Vulnerability Summary for the Week of July 19, 2010
Released
Jul 26, 2010
Document ID
SB10-207
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| artifex -- afpl_ghostscript | Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program. | 2010-07-22 | 7.2 | CVE-2010-2055 CONFIRM CONFIRM VUPEN BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OSVDB SECUNIA SECUNIA SECUNIA CONFIRM FEDORA FEDORA CONFIRM CONFIRM CONFIRM CONFIRM |
| atutor -- acollab | AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. | 2010-07-22 | 7.5 | CVE-2009-4945 BUGTRAQ BUGTRAQ MISC |
| ghostscript -- ghostscript | Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. | 2010-07-22 | 9.3 | CVE-2009-4897 BID CONFIRM XF UBUNTU OSVDB SECUNIA CONFIRM |
| hp -- client_automation_enterprise_infrastructure | The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests. | 2010-07-22 | 9.0 | CVE-2010-1972 SECTRACK SECUNIA HP HP |
| ibm -- soliddb | solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. | 2010-07-22 | 10.0 | CVE-2010-2771 MISC BID SECTRACK MISC |
| interspire -- activekb | Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. | 2010-07-22 | 7.5 | CVE-2009-4957 XF BID |
| joachim_ruhs -- locator | SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-07-22 | 7.5 | CVE-2009-4949 CONFIRM CONFIRM SECUNIA |
| microsoft -- windows_2003_server | Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. | 2010-07-22 | 9.3 | CVE-2010-2568 CERT-VN BID CONFIRM MISC MISC SECTRACK SECUNIA MISC MISC MISC |
| q2solutions -- connx | SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. | 2010-07-22 | 7.5 | CVE-2009-4947 XF BID BUGTRAQ MISC SECUNIA |
| serge_gebhardt -- dir_listing | Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | 2010-07-22 | 10.0 | CVE-2009-4952 CONFIRM |
| spirate -- small_pirate | Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | 2010-07-22 | 7.5 | CVE-2009-4936 XF BUGTRAQ SECUNIA OSVDB OSVDB OSVDB OSVDB OSVDB |
| thomas_hempel -- th_ultracards | SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-07-22 | 7.5 | CVE-2009-4955 CONFIRM CONFIRM |
| tim_lochmueller_&_thomas_buss -- a21glossary_advanced_output | SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-07-22 | 7.5 | CVE-2009-4950 CONFIRM CONFIRM |
| warphd -- com_jvideo | SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | 2010-07-22 | 7.5 | CVE-2009-4938 BID |
| webkit -- webkit | Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. | 2010-07-22 | 7.5 | CVE-2010-1766 CONFIRM CONFIRM VUPEN CONFIRM SECUNIA FEDORA FEDORA |
| websedit -- sk_calendar | SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-07-22 | 7.5 | CVE-2009-4954 CONFIRM CONFIRM |
| zeuscart -- zeuscart | SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | 2010-07-22 | 7.5 | CVE-2009-4940 MILW0RM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| atutor -- acollab | Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. | 2010-07-22 | 4.3 | CVE-2009-4941 XF OSVDB SECUNIA MISC |
| atutor -- acollab | Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items. | 2010-07-22 | 4.3 | CVE-2009-4942 XF SECUNIA MISC |
| atutor -- acollab | Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-07-22 | 4.3 | CVE-2009-4944 XF OSVDB OSVDB SECUNIA |
| hans_olthoff -- alternet_csa_out | Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | 2010-07-22 | 5.0 | CVE-2009-4951 CONFIRM |
| hp -- virtual_connect_enterprise_manager | Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2010-07-22 | 4.3 | CVE-2010-1969 HP HP VUPEN SECTRACK SECUNIA |
| hp -- openvms | Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors. | 2010-07-22 | 6.8 | CVE-2010-1973 HP HP SECTRACK |
| impactsoftcompany -- adpeeps | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action. | 2010-07-22 | 4.3 | CVE-2009-4939 XF XF BUGTRAQ BUGTRAQ SECUNIA OSVDB MISC |
| impactsoftcompany -- adpeeps | index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number. | 2010-07-22 | 5.0 | CVE-2009-4943 XF BUGTRAQ BUGTRAQ MISC |
| joachim_ruhs -- locator | Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-07-22 | 4.3 | CVE-2009-4948 CONFIRM CONFIRM SECUNIA |
| siemens -- simatic_pcs_7 | Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | 2010-07-22 | 6.9 | CVE-2010-2772 MISC CONFIRM MISC MISC MISC MISC |
| spirate -- small_pirate | Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. | 2010-07-22 | 4.3 | CVE-2009-4937 XF BUGTRAQ SECUNIA OSVDB |
| stefan_geith -- sg_userdata | Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-07-22 | 4.3 | CVE-2009-4953 CONFIRM |
| thetricky -- com_messaging | Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-07-22 | 6.8 | CVE-2009-4946 XF BID SECUNIA OSVDB |
| vmware -- studio | VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors. | 2010-07-22 | 4.4 | CVE-2010-2427 CONFIRM MLIST XF VUPEN BID BUGTRAQ SECTRACK SECUNIA |
| vmware -- studio | Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance. | 2010-07-22 | 6.0 | CVE-2010-2667 CONFIRM MLIST XF VUPEN BID BUGTRAQ SECTRACK SECUNIA |
| wapplersystems -- ws_stats | Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-07-22 | 4.3 | CVE-2009-4956 CONFIRM CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.