U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-144)

Vulnerability Summary for the Week of May 17, 2010

Original release date: May 24, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
artifex -- gpl_ghostscript
Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. 2010-05-19 7.5 CVE-2010-1628
MISC
VUPEN
BID
BUGTRAQ
MLIST
MLIST
SECUNIA
FULLDISC
MISC
bsplayer -- bs.player
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068. 2010-05-20 9.3 CVE-2010-2004
XF
VUPEN
BID
MISC
MISC
MISC
SECUNIA
cisco -- pgw_2200_softswitch
The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126. 2010-05-14 7.8 CVE-2010-0601
CISCO
BID
OSVDB
cisco -- pgw_2200_softswitch
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606. 2010-05-14 7.8 CVE-2010-0602
CISCO
BID
OSVDB
cisco -- pgw_2200_softswitch
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030. 2010-05-14 7.8 CVE-2010-0603
CISCO
BID
cisco -- pgw_2200_softswitch
Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165. 2010-05-14 7.8 CVE-2010-0604
CISCO
BID
OSVDB
cisco -- pgw_2200_softswitch
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115. 2010-05-14 7.8 CVE-2010-1561
CISCO
BID
OSVDB
cisco -- pgw_2200_softswitch
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521. 2010-05-14 7.8 CVE-2010-1562
CISCO
OSVDB
cisco -- pgw_2200_softswitch
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588. 2010-05-14 7.8 CVE-2010-1563
CISCO
BID
OSVDB
cisco -- pgw_2200_softswitch
Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561. 2010-05-14 7.8 CVE-2010-1565
CISCO
BID
OSVDB
cisco -- pgw_2200_softswitch
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590. 2010-05-14 7.8 CVE-2010-1567
CISCO
BID
OSVDB
cmstactics -- com_beeheard
Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 7.5 CVE-2010-1952
XF
BID
MISC
SECUNIA
MISC
datalifecms -- datalife_engine
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php. 2010-05-20 7.5 CVE-2010-2005
XF
BID
MISC
dovecot -- dovecot
Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. 2010-05-20 7.8 CVE-2010-0745
MLIST
CONFIRM
VUPEN
MLIST
CONFIRM
MLIST
SUSE
MLIST
emultisoft -- com_jnewspaper
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-05-19 7.5 CVE-2010-1949
MISC
SECUNIA
freedownloadmanager -- free_download_manager
Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect. 2010-05-17 10.0 CVE-2010-0998
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
OSVDB
OSVDB
OSVDB
freedownloadmanager -- free_download_manager
Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. 2010-05-17 7.1 CVE-2010-0999
XF
BID
BUGTRAQ
MISC
OSVDB
gohigheris -- com_jwhmcs
Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 7.5 CVE-2010-1977
BID
MISC
SECUNIA
hp -- nfs/oncplus
Unspecified vulnerability in NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service or gain privileges via unknown vectors. 2010-05-20 10.0 CVE-2010-1039
BID
SECUNIA
HP
HP
joomlacomponent.inetlanka -- com_multimap
Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 7.5 CVE-2010-1953
VUPEN
BID
MISC
SECUNIA
joomlacomponent.inetlanka -- com_multiroot
Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-05-19 7.5 CVE-2010-1954
VUPEN
BID
MISC
SECUNIA
mozilla -- firefox
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. 2010-05-20 10.0 CVE-2010-1988
MISC
BUGTRAQ
nec -- bladesystemcenter
Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010. 2010-05-19 7.8 CVE-2010-1941
BID
CONFIRM
SECUNIA
OSVDB
JVNDB
JVN
nec -- capsuite_patchmeister
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015. 2010-05-19 7.8 CVE-2010-1943
VUPEN
BID
CONFIRM
MISC
SECUNIA
OSVDB
JVNDB
JVN
phpbb -- phpbb
Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." 2010-05-19 7.5 CVE-2010-1630
CONFIRM
MLIST
MLIST
MLIST
MISC
phpgroupware -- phpgroupware
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/. 2010-05-19 7.5 CVE-2010-0404
MLIST
CONFIRM
CONFIRM
VUPEN
VUPEN
DEBIAN
SECUNIA
SECUNIA
postgresql -- postgresql
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. 2010-05-19 8.5 CVE-2010-1169
CONFIRM
CONFIRM
VUPEN
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
postgresql -- postgresql
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which might allow remote attackers to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. 2010-05-19 8.5 CVE-2010-1447
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
redcomponent -- com_redtwitter
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-05-19 7.5 CVE-2010-1983
XF
BID
MISC
SECUNIA
MISC
OSVDB
MISC
roberto_aloi -- com_joomlaflickr
Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 7.5 CVE-2010-1980
BID
CONFIRM
XF
MISC
SECUNIA
MISC
thefactory -- com_blogfactory
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 7.5 CVE-2010-1955
XF
BID
MISC
SECUNIA
MISC
OSVDB
thefactory -- com_gadgetfactory
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-05-19 7.5 CVE-2010-1956
CONFIRM
XF
VUPEN
BID
MISC
SECUNIA
MISC
OSVDB
thefactory -- com_lovefactory
Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 7.5 CVE-2010-1957
XF
BID
MISC
SECUNIA
MISC
OSVDB
tomatocms -- tomatocms
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO. 2010-05-20 7.5 CVE-2010-1994
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
60cycle -- 60cyclecms
Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php. 2010-05-19 6.8 CVE-2010-1951
XF
BID
BUGTRAQ
MISC
affiliatefeeds -- com_datafeeds
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 6.8 CVE-2010-1979
XF
BID
MISC
SECUNIA
apple -- safari
Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-05-14 4.3 CVE-2010-1940
XF
SECUNIA
derrick_brashear -- kadmind
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. 2010-05-19 6.8 CVE-2010-1321
BUGTRAQ
CONFIRM
REDHAT
MANDRIVA
emultisoft -- com_jnewspaper
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-05-19 6.8 CVE-2010-1950
SECUNIA
fabrikar -- com_fabrikar
Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-05-19 6.8 CVE-2010-1981
XF
MISC
MISC
freephpblogsoftware -- freephpblogsoftware
PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter. NOTE: some of these details are obtained from third party information. 2010-05-19 6.8 CVE-2010-1978
XF
BID
OSVDB
MISC
SECUNIA
fujitsu -- interstage_application_server
Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device. 2010-05-19 6.4 CVE-2010-1942
VUPEN
CONFIRM
BID
CONFIRM
SECUNIA
OSVDB
JVNDB
JVN
google -- chrome
Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. 2010-05-20 5.0 CVE-2010-1992
BUGTRAQ
MISC
hp -- multifunction_peripheral_digital_sending_software
Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors. 2010-05-14 4.7 CVE-2010-1558
XF
BID
OSVDB
HP
HP
hp -- systems_insight_manager
Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors. 2010-05-14 6.4 CVE-2010-1556
BID
HP
HP
hp -- insight_control_server_migration_for_windows
Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-05-14 4.3 CVE-2010-1557
OSVDB
HP
HP
ibm -- websphere_application_server
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. 2010-05-17 4.3 CVE-2010-0774
XF
AIXAPAR
ibm -- websphere_application_server
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. 2010-05-17 5.0 CVE-2010-0775
XF
ibm -- websphere_application_server
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. 2010-05-17 5.0 CVE-2010-0776
XF
irfanview -- irfanview
IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error." 2010-05-14 5.0 CVE-2010-1509
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
CONFIRM
irfanview -- irfanview
Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. 2010-05-14 5.0 CVE-2010-1510
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
CONFIRM
joomlart -- com_javoice
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. 2010-05-19 5.0 CVE-2010-1982
BID
MISC
SECUNIA
MISC
kde -- kde_sc
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. 2010-05-17 4.3 CVE-2010-1000
XF
VUPEN
VUPEN
UBUNTU
BID
BUGTRAQ
BUGTRAQ
MANDRIVA
CONFIRM
SECTRACK
MISC
SECUNIA
SECUNIA
OSVDB
MLIST
kde -- kde_sc
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. 2010-05-17 5.0 CVE-2010-1511
XF
VUPEN
VUPEN
UBUNTU
BID
BUGTRAQ
BUGTRAQ
CONFIRM
SECTRACK
MISC
SECUNIA
SECUNIA
OSVDB
MLIST
letodms -- letodms
Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. 2010-05-20 6.5 CVE-2010-2006
MISC
XF
BUGTRAQ
SECUNIA
OSVDB
letodms -- letodms
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms. 2010-05-20 6.8 CVE-2010-2007
MISC
XF
BUGTRAQ
SECUNIA
OSVDB
microsoft -- windows_7
cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, does not perform the expected data parsing after user-mode data is copied to kernel mode, which allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys. 2010-05-14 4.9 CVE-2009-3678
XF
VUPEN
BID
CONFIRM
MISC
MISC
MISC
CONFIRM
CONFIRM
microsoft -- ie
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. 2010-05-20 5.0 CVE-2010-1991
BUGTRAQ
MISC
mozilla -- firefox
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. 2010-05-20 5.0 CVE-2010-1986
MISC
BUGTRAQ
mozilla -- firefox
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. 2010-05-20 5.0 CVE-2010-1987
MISC
BUGTRAQ
mozilla -- firefox
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. 2010-05-20 5.0 CVE-2010-1990
BUGTRAQ
MISC
mysql -- mysql
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. 2010-05-14 5.0 CVE-2010-1621
MANDRIVA
CONFIRM
CONFIRM
openmairie -- opencimetiere
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/. 2010-05-19 6.8 CVE-2010-1944
XF
VUPEN
BID
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
openmairie -- openfoncier
Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/. 2010-05-19 6.8 CVE-2010-1945
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
openmairie -- openregistrecil
Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/. 2010-05-19 6.8 CVE-2010-1946
BID
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
MISC
SECUNIA
MISC
openmairie -- openregistrecil
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069. 2010-05-19 6.8 CVE-2010-1947
BID
OSVDB
MISC
SECUNIA
MISC
openmairie -- openfoncier
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. 2010-05-19 6.8 CVE-2010-1948
OSVDB
MISC
SECUNIA
MISC
openmairie -- opencatalogue
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. 2010-05-20 6.8 CVE-2010-1999
VUPEN
OSVDB
MISC
SECUNIA
MISC
opera -- opera_browser
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. 2010-05-20 5.0 CVE-2010-1989
BUGTRAQ
MISC
opera -- opera_browser
Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. 2010-05-20 5.0 CVE-2010-1993
BUGTRAQ
MISC
palo_alto_networks -- firewall
Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. 2010-05-14 4.3 CVE-2010-0475
XF
MISC
BUGTRAQ
phorum -- phorum
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. 2010-05-19 4.3 CVE-2010-1629
CONFIRM
MLIST
MLIST
phpbb -- phpbb
feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum. 2010-05-19 4.3 CVE-2010-1627
CONFIRM
MLIST
MLIST
phpgroupware -- phpgroupware
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter. 2010-05-19 6.8 CVE-2010-0403
VUPEN
CONFIRM
CONFIRM
VUPEN
DEBIAN
SECUNIA
SECUNIA
MLIST
pidgin -- pidgin
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service (application crash) via a custom emoticon in a malformed SLP message. 2010-05-14 5.0 CVE-2010-1624
XF
VUPEN
BID
CONFIRM
MANDRIVA
SECUNIA
CONFIRM
CONFIRM
postgresql -- postgresql
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. 2010-05-19 6.0 CVE-2010-1170
VUPEN
CONFIRM
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
postgresql -- postgresql
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. 2010-05-19 5.5 CVE-2010-1975
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
proxy2 -- advanced_poll
Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter. 2010-05-20 4.3 CVE-2010-2003
XF
BID
BUGTRAQ
MISC
SECUNIA
MISC
OSVDB
rafael_garcia-suarez -- safe
Multiple unspecified vulnerabilities in the Safe (aka Safe.pm) module before 2.25 for Perl allow context-dependent attackers to inject and execute arbitrary code via vectors related to "automagic methods." NOTE: this might overlap CVE-2010-1169 or CVE-2010-1447. 2010-05-19 6.8 CVE-2010-1974
CONFIRM
CONFIRM
sixapart -- movable_type
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. 2010-05-19 4.3 CVE-2010-1985
VUPEN
CONFIRM
CONFIRM
SECUNIA
JVNDB
JVN
tatsuhiro_tsujikawa -- aria2
Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. 2010-05-17 4.3 CVE-2010-1512
BID
BUGTRAQ
OSVDB
DEBIAN
MISC
SECUNIA
CONFIRM
vmware -- tc_server
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password. 2010-05-19 6.8 CVE-2010-1454
CONFIRM
BID
BUGTRAQ
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
addison_berry -- wordfilter
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list. 2010-05-202.1 CVE-2010-2002
BID
CONFIRM
CONFIRM
CONFIRM
SECUNIA
ibm -- websphere_application_server
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. 2010-05-172.6 CVE-2010-0777
XF
kevinhankens -- tablefield
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers. 2010-05-202.1 CVE-2010-1998
VUPEN
CONFIRM
CONFIRM
XF
BID
OSVDB
SECUNIA
michael_nichols -- taxonomy_breadcrumb
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. 2010-05-192.1 CVE-2010-1976
CONFIRM
XF
SECUNIA
OSVDB
MISC
MISC
michael_nichols -- taxonomy_breadcrumb
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display. 2010-05-192.1 CVE-2010-1984
XF
SECUNIA
OSVDB
CONFIRM
MISC
MISC
ninjitsuweb -- civiregister
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. 2010-05-202.6 CVE-2010-2001
BID
CONFIRM
CONFIRM
SECUNIA
ron_jerome -- bibliography
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358. 2010-05-202.1 CVE-2010-2000
BID
CONFIRM
CONFIRM
CONFIRM
SECUNIA
saurus -- saurus_cms
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. 2010-05-202.1 CVE-2010-1997
BID
BUGTRAQ
MISC
SECUNIA
MISC
OSVDB
steven_jones -- context
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. 2010-05-192.1 CVE-2010-1584
CONFIRM
XF
MISC
BID
MISC
MISC
CONFIRM
CONFIRM
MISC
tomatocms -- tomatocms
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO. 2010-05-202.1 CVE-2010-1995
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
MISC
tomatocms -- tomatocms
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO. 2010-05-202.1 CVE-2010-1996
XF
XF
XF
BID
SECUNIA
OSVDB
OSVDB
OSVDB
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top