U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-221)

Vulnerability Summary for the Week of August 2, 2010

Original release date: August 09, 2010 | Last revised: November 06, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
ajsquare -- aj_hyip
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-07-30 7.5 CVE-2010-2915
XF
EXPLOIT-DB
MISC
ajsquare -- aj_hyip
SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-07-30 7.5 CVE-2010-2916
XF
EXPLOIT-DB
MISC
ali_kenan -- aky_blog
SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-07-30 7.5 CVE-2010-2922
XF
EXPLOIT-DB
SECUNIA
MISC
apple -- itunes
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. 2010-07-30 9.3 CVE-2010-1777
CONFIRM
APPLE
apple -- safari
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. 2010-07-30 9.3 CVE-2010-1780
BID
APPLE
CONFIRM
apple -- safari
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. 2010-07-30 9.3 CVE-2010-1782
BID
APPLE
CONFIRM
apple -- safari
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. 2010-07-30 9.3 CVE-2010-1783
BID
APPLE
CONFIRM
apple -- safari
The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. 2010-07-30 9.3 CVE-2010-1784
BID
APPLE
CONFIRM
apple -- safari
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. 2010-07-30 9.3 CVE-2010-1785
BID
APPLE
CONFIRM
apple -- safari
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. 2010-07-30 9.3 CVE-2010-1786
BID
APPLE
CONFIRM
apple -- safari
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. 2010-07-30 9.3 CVE-2010-1787
BID
APPLE
CONFIRM
apple -- safari
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. 2010-07-30 9.3 CVE-2010-1788
BID
APPLE
CONFIRM
apple -- safari
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. 2010-07-30 9.3 CVE-2010-1789
BID
APPLE
CONFIRM
apple -- safari
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." 2010-07-30 9.3 CVE-2010-1790
BID
APPLE
CONFIRM
apple -- safari
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. 2010-07-30 9.3 CVE-2010-1791
BID
APPLE
CONFIRM
apple -- safari
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. 2010-07-30 9.3 CVE-2010-1792
BID
APPLE
CONFIRM
apple -- safari
Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. 2010-07-30 9.3 CVE-2010-1793
BID
APPLE
CONFIRM
emc -- disk_library
Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP. 2010-08-02 7.8 CVE-2010-2633
VUPEN
BID
SECTRACK
SECUNIA
BUGTRAQ
emc -- celerra_network_attached_storage
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests. 2010-08-05 9.3 CVE-2010-2860
MISC
SECTRACK
FULLDISC
gigabyte -- dldrv2_activex_control
The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via vectors involving the SetDLInfo method in conjunction with the Bdl method. 2010-08-02 10.0 CVE-2010-1517
MISC
SECUNIA
gigabyte -- dldrv2_activex_control
Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument. 2010-08-02 10.0 CVE-2010-1518
MISC
SECUNIA
joomlaxt -- com_staticxt
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. 2010-07-30 7.5 CVE-2010-2919
XF
EXPLOIT-DB
MISC
mozilla -- firefox
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. 2010-07-30 10.0 CVE-2010-2755
CONFIRM
CONFIRM
mozilla -- firefox
The attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. 2010-07-30 9.3 CVE-2010-1208
CONFIRM
CONFIRM
mozilla -- firefox
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes. 2010-07-30 9.3 CVE-2010-1209
CONFIRM
CONFIRM
mozilla -- firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-07-30 9.3 CVE-2010-1211
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function. 2010-07-30 9.3 CVE-2010-1212
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. 2010-07-30 9.3 CVE-2010-1214
CONFIRM
CONFIRM
mozilla -- firefox
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array. 2010-07-30 9.3 CVE-2010-2752
CONFIRM
CONFIRM
mozilla -- firefox
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element. 2010-07-30 9.3 CVE-2010-2753
CONFIRM
CONFIRM
openfreeway -- freeway
SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter. 2010-07-30 7.5 CVE-2010-2925
XF
BID
EXPLOIT-DB
MISC
pharscape -- hsolink
hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action. 2010-08-02 7.2 CVE-2010-1671
OSVDB
SECUNIA
CONFIRM
pharscape -- hsolink
hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671. 2010-08-02 7.2 CVE-2010-2929
CONFIRM
pharscape -- hsolink
Multiple stack-based buffer overflows in hsolinkcontrol in hsolink 1.0.118 allow local users to gain privileges via long command-line arguments, a different vulnerability than CVE-2010-1671. NOTE: some of these details are obtained from third party information. 2010-08-02 7.2 CVE-2010-2930
SECUNIA
MISC
photoindochina -- com_golfcourseguide
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. 2010-07-30 7.5 CVE-2010-2921
XF
EXPLOIT-DB
MISC
prasanna -- com_youtube
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. 2010-07-30 7.5 CVE-2010-2923
XF
BID
EXPLOIT-DB
MISC
raphael_assenat -- libmikmod
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. 2010-08-05 9.3 CVE-2010-2546
CONFIRM
VUPEN
BID
DEBIAN
MISC
SECUNIA
raphael_assenat -- libmikmod
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995. 2010-08-05 9.3 CVE-2010-2971
CONFIRM
DEBIAN
MISC
rockwellautomation -- 1756-enbt_series_a
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. 2010-08-05 10.0 CVE-2010-2965
CERT-VN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
silvercover -- mylinksdump_plugin
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. 2010-07-30 7.5 CVE-2010-2924
XF
EXPLOIT-DB
SECUNIA
OSVDB
solucija -- snews
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter. 2010-07-30 7.5 CVE-2010-2926
XF
EXPLOIT-DB
umn -- mapserver
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments. 2010-08-02 10.0 CVE-2010-2540
BID
CONFIRM
MLIST
MLIST
MLIST
visocrea -- com_joomla_visites
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. 2010-07-30 7.5 CVE-2010-2918
XF
VUPEN
BID
EXPLOIT-DB
MISC
windriver -- vxworks
The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. 2010-08-05 7.8 CVE-2010-2966
CERT-VN
MISC
windriver -- vxworks
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. 2010-08-05 7.8 CVE-2010-2967
CERT-VN
CONFIRM
CONFIRM
MISC
windriver -- vxworks
The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. 2010-08-05 7.8 CVE-2010-2968
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adjam -- rekonq
Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history. 2010-08-02 4.3 CVE-2010-2536
CONFIRM
OSVDB
SECUNIA
MLIST
MLIST
ajsquare -- aj_article
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information. 2010-07-30 4.3 CVE-2010-2917
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
MISC
apple -- safari
Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. 2010-07-30 4.3 CVE-2010-1778
BID
APPLE
CONFIRM
apple -- mac_os_x
The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field. 2010-08-02 4.9 CVE-2010-1794
BUGTRAQ
BID
SECTRACK
eterna -- bozohttpd
bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC." 2010-08-02 5.0 CVE-2010-2195
CONFIRM
MISC
CONFIRM
CONFIRM
eterna -- bozohttpd
bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. 2010-08-02 5.0 CVE-2010-2320
CONFIRM
CONFIRM
CONFIRM
SECUNIA
CONFIRM
foobla -- com_foobla_suggestions
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. 2010-07-30 6.8 CVE-2010-2920
XF
VUPEN
BID
EXPLOIT-DB
MISC
heinz_mauelshagen -- lvm2
The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. 2010-08-05 4.6 CVE-2010-2526
MLIST
REDHAT
REDHAT
CONFIRM
XF
VUPEN
OSVDB
SECTRACK
SECUNIA
ibm -- tivoli_directory_server
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. 2010-08-02 5.0 CVE-2010-2927
CONFIRM
AIXAPAR
BID
SECUNIA
kvirc -- kvirc
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving and 40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452. 2010-08-02 6.5 CVE-2010-2785
CONFIRM
CONFIRM
MLIST
MLIST
OSVDB
SECUNIA
SECUNIA
FEDORA
FEDORA
CONFIRM
mlmmj -- mlmmj
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action. 2010-08-02 6.5 CVE-2009-4896
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
DEBIAN
SECUNIA
CONFIRM
CONFIRM
moinmo -- moinmoin
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. 2010-08-05 4.3 CVE-2010-2487
CONFIRM
VUPEN
BID
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
moinmo -- moinmoin
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. 2010-08-05 4.3 CVE-2010-2969
VUPEN
BID
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
moinmo -- moinmoin
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. 2010-08-05 4.3 CVE-2010-2970
VUPEN
BID
DEBIAN
SECUNIA
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. 2010-07-30 5.0 CVE-2010-2754
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. 2010-07-30 4.3 CVE-2010-1207
CONFIRM
CONFIRM
mozilla -- firefox
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. 2010-07-30 4.3 CVE-2010-1210
CONFIRM
CONFIRM
mozilla -- firefox
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. 2010-07-30 4.3 CVE-2010-1213
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope." 2010-07-30 6.8 CVE-2010-1215
CONFIRM
CONFIRM
nessus -- web_server_plugin
Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-07-30 4.3 CVE-2010-2914
CONFIRM
SECTRACK
BUGTRAQ
SECUNIA
nokia -- qtdemobrowser
Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. 2010-08-02 4.3 CVE-2009-4975
MISC
MISC
MISC
pidgin -- pidgin
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. 2010-07-30 4.0 CVE-2010-2528
CONFIRM
XF
VUPEN
BID
OSVDB
SECUNIA
CONFIRM
CONFIRM
piwik -- piwik
Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request. 2010-08-02 6.8 CVE-2010-2786
XF
VUPEN
BID
OSVDB
SECUNIA
CONFIRM
CONFIRM
MLIST
MLIST
urs_wolfer -- kwebkitpart
Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. 2010-08-02 4.3 CVE-2009-4976
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- safari
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. 2010-07-302.6 CVE-2010-1796
BID
APPLE
CONFIRM
citibank -- citi_mobile
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. 2010-07-302.1 CVE-2010-2913
MISC
SECTRACK
MISC
mozilla -- firefox
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. 2010-07-302.6 CVE-2010-2751
CONFIRM
CONFIRM
umn -- mapserver
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files. 2010-08-022.1 CVE-2010-2539
CONFIRM
MLIST
CONFIRM
BID
MLIST
MLIST
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top