U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-186)

Vulnerability Summary for the Week of June 28, 2010

Original release date: July 06, 2010 | Last revised: November 05, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2daybiz -- video_community_portal_script
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. 2010-06-25 7.5 CVE-2010-2459
XF
BID
EXPLOIT-DB
MISC
2daybiz -- video_community_portal_script
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter. 2010-06-28 7.5 CVE-2010-2508
BID
EXPLOIT-DB
SECUNIA
2daybiz -- web_template_software
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter. 2010-06-28 7.5 CVE-2010-2510
EXPLOIT-DB
SECUNIA
2daybiz -- multi_level_marketing_software
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. 2010-06-28 7.5 CVE-2010-2511
BID
EXPLOIT-DB
SECUNIA
2daybiz -- matrimonial_script
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-06-28 7.5 CVE-2010-2512
BID
OSVDB
EXPLOIT-DB
SECUNIA
2daybiz -- multi_level_marketing_software
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-06-29 7.5 CVE-2010-2516
SECUNIA
2daybiz -- job_search_engine_script
SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter. 2010-07-02 7.5 CVE-2010-2609
XF
VUPEN
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
2daybiz -- job_site_script
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php. 2010-07-02 7.5 CVE-2010-2610
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
OSVDB
OSVDB
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-2168 and CVE-2010-2201. 2010-06-30 9.3 CVE-2010-1285
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. 2010-06-30 9.3 CVE-2010-1295
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-1285 and CVE-2010-2201. 2010-06-30 9.3 CVE-2010-2168
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability," a different vulnerability than CVE-2010-1285 and CVE-2010-2168. 2010-06-30 9.3 CVE-2010-2201
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. 2010-06-30 9.3 CVE-2010-2202
CONFIRM
adobe -- acrobat
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. 2010-06-30 9.3 CVE-2010-2204
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. 2010-06-30 9.3 CVE-2010-2205
CONFIRM
adobe -- acrobat
Array index error in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors. 2010-06-30 9.3 CVE-2010-2206
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. 2010-06-30 9.3 CVE-2010-2207
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. 2010-06-30 9.3 CVE-2010-2208
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. 2010-06-30 9.3 CVE-2010-2209
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. 2010-06-30 9.3 CVE-2010-2210
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212. 2010-06-30 9.3 CVE-2010-2211
CONFIRM
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211. 2010-06-30 9.3 CVE-2010-2212
CONFIRM
cisco -- asa_5580
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958. 2010-06-29 7.8 CVE-2009-4911
CONFIRM
cisco -- asa_5580
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. 2010-06-29 10.0 CVE-2009-4912
CONFIRM
cisco -- asa_5580
Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879. 2010-06-29 7.8 CVE-2009-4914
CONFIRM
cisco -- asa_5580
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection stress test," aka Bug ID CSCsq68451. 2010-06-29 7.8 CVE-2009-4915
CONFIRM
cisco -- asa_5580
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901. 2010-06-29 7.8 CVE-2009-4917
CONFIRM
cisco -- asa_5580
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. 2010-06-29 7.8 CVE-2009-4918
CONFIRM
cisco -- asa_5580
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. 2010-06-29 10.0 CVE-2009-4919
CONFIRM
cisco -- asa_5580
Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412. 2010-06-29 7.8 CVE-2009-4920
CONFIRM
cisco -- asa_5580
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110. 2010-06-29 7.8 CVE-2009-4921
CONFIRM
cisco -- asa_5580
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162. 2010-06-29 7.8 CVE-2009-4923
CONFIRM
codelib -- linker_img
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate. 2010-06-25 7.5 CVE-2010-2456
XF
VUPEN
EXPLOIT-DB
VIM
MISC
grafik-power -- grafik_cms
SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action. 2010-07-02 7.5 CVE-2010-2614
VUPEN
BUGTRAQ
MISC
harmistechnology -- com_jeajaxeventcalendar
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. 2010-06-28 7.5 CVE-2010-2513
BID
EXPLOIT-DB
MISC
i-netsolution -- job_search_engine_script
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter. 2010-07-02 7.5 CVE-2010-2611
XF
VUPEN
EXPLOIT-DB
MISC
ibm -- rational_clearquest
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. 2010-06-30 7.5 CVE-2010-2517
VUPEN
BID
AIXAPAR
SECUNIA
ibm -- p8_content_engine
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information. 2010-06-30 7.5 CVE-2010-2518
XF
VUPEN
BID
OSVDB
CONFIRM
SECUNIA
jce-tech -- shareasale_script
SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter. 2010-06-25 7.5 CVE-2010-2460
XF
BID
EXPLOIT-DB
jce-tech -- overstock_script
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter. 2010-06-25 7.5 CVE-2010-2461
XF
BID
EXPLOIT-DB
MISC
kvirc -- kvirc
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. 2010-06-29 10.0 CVE-2010-2451
BID
DEBIAN
VUPEN
SECUNIA
SECUNIA
MLIST
kvirc -- kvirc
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors. 2010-06-29 9.3 CVE-2010-2452
BID
DEBIAN
VUPEN
SECUNIA
SECUNIA
MLIST
libpng -- libpng
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. 2010-06-30 7.5 CVE-2010-1205
CONFIRM
BID
XF
VUPEN
CONFIRM
SECUNIA
CONFIRM
libtiff -- libtiff
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." 2010-07-02 7.5 CVE-2010-2233
CONFIRM
CONFIRM
MISC
SECTRACK
CONFIRM
linearcorp -- emerge_50
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. 2010-06-25 10.0 CVE-2010-2468
MISC
MISC
MISC
MISC
novell -- imanager
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. 2010-06-28 9.0 CVE-2010-1929
XF
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
SECTRACK
SECUNIA
ordasoft -- com_booklibrary
Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. 2010-07-02 7.5 CVE-2010-1522
MISC
MISC
MISC
SECUNIA
paul_mcenery -- php_bible_search
SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter. 2010-07-02 7.5 CVE-2010-2616
XF
BID
MISC
ponsoftware -- explzh
Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion. 2010-06-25 9.3 CVE-2010-2434
XF
BID
CONFIRM
SECUNIA
OSVDB
JVNDB
JVN
splunk -- splunk
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067. 2010-06-28 7.5 CVE-2010-2502
CONFIRM
taskfreak -- taskfreak!
SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php. 2010-06-30 7.5 CVE-2010-1521
CONFIRM
BID
BUGTRAQ
MISC
SECUNIA
tomacero -- orohyip
SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action. 2010-06-25 7.5 CVE-2010-2462
XF
BID
EXPLOIT-DB
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2daybiz -- video_community_portal_script
Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. 2010-06-25 4.3 CVE-2010-2458
XF
BID
EXPLOIT-DB
SECUNIA
MISC
OSVDB
2daybiz -- web_template_software
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php. 2010-06-28 4.3 CVE-2010-2509
EXPLOIT-DB
SECUNIA
accscripts -- acc_statistics
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses. 2010-06-25 6.8 CVE-2009-4905
VUPEN
EXPLOIT-DB
SECUNIA
accscripts -- acc_php_email
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords. 2010-06-25 6.8 CVE-2009-4906
VUPEN
EXPLOIT-DB
SECUNIA
MISC
adobe -- acrobat
Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2010-06-30 6.8 CVE-2010-2203
CONFIRM
apple -- safari
Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. 2010-06-25 4.3 CVE-2010-2454
MISC
MISC
cisco -- asa_5580
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. 2010-06-29 4.3 CVE-2008-7257
BID
BUGTRAQ
MISC
CONFIRM
SECTRACK
cisco -- asa_5580
Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. 2010-06-29 4.3 CVE-2009-4910
CONFIRM
cisco -- asa_5580
The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. 2010-06-29 5.0 CVE-2009-4913
CONFIRM
cisco -- asa_5580
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095. 2010-06-29 4.0 CVE-2009-4916
CONFIRM
cisco -- asa_5580
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583. 2010-06-29 6.8 CVE-2009-4922
CONFIRM
dacian_strain -- com_jfaq
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. 2010-06-28 4.3 CVE-2010-2514
BID
SECUNIA
MISC
OSVDB
dacian_strain -- com_jfaq
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. 2010-06-28 6.8 CVE-2010-2515
BID
SECUNIA
MISC
OSVDB
dan_pascu -- python-cjson
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function. 2010-07-02 6.8 CVE-2010-1666
CONFIRM
SECUNIA
dootzky -- oblog
Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-06-25 4.3 CVE-2009-4903
XF
OSVDB
SECUNIA
dootzky -- oblog
article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action. 2010-06-25 5.0 CVE-2009-4904
MISC
dootzky -- oblog
Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog. 2010-06-25 6.8 CVE-2009-4907
XF
SECUNIA
MISC
OSVDB
dootzky -- oblog
Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php. 2010-06-25 4.3 CVE-2009-4908
XF
SECUNIA
MISC
OSVDB
dootzky -- oblog
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests. 2010-06-25 6.8 CVE-2009-4909
MISC
grafik-power -- grafik_cms
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action. 2010-07-02 4.3 CVE-2010-2615
VUPEN
BUGTRAQ
MISC
MISC
harmistechnology -- com_awd_song
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. 2010-07-02 4.3 CVE-2010-2613
XF
BID
EXPLOIT-DB
MISC
insanevisions -- adapcms
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. 2010-07-02 6.8 CVE-2010-2618
XF
BID
EXPLOIT-DB
MISC
intersect_alliance -- snare_agent
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. 2010-07-02 6.8 CVE-2010-2594
CERT-VN
BID
SECUNIA
MISC
jamroom -- jamroom
Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action. 2010-06-25 4.3 CVE-2010-2463
BID
CONFIRM
MISC
SECUNIA
libpng -- libpng
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. 2010-06-30 5.0 CVE-2010-2249
CONFIRM
BID
CONFIRM
XF
VUPEN
SECUNIA
CONFIRM
libtiff -- libtiff
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." 2010-07-02 4.3 CVE-2010-2595
CONFIRM
CONFIRM
libtiff -- libtiff
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." 2010-07-02 4.3 CVE-2010-2596
CONFIRM
CONFIRM
libtiff -- libtiff
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. 2010-07-02 4.3 CVE-2010-2597
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linearcorp -- emerge_50
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. 2010-06-25 5.0 CVE-2010-2465
CERT-VN
MISC
MISC
BID
CONFIRM
MISC
MISC
linearcorp -- emerge_50
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. 2010-06-25 5.0 CVE-2010-2466
CERT-VN
MISC
MISC
MISC
MISC
linearcorp -- emerge_50
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests. 2010-06-25 5.0 CVE-2010-2467
MISC
MISC
MISC
MISC
linearcorp -- emerge_50
The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device. 2010-06-25 5.0 CVE-2010-2469
MISC
MISC
MISC
MISC
makotemplates -- makotemplates
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. 2010-07-02 4.3 CVE-2010-2480
CONFIRM
SECUNIA
MISC
maradns -- maradns
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file. 2010-06-25 4.3 CVE-2010-2444
MLIST
CONFIRM
MLIST
masselink -- com_picasa2gallery
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. 2010-06-28 6.8 CVE-2010-2507
XF
BID
EXPLOIT-DB
SECUNIA
MISC
OSVDB
microsoft -- server
Use-after-free vulnerability in Microsoft Windows Vista and Server 2008 allows local users to cause a denial of service (crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, which causes a process object to be deleted while it is still in use. 2010-07-02 4.9 CVE-2010-2549
BID
EXPLOIT-DB
FULLDISC
moodle -- moodle
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. 2010-06-28 4.3 CVE-2010-2228
CONFIRM
VUPEN
VUPEN
MLIST
CONFIRM
SECUNIA
SECUNIA
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
moodle -- moodle
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2010-06-28 4.3 CVE-2010-2229
VUPEN
CONFIRM
CONFIRM
CONFIRM
VUPEN
MLIST
CONFIRM
SECUNIA
SECUNIA
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
moodle -- moodle
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input. 2010-06-28 4.0 CVE-2010-2230
CONFIRM
CONFIRM
CONFIRM
VUPEN
VUPEN
MLIST
CONFIRM
SECUNIA
SECUNIA
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
moodle -- moodle
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. 2010-06-28 6.8 CVE-2010-2231
VUPEN
CONFIRM
CONFIRM
VUPEN
MLIST
CONFIRM
SECUNIA
SECUNIA
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
mozilla -- firefox
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox before 3.6.6 does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. 2010-06-25 4.3 CVE-2010-1206
CONFIRM
CONFIRM
SECUNIA
MISC
mozilla -- bugzilla
Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." 2010-06-28 5.0 CVE-2010-1204
CONFIRM
VUPEN
BID
CONFIRM
SECUNIA
novell -- imanager
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. 2010-06-28 5.0 CVE-2010-1930
XF
VUPEN
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
MISC
SECTRACK
SECUNIA
opera -- opera_browser
Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. 2010-06-25 4.3 CVE-2010-2455
MISC
paul_mcenery -- php_bible_search
Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. 2010-07-02 4.3 CVE-2010-2617
XF
BID
MISC
qsoft-inc -- k-search
Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter. 2010-06-25 4.3 CVE-2010-2457
BID
EXPLOIT-DB
SECUNIA
redhat -- enterprise_linux
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." 2010-07-02 4.3 CVE-2010-2598
CONFIRM
rsjoomla -- com_rscomments
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. 2010-06-25 4.3 CVE-2010-2464
XF
BID
MISC
EXPLOIT-DB
SECUNIA
MISC
saschart -- sascam_webcam_server
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request. 2010-06-28 5.0 CVE-2010-2505
OSVDB
EXPLOIT-DB
SECUNIA
splunk -- splunk
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085. 2010-06-28 4.3 CVE-2010-2503
CONFIRM
splunk -- splunk
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066. 2010-06-28 6.0 CVE-2010-2504
CONFIRM
taskfreak -- taskfreak!
Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. 2010-06-30 4.3 CVE-2010-1520
CONFIRM
BID
BUGTRAQ
MISC
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- linksys_wap54g
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. 2010-06-282.9 CVE-2010-2506
XF
BUGTRAQ
hp -- openvms
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors. 2010-07-022.1 CVE-2010-2612
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
SECUNIA
mozilla -- bugzilla
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. 2010-06-281.9 CVE-2010-0180
CONFIRM
VUPEN
BID
CONFIRM
SECUNIA
mozilla -- bugzilla
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. 2010-06-281.9 CVE-2010-2470
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top