U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-179)

Vulnerability Summary for the Week of June 21, 2010

Original release date: June 28, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
activewebsoftwares -- ewebquiz
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706. 2010-06-21 7.5 CVE-2010-2359
XF
VUPEN
BID
adobe -- indesign_cs3
Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file. 2010-06-18 9.3 CVE-2010-2321
XF
MISC
VUPEN
BID
OSVDB
EXPLOIT-DB
SECUNIA
anecms -- anecms_blog
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. 2010-06-24 7.5 CVE-2010-2436
XF
BID
BUGTRAQ
MISC
apache -- axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. 2010-06-22 7.5 CVE-2010-1632
CONFIRM
CONFIRM
VUPEN
VUPEN
CONFIRM
SECUNIA
SECUNIA
MISC
apple -- itunes
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. 2010-06-18 10.0 CVE-2010-1387
XF
VUPEN
BID
CONFIRM
CONFIRM
SECTRACK
SECUNIA
APPLE
APPLE
apple -- itunes
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. 2010-06-18 10.0 CVE-2010-1763
XF
VUPEN
CONFIRM
SECTRACK
SECUNIA
APPLE
apple -- itunes
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. 2010-06-18 10.0 CVE-2010-1769
XF
VUPEN
BID
CONFIRM
CONFIRM
SECTRACK
SECUNIA
APPLE
APPLE
dennisre -- audio_converter
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file. 2010-06-21 9.3 CVE-2010-2343
XF
VUPEN
BID
EXPLOIT-DB
EXPLOIT-DB
MISC
SECUNIA
OSVDB
dmxready -- online_notebook_manager
SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. 2010-06-21 7.5 CVE-2010-2342
BID
EXPLOIT-DB
eicrasoft -- eicra_realestate_script
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information. 2010-06-21 7.5 CVE-2010-2357
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
ezpx -- ezpx_photoblog
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter. 2010-06-18 7.5 CVE-2010-2341
XF
VUPEN
BID
EXPLOIT-DB
MISC
freesoftwaretoolbox -- batch_audio_converter
Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file. 2010-06-21 9.3 CVE-2010-2348
XF
BID
EXPLOIT-DB
SECUNIA
ibm -- websphere_application_server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. 2010-06-18 7.5 CVE-2010-2324
VUPEN
AIXAPAR
SECUNIA
laubrotel -- g.cms_generator
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php. 2010-06-24 7.5 CVE-2010-2438
XF
EXPLOIT-DB
moreforge -- moreamp
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file). 2010-06-24 9.3 CVE-2010-2439
XF
EXPLOIT-DB
EXPLOIT-DB
mozilla -- firefox
Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. 2010-06-24 9.3 CVE-2010-0183
CONFIRM
BID
CONFIRM
mozilla -- firefox
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. 2010-06-24 9.3 CVE-2010-1196
CONFIRM
BID
CONFIRM
mozilla -- firefox
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. 2010-06-24 9.3 CVE-2010-1198
CONFIRM
BID
CONFIRM
mozilla -- firefox
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. 2010-06-24 9.3 CVE-2010-1199
CONFIRM
BID
CONFIRM
mozilla -- firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-06-24 9.3 CVE-2010-1200
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
mozilla -- firefox
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-06-24 9.3 CVE-2010-1201
CONFIRM
BID
CONFIRM
mozilla -- firefox
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-06-24 9.3 CVE-2010-1202
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
mozilla -- firefox
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-06-24 9.3 CVE-2010-1203
CONFIRM
CONFIRM
BID
CONFIRM
novell -- access_manager
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. 2010-06-18 10.0 CVE-2010-0284
XF
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
novell -- netware
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. 2010-06-21 10.0 CVE-2010-2351
CONFIRM
XF
VUPEN
MISC
BID
EXPLOIT-DB
SECUNIA
opera -- opera_browser
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues. 2010-06-22 10.0 CVE-2010-2421
VUPEN
BID
CONFIRM
CONFIRM
SECUNIA
php -- php
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. 2010-06-24 7.5 CVE-2010-2225
MISC
XF
BID
MISC
MISC
MISC
pilotgroup -- elms_pro
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter. 2010-06-21 7.5 CVE-2010-2354
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
rafael_garcia-suarez -- safe
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." 2010-06-21 7.5 CVE-2010-1168
CONFIRM
REDHAT
REDHAT
MLIST
MANDRIVA
MANDRIVA
SECTRACK
SECUNIA
SECUNIA
CONFIRM
CONFIRM
rosoftengineering -- rosoft_audio_converter
Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file. 2010-06-18 9.3 CVE-2010-2329
XF
BID
EXPLOIT-DB
SECUNIA
MISC
OSVDB
subdreamer -- subdreamer
SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action. 2010-06-18 7.5 CVE-2010-2339
XF
VUPEN
BID
BUGTRAQ
MISC
MISC
upredsun -- isharer_file_sharing_wizard
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header. 2010-06-18 9.3 CVE-2010-2330
XF
VUPEN
BID
MISC
EXPLOIT-DB
SECUNIA
OSVDB
upredsun -- isharer_file_sharing_wizard
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request. 2010-06-18 9.3 CVE-2010-2331
BID
EXPLOIT-DB
SECUNIA
upredsun -- subtitle_translation_wizard
Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information. 2010-06-24 9.3 CVE-2010-2440
BID
EXPLOIT-DB
SECUNIA
OSVDB
vunet -- vu_web_visitor_analyst
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information. 2010-06-18 7.5 CVE-2010-2338
XF
VUPEN
EXPLOIT-DB
SECUNIA
MISC
OSVDB
yamamah -- yamamah
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter. 2010-06-18 7.5 CVE-2010-2335
MISC
EXPLOIT-DB
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
anecms -- anecms_blog
Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php. 2010-06-24 4.3 CVE-2010-2437
XF
BID
BUGTRAQ
MISC
apache -- http_server
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. 2010-06-18 4.3 CVE-2010-2068
VUPEN
CONFIRM
CONFIRM
CONFIRM
XF
BID
BUGTRAQ
SECTRACK
SECUNIA
MLIST
apple -- cups
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. 2010-06-21 6.8 CVE-2010-0542
CONFIRM
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
apple -- iphone_os
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. 2010-06-22 4.3 CVE-2010-1407
XF
BID
CONFIRM
APPLE
apple -- iphone_os
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. 2010-06-22 5.0 CVE-2010-1751
XF
BID
CONFIRM
APPLE
apple -- iphone_os
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. 2010-06-22 6.8 CVE-2010-1752
XF
BID
CONFIRM
APPLE
apple -- iphone_os
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. 2010-06-22 6.8 CVE-2010-1753
XF
BID
CONFIRM
APPLE
apple -- iphone_os
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. 2010-06-22 6.9 CVE-2010-1754
XF
BID
CONFIRM
APPLE
apple -- iphone_os
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. 2010-06-22 4.3 CVE-2010-1755
XF
BID
CONFIRM
APPLE
apple -- iphone_os
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. 2010-06-22 5.8 CVE-2010-1756
BID
CONFIRM
APPLE
apple -- iphone_os
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. 2010-06-22 6.4 CVE-2010-1757
BID
BID
CONFIRM
APPLE
apple -- cups
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. 2010-06-22 6.9 CVE-2010-2431
CONFIRM
CONFIRM
apple -- cups
The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. 2010-06-22 5.0 CVE-2010-2432
CONFIRM
CONFIRM
apple -- webkit
WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. 2010-06-24 4.3 CVE-2010-2441
MISC
arabportal -- arab_portal
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action. 2010-06-18 6.8 CVE-2010-2340
BID
SECUNIA
MISC
OSVDB
daniel_mealha_cabrita -- ziproxy
Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file. 2010-06-21 6.8 CVE-2010-2350
VUPEN
CONFIRM
XF
SECUNIA
fenrir-inc -- activegeckobrowser
Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine. 2010-06-22 6.8 CVE-2010-2420
XF
CONFIRM
JVNDB
JVN
horde -- horde
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. 2010-06-22 5.0 CVE-2010-1638
MLIST
MLIST
ibm -- websphere_application_server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. 2010-06-18 5.0 CVE-2010-2323
VUPEN
AIXAPAR
AIXAPAR
SECUNIA
ibm -- websphere_application_server
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." 2010-06-18 4.3 CVE-2010-2325
VUPEN
AIXAPAR
SECUNIA
ibm -- websphere_application_server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file. 2010-06-18 4.3 CVE-2010-2326
VUPEN
BID
OSVDB
AIXAPAR
AIXAPAR
SECUNIA
ibm -- websphere_application_server
mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. 2010-06-18 4.3 CVE-2010-2327
VUPEN
OSVDB
AIXAPAR
AIXAPAR
SECUNIA
ibm -- websphere_application_server
The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression. 2010-06-18 5.0 CVE-2010-2328
AIXAPAR
AIXAPAR
ibm -- websphere_ilog_jrules
Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/. 2010-06-24 4.3 CVE-2010-2433
XF
BID
AIXAPAR
SECUNIA
ibm -- websphere_application_server
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-06-24 4.3 CVE-2010-0778
XF
ibm -- websphere_application_server
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-06-24 4.3 CVE-2010-0779
XF
impactfinancials -- impact_pdf_reader
Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request. 2010-06-18 5.0 CVE-2010-2332
XF
BID
EXPLOIT-DB
jeffkilroy -- nakid_cms
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information. 2010-06-21 5.1 CVE-2010-2358
XF
VUPEN
BID
EXPLOIT-DB
SECUNIA
karen_stevenson -- cck
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. 2010-06-21 5.0 CVE-2010-2352
CONFIRM
XF
VUPEN
SECUNIA
SECUNIA
OSVDB
FEDORA
FEDORA
FEDORA
litespeedtech -- litespeed_web_server
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. 2010-06-18 5.0 CVE-2010-2333
CONFIRM
MISC
EXPLOIT-DB
SECUNIA
FULLDISC
OSVDB
malcom_box -- lxr_cross_referencer
Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625. 2010-06-24 4.3 CVE-2010-1448
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
malcom_box -- lxr_cross_referencer
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448. 2010-06-24 4.3 CVE-2010-1625
MLIST
MLIST
MLIST
CONFIRM
MLIST
MLIST
matthias_klose -- fastjar
Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. 2010-06-18 5.8 CVE-2010-0831
CONFIRM
CONFIRM
CONFIRM
OSVDB
CONFIRM
MLIST
MLIST
MLIST
microsoft -- ie
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." 2010-06-24 4.3 CVE-2010-2442
MISC
mozilla -- firefox
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. 2010-06-24 4.3 CVE-2010-1197
CONFIRM
BID
CONFIRM
muscle -- pcsc-lite
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407. 2010-06-18 6.8 CVE-2009-4902
CONFIRM
VUPEN
VUPEN
BID
DEBIAN
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
muscle -- pcsc-lite
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled. 2010-06-18 6.8 CVE-2010-0407
CONFIRM
BID
DEBIAN
VUPEN
VUPEN
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
odcms -- odcms
Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php. 2010-06-21 4.3 CVE-2010-2344
XF
BID
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
SECUNIA
MISC
odcms -- odcms
Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests. 2010-06-21 6.8 CVE-2010-2345
XF
OSVDB
SECUNIA
MISC
pilotgroup -- elms_pro
Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-06-21 4.3 CVE-2010-2355
XF
BID
OSVDB
SECUNIA
pilotgroup -- elms_pro
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter. 2010-06-21 4.3 CVE-2010-2356
XF
BID
EXPLOIT-DB
plone -- plone
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform. 2010-06-24 4.3 CVE-2010-2422
CONFIRM
BID
SECUNIA
remotesensing -- libtiff
Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. 2010-06-24 6.8 CVE-2010-2065
CONFIRM
CONFIRM
UBUNTU
MISC
SECUNIA
remotesensing -- libtiff
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. 2010-06-24 6.8 CVE-2010-2067
CONFIRM
UBUNTU
CONFIRM
SECUNIA
OSVDB
CONFIRM
remotesensing -- libtiff
Unspecified vulnerability in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) via an OJPEG image with undefined strip offsets. 2010-06-24 5.0 CVE-2010-2443
CONFIRM
salvo_tomaselli -- weborf_http_server
Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers. 2010-06-24 5.0 CVE-2010-2435
BID
BUGTRAQ
SECUNIA
CONFIRM
sap -- j2ee_engine_core
The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. 2010-06-21 4.9 CVE-2010-2347
MISC
XF
SECTRACK
BID
BUGTRAQ
MISC
SECUNIA
FULLDISC
southrivertech -- titan_ftp_server
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. 2010-06-24 6.5 CVE-2010-2425
BID
BUGTRAQ
OSVDB
SECUNIA
southrivertech -- titan_ftp_server
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. 2010-06-24 4.0 CVE-2010-2426
XF
BID
BUGTRAQ
SECUNIA
OSVDB
splunk -- splunk
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. 2010-06-24 4.3 CVE-2010-2429
CONFIRM
XF
OSVDB
SECUNIA
springsource -- spring_framework
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. 2010-06-21 5.1 CVE-2010-1622
CONFIRM
BID
BUGTRAQ
EXPLOIT-DB
squirrelmail -- squirrelmail
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. 2010-06-22 4.0 CVE-2010-1637
MLIST
MISC
CONFIRM
BID
MLIST
MLIST
MISC
timhillone -- h264webcam
H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. 2010-06-21 5.0 CVE-2010-2349
EXPLOIT-DB
SECUNIA
wftpserver -- wing_ftp_server
Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. 2010-06-24 4.3 CVE-2010-2428
XF
BID
OSVDB
FULLDISC
FULLDISC
MISC
BUGTRAQ
yamamah -- yamamah
Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. 2010-06-18 5.0 CVE-2010-2334
CONFIRM
EXPLOIT-DB
SECUNIA
OSVDB
yamamah -- yamamah
index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter. 2010-06-18 5.0 CVE-2010-2336
MISC
EXPLOIT-DB
yves_chedemois -- cck
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes. 2010-06-21 5.0 CVE-2010-2353
CONFIRM
XF
VUPEN
SECUNIA
SECUNIA
OSVDB
FEDORA
FEDORA
FEDORA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- iphone_os
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. 2010-06-221.9 CVE-2010-1775
XF
BID
CONFIRM
APPLE
matthias_klose -- fastjar
Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. 2010-06-182.6 CVE-2010-2322
CONFIRM
CONFIRM
CONFIRM
OSVDB
CONFIRM
MLIST
muscle -- pcsc-lite
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. 2010-06-182.1 CVE-2009-4901
CONFIRM
BID
DEBIAN
VUPEN
VUPEN
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
quicksketch -- filefield
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). 2010-06-212.1 CVE-2010-1958
BID
CONFIRM
XF
MISC
SECUNIA
OSVDB
redhat -- enterprise_virtualization_hypervisor
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. 2010-06-242.1 CVE-2010-2223
REDHAT
REDHAT
CONFIRM
BID
SECTRACK
redhat -- enterprise_virtualization_manager
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. 2010-06-242.1 CVE-2010-2224
REDHAT
CONFIRM
BID
vincent_fourmond -- pmount
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. 2010-06-181.9 CVE-2010-2192
DEBIAN
VUPEN
BID
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top