U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-137)

Vulnerability Summary for the Week of May 10, 2010

Original release date: May 17, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
29o3_cms -- 29o3_cms
Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/. 2010-05-12 7.5 CVE-2010-1922
VUPEN
BID
BUGTRAQ
MISC
MISC
abushhab -- alwasel
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php. 2010-05-11 7.5 CVE-2009-4862
XF
MILW0RM
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. 2010-05-13 9.3 CVE-2010-0127
VUPEN
CONFIRM
MISC
SECUNIA
adobe -- director
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. 2010-05-13 9.3 CVE-2010-0128
VUPEN
CONFIRM
MISC
MISC
SECUNIA
adobe -- shockwave_player
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. 2010-05-13 9.3 CVE-2010-0129
VUPEN
CONFIRM
IDEFENSE
MISC
SECUNIA
MISC
FULLDISC
adobe -- shockwave_player
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. 2010-05-13 9.3 CVE-2010-0130
VUPEN
CONFIRM
MISC
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. 2010-05-13 9.3 CVE-2010-0986
VUPEN
CONFIRM
MISC
SECUNIA
adobe -- shockwave_player
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. 2010-05-13 9.3 CVE-2010-0987
VUPEN
CONFIRM
MISC
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. 2010-05-13 9.3 CVE-2010-1280
VUPEN
CONFIRM
MISC
MISC
SECUNIA
FULLDISC
adobe -- shockwave_player
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. 2010-05-13 9.3 CVE-2010-1281
VUPEN
CONFIRM
MISC
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. 2010-05-13 9.3 CVE-2010-1283
VUPEN
CONFIRM
MISC
SECUNIA
adobe -- shockwave_player
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. 2010-05-13 9.3 CVE-2010-1292
VUPEN
CONFIRM
MISC
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. 2010-05-13 9.3 CVE-2010-1284
VUPEN
CONFIRM
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. 2010-05-13 9.3 CVE-2010-1286
VUPEN
CONFIRM
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. 2010-05-13 9.3 CVE-2010-1287
VUPEN
CONFIRM
SECUNIA
adobe -- shockwave_player
Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors. 2010-05-13 9.3 CVE-2010-1288
VUPEN
CONFIRM
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. 2010-05-13 9.3 CVE-2010-1289
VUPEN
CONFIRM
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291. 2010-05-13 9.3 CVE-2010-1290
VUPEN
CONFIRM
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290. 2010-05-13 9.3 CVE-2010-1291
VUPEN
CONFIRM
SECUNIA
ajsquare -- aj_shopping_cart
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. 2010-05-12 7.5 CVE-2010-1876
XF
MISC
SECUNIA
MISC
apple -- safari
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. 2010-05-13 7.6 CVE-2010-1939
CERT-VN
VUPEN
BID
OSVDB
SECTRACK
SECUNIA
MISC
MISC
artifex -- gpl_ghostscript
Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. 2010-05-12 9.3 CVE-2010-1869
MISC
awingsoft -- awakening_winds3d_viewer_plugin
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file. 2010-05-07 9.3 CVE-2009-4850
MISC
MISC
SECUNIA
OSVDB
blueflyingfish.no-ip -- com_orgchart
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-12 7.5 CVE-2010-1878
XF
BID
MISC
MISC
campware.org -- campsite
SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. 2010-05-07 7.5 CVE-2010-1867
CONFIRM
MISC
com-property -- com_properties
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. 2010-05-12 7.5 CVE-2010-1874
XF
BID
MISC
SECUNIA
com-property -- com_properties
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-05-12 7.5 CVE-2010-1875
XF
BID
OSVDB
MISC
SECUNIA
consona -- consona_dynamic_agent
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \.pipe__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service. 2010-05-12 7.2 CVE-2010-1906
CERT-VN
CONFIRM
MISC
BUGTRAQ
MISC
SECUNIA
consona -- consona_dynamic_agent
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile. 2010-05-12 9.3 CVE-2010-1908
CERT-VN
MISC
BUGTRAQ
MISC
SECUNIA
consona -- consona_dynamic_agent
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information. 2010-05-12 7.6 CVE-2010-1909
CERT-VN
MISC
BUGTRAQ
MISC
SECUNIA
consona -- consona_dynamic_agent
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack. 2010-05-12 9.3 CVE-2010-1911
CERT-VN
CONFIRM
MISC
BUGTRAQ
MISC
consona -- consona_dynamic_agent
The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks." 2010-05-12 9.3 CVE-2010-1912
CERT-VN
MISC
BUGTRAQ
MISC
consona -- consona_dynamic_agent
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server. 2010-05-12 9.3 CVE-2010-1913
CERT-VN
MISC
BUGTRAQ
MISC
csphere -- clansphere
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php). 2010-05-07 7.5 CVE-2010-1865
CONFIRM
CONFIRM
XF
VUPEN
BID
CONFIRM
SECUNIA
MISC
MISC
OSVDB
OSVDB
demarque -- typing_pal
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. 2010-05-11 7.5 CVE-2009-4860
MILW0RM
efrontlearning -- efront
SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. 2010-05-12 7.5 CVE-2010-1918
VUPEN
BID
MISC
SECUNIA
MISC
OSVDB
gnustep -- gnustep_base
Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow. 2010-05-12 7.2 CVE-2010-1620
CONFIRM
CONFIRM
CONFIRM
SECUNIA
CONFIRM
MLIST
MLIST
hp -- loadrunner
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. 2010-05-07 10.0 CVE-2010-1549
HP
HP
hp -- openview_network_node_manager
Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter. 2010-05-13 10.0 CVE-2010-1550
HP
MISC
hp -- openview_network_node_manager
Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter. 2010-05-13 10.0 CVE-2010-1551
MISC
HP
hp -- openview_network_node_manager
Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters. 2010-05-13 10.0 CVE-2010-1552
HP
MISC
hp -- openview_network_node_manager
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter. 2010-05-13 10.0 CVE-2010-1553
HP
MISC
hp -- openview_network_node_manager
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter. 2010-05-13 10.0 CVE-2010-1554
HP
MISC
hp -- openview_network_node_manager
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter. 2010-05-13 10.0 CVE-2010-1555
HP
MISC
jtmreseller -- com_jtm
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php. 2010-05-12 7.5 CVE-2010-1877
XF
BID
MISC
MISC
jvehicles -- com_jvehicles
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. 2010-05-12 7.5 CVE-2010-1873
XF
BID
OSVDB
MISC
SECUNIA
MISC
MISC
logoshows -- logoshows_bbs
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. 2010-05-11 7.5 CVE-2009-4871
XF
MILW0RM
logoshows -- logoshows_bbs
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. 2010-05-11 7.5 CVE-2009-4872
MILW0RM
microsoft -- office
VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." 2010-05-12 9.3 CVE-2010-0815
MS
microsoft -- outlook_express
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability." 2010-05-12 9.3 CVE-2010-0816
MS
BID
MISC
BUGTRAQ
php -- php
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. 2010-05-07 7.5 CVE-2010-1868
MISC
MISC
MISC
phpcityportal -- phpcityportal
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information. 2010-05-11 7.5 CVE-2009-4870
MILW0RM
SECUNIA
phpscripte24 -- web_social_network_freunde_community
SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action. 2010-05-12 7.5 CVE-2010-1923
SECUNIA
MISC
OSVDB
phpscripte24 -- live_shopping_multi_portal_system
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter. 2010-05-12 7.5 CVE-2010-1924
XF
BID
MISC
SECUNIA
OSVDB
rifat_kurban -- tekno.portal
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. 2010-05-12 7.5 CVE-2010-1925
VUPEN
BID
MISC
SECUNIA
MISC
s9y -- serendipity
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin. 2010-05-12 7.5 CVE-2010-1916
MISC
MISC
typo3 -- typo3
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. 2010-05-11 7.5 CVE-2009-4855
XF
BID
MILW0RM
ultraplayer -- ultraplayer_media_player
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file. 2010-05-11 9.3 CVE-2009-4863
XF
VUPEN
BID
MILW0RM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- coldfusion
Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. 2010-05-13 4.3 CVE-2009-3467
VUPEN
CONFIRM
SECUNIA
adobe -- shockwave_player
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. 2010-05-13 4.3 CVE-2010-1282
VUPEN
CONFIRM
MISC
FULLDISC
adobe -- coldfusion
Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-05-13 4.3 CVE-2010-1293
VUPEN
CONFIRM
SECUNIA
cmsmadesimple -- cms_made_simple
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter. 2010-05-12 4.3 CVE-2010-1482
BID
BUGTRAQ
MISC
CONFIRM
consona -- consona_dynamic_agent
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp. 2010-05-12 4.3 CVE-2010-1905
CERT-VN
CONFIRM
MISC
BID
BUGTRAQ
MISC
SECUNIA
consona -- consona_dynamic_agent
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method. 2010-05-12 4.3 CVE-2010-1907
CERT-VN
MISC
BUGTRAQ
MISC
consona -- consona_dynamic_agent
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields. 2010-05-12 5.1 CVE-2010-1910
CERT-VN
CONFIRM
BID
BUGTRAQ
MISC
SECUNIA
ecomstudio -- php_easy_shopping_cart
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter. 2010-05-11 4.3 CVE-2009-4856
XF
SECUNIA
MISC
OSVDB
ecomstudio -- php_photo_vote1.3f
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2010-05-11 4.3 CVE-2009-4857
XF
SECUNIA
MISC
OSVDB
ethereal_group -- ethereal
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. 2010-05-12 4.3 CVE-2010-1455
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
OSVDB
SECUNIA
gnustep -- gnustep_base
Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. 2010-05-12 4.9 CVE-2010-1457
CONFIRM
CONFIRM
BID
MLIST
CONFIRM
SECUNIA
CONFIRM
hitronsoft -- answer_me
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information. 2010-05-11 4.3 CVE-2009-4868
SECUNIA
MISC
hitronsoft -- nasim_guest_book
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2010-05-11 4.3 CVE-2009-4869
SECUNIA
MISC
i-escorts -- i-escorts_agency_script
Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. 2010-05-11 4.3 CVE-2009-4864
XF
MISC
i-escorts -- i-escorts_agency_script
Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. 2010-05-11 6.8 CVE-2009-4865
XF
SECUNIA
MISC
OSVDB
matt_wright -- simple_search
Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information. 2010-05-11 4.3 CVE-2009-4866
XF
SECUNIA
MISC
OSVDB
onlinetechtools.com -- owos_lite
Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. 2010-05-11 4.3 CVE-2009-4859
SECUNIA
MISC
openmairie -- openannuaire
Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. 2010-05-12 6.8 CVE-2010-1920
VUPEN
BID
MISC
SECUNIA
MISC
openmairie -- openannuaire
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/. 2010-05-12 6.8 CVE-2010-1921
VUPEN
BID
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
openmairie -- opencourrier
Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information. 2010-05-12 6.8 CVE-2010-1926
VUPEN
OSVDB
MISC
SECUNIA
MISC
openmairie -- opencourrier
Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information. 2010-05-12 6.8 CVE-2010-1927
VUPEN
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
openmairie -- openplanning
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. 2010-05-12 6.8 CVE-2010-1928
XF
OSVDB
MISC
SECUNIA
MISC
openmairie -- openplanning
Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/. 2010-05-12 6.8 CVE-2010-1934
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
openmairie -- openpresse
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. 2010-05-12 6.8 CVE-2010-1935
XF
OSVDB
MISC
SECUNIA
MISC
openmairie -- opencominterne
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. 2010-05-12 6.8 CVE-2010-1936
XF
OSVDB
MISC
SECUNIA
MISC
php -- php
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. 2010-05-12 5.0 CVE-2010-1914
MISC
MISC
MISC
php -- php
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. 2010-05-12 5.0 CVE-2010-1915
MISC
php -- php
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. 2010-05-12 5.0 CVE-2010-1917
MISC
realitymedias -- repairshop2
SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-05-07 6.8 CVE-2010-1857
BID
SECUNIA
supportpro -- supportdesk
Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. 2010-05-11 4.3 CVE-2009-4861
SECUNIA
MISC
tony_million -- tuniac
Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file. 2010-05-11 4.3 CVE-2009-4867
XF
VUPEN
MILW0RM
toutvirtual -- virtualiq
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields. 2010-05-07 5.0 CVE-2009-4845
BUGTRAQ
MISC
transmissionbt -- transmission
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. 2010-05-07 6.8 CVE-2010-1853
BID
VUPEN
OSVDB
CONFIRM
CONFIRM
CONFIRM
SECUNIA
tufat -- flashcard
Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. 2010-05-12 4.3 CVE-2010-1872
MISC
BID
SECUNIA
MISC
turnkeyforms -- yahoo-answers-clone
Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. 2010-05-11 4.3 CVE-2009-4858
SECUNIA
MISC
vmware -- view_manager
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-05-07 4.3 CVE-2010-1143
CONFIRM
MLIST
BID
SECTRACK
xoops -- xoops
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. 2010-05-07 5.0 CVE-2009-4851
CONFIRM
MISC
VUPEN
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- coldfusion
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. 2010-05-132.1 CVE-2010-1294
VUPEN
CONFIRM
SECUNIA
pmwiki -- pmwiki
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute. 2010-05-123.5 CVE-2010-1481
BID
BUGTRAQ
SECUNIA
MISC
redhat -- enterprise_linux
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. 2010-05-122.6 CVE-2010-0730
REDHAT
CONFIRM
BID
SECUNIA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top