surfalert
Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-04 6.8 CVE-2010-1717
VUPEN
MISC
SECUNIA
joomla -- com_market
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-04 6.8 CVE-2010-1722
XF
OSVDB
MISC
SECUNIA
MISC
joomla -- com_drawroot
Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-04 6.8 CVE-2010-1723
VUPEN
MISC
SECUNIA
lispeltuut -- com_archeryscores
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. 2010-05-04 6.8 CVE-2010-1718
BID
MISC
SECUNIA
malcom_box -- lxr_cross_referencer
Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via a title string. 2010-05-06 4.3 CVE-2010-1738
BID
CONFIRM
CONFIRM
XF
OSVDB
SECUNIA
CONFIRM
mega-nerd -- libsndfile
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. 2010-05-06 4.3 CVE-2009-4835
VUPEN
BID
SECUNIA
CONFIRM
microsoft -- windows_2000
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. 2010-05-06 4.9 CVE-2010-1734
BID
BUGTRAQ
MISC
SECUNIA
microsoft -- windows_2000
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. 2010-05-06 4.9 CVE-2010-1735
BID
BUGTRAQ
MISC
SECUNIA
mochasoft -- mocha_w32_lpd
Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information. 2010-05-04 5.0 CVE-2010-1687
OSVDB
MISC
MISC
SECUNIA
moto-treks -- com_mtfireeagle
Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-05-04 6.8 CVE-2010-1719
XF
BID
MISC
SECUNIA
MISC
OSVDB
ocsinventory-ng -- ocs_inventory_ng
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-05-06 6.8 CVE-2010-1733
XF
SECUNIA
OSVDB
openttd -- openttd
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. 2010-05-05 6.5 CVE-2010-0401
CONFIRM
SECUNIA
CONFIRM
openttd -- openttd
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command. 2010-05-05 6.5 CVE-2010-0402
CONFIRM
SECUNIA
openttd -- openttd
OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. 2010-05-05 4.0 CVE-2010-0406
CONFIRM
SECUNIA
CONFIRM
piwigo -- piwigo
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. 2010-05-04 4.3 CVE-2010-1707
VUPEN
CONFIRM
pucit.edu -- com_onlineexam
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-05-04 6.8 CVE-2010-1715
XF
OSVDB
MISC
SECUNIA
MISC
ramoncastro -- siestta
Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the idioma parameter. 2010-05-04 6.8 CVE-2010-1710
XF
BID
OSVDB
MISC
SECUNIA
MISC
ramoncastro -- siestta
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter. 2010-05-04 4.3 CVE-2010-1711
XF
BID
OSVDB
MISC
SECUNIA
MISC
satyadeep -- scratcher
Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter. 2010-05-06 4.3 CVE-2010-1742
XF
BID
MISC
SECUNIA
MISC
OSVDB
toolsjx -- table_jx
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php. 2010-05-06 4.3 CVE-2010-1746
XF
VUPEN
BID
MISC
toutvirtual -- virtualiq
Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the (4) firstName, (5) lastName, or (6) email parameter in a save action to tvserver/user/user.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-05-07 4.3 CVE-2009-4842
SECUNIA
toutvirtual -- virtualiq
ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request. 2010-05-07 5.0 CVE-2009-4844
BUGTRAQ
MISC
toutvirtual -- virtualiq
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields. 2010-05-07 5.0 CVE-2009-4845
BUGTRAQ
MISC
webmobo -- wbnews
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information. 2010-05-04 4.3 CVE-2010-1712
XF
BID
OSVDB
MISC
MISC
MISC
SECUNIA
MISC
xpressengine -- zeroboard
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php. 2010-05-04 6.8 CVE-2009-4834
XF
BID
MILW0RM
zikula -- zikula_application_framework
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). 2010-05-06 6.4 CVE-2010-1732
MISC
CONFIRM
zikula -- zikula_application_framework
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php. 2010-05-06 4.3 CVE-2010-1724
XF
BUGTRAQ
OSVDB
MISC
MISC
SECUNIA
OSVDB
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
mytty -- webapplication_finger_printer
Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. 2010-05-062.1 CVE-2010-1438
BID
MLIST
MLIST
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top