Vulnerability Summary for the Week of September 13, 2010

Released
Sep 20, 2010
Document ID
SB10-263

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
4you-studio -- com_jphoneDirectory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.2010-09-167.5CVE-2010-3426
XF
BID
EXPLOIT-DB
MISC
adobe -- acrobatUnspecified vulnerability in Adobe Flash Player 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris; Flash Player 10.1.92.10 for Android; Reader 9.3.4 for Windows, Macintosh and UNIX; and Acrobat 9.3.4 and earlier for Windows and Macintosh allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, as exploited in the wild in September 2010.2010-09-159.3CVE-2010-2884
CERT-VN
XF
VUPEN
VUPEN
CONFIRM
SECUNIA
SECUNIA
SECUNIA
apple -- safariUse-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.2010-09-109.3CVE-2010-1806
BID
CONFIRM
APPLE
apple -- safariWebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.2010-09-109.3CVE-2010-1807
BID
CONFIRM
APPLE
cisco -- wireless_lan_controller_softwareUnspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653.2010-09-107.8CVE-2010-0574
CISCO
CONFIRM
cisco -- wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033.2010-09-109.0CVE-2010-2842
CISCO
CONFIRM
cisco -- wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.2010-09-109.0CVE-2010-2843
CISCO
CONFIRM
cisco -- wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.2010-09-109.0CVE-2010-3033
CISCO
CONFIRM
dm_computer_solutions -- ultraeditUntrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.2010-09-169.3CVE-2010-3402
BID
SECUNIA
OSVDB
FULLDISC
eshtery.she7ata -- eshtery_cmsMultiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.2010-09-167.5CVE-2010-3404
XF
BID
EXPLOIT-DB
freka -- yr_verdataSQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.2010-09-167.5CVE-2010-3423
CONFIRM
CONFIRM
XF
OSVDB
SECUNIA
google -- chromeUse-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs during parsing.2010-09-1610.0CVE-2010-3408
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles.2010-09-1610.0CVE-2010-3409
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.2010-09-1610.0CVE-2010-3410
CONFIRM
CONFIRM
google -- chromeRace condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.2010-09-169.3CVE-2010-3412
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.2010-09-1610.0CVE-2010-3414
CONFIRM
CONFIRM
MISC
google -- chromeGoogle Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.2010-09-1610.0CVE-2010-3415
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.2010-09-1610.0CVE-2010-3416
CONFIRM
CONFIRM
haudenschilt -- family_connections_cmsMultiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.2010-09-167.5CVE-2010-3419
XF
EXPLOIT-DB
MISC
hp -- proliant_g6_lights-out_100_remote_managementUnspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors.2010-09-107.8CVE-2010-3006
SECTRACK
HP
HP
hp -- data_protector_expressUnspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.2010-09-137.2CVE-2010-3008
HP
HP
hp -- system_management_homepageUnspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.2010-09-159.0CVE-2010-3009
HP
HP
CONFIRM
SECTRACK
BID
SECUNIA
ibm -- lotus_sametimeUnspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.2010-09-1510.0CVE-2010-3398
VUPEN
BID
CONFIRM
ibm -- lotus_dominoStack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.2010-09-169.3CVE-2010-3407
XF
MISC
VUPEN
BID
BUGTRAQ
EXPLOIT-DB
MISC
MISC
MISC
CONFIRM
SECTRACK
SECUNIA
MISC
CONFIRM
intermesh -- group-officeSQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.2010-09-167.5CVE-2010-3428
MISC
BID
EXPLOIT-DB
kingsoftsecurity -- kingsoft_antivirusBuffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.2010-09-157.2CVE-2010-3396
BID
EXPLOIT-DB
SECUNIA
march-hare -- cvs_suiteperms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.2010-09-159.3CVE-2010-1326
VUPEN
DEBIAN
SECUNIA
SECUNIA
CONFIRM
MISC
CONFIRM
microsoft -- windows_server_2003The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."2010-09-159.3CVE-2010-0818
MS
microsoft -- windows_7Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability."2010-09-159.0CVE-2010-0820
MS
microsoft -- windows_server_2003The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."2010-09-159.3CVE-2010-2563
MS
microsoft -- windows_server_2003The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."2010-09-159.3CVE-2010-2567
MS
microsoft -- outlookHeap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."2010-09-159.3CVE-2010-2728
MS
microsoft -- windows_7The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."2010-09-159.3CVE-2010-2729
MS
microsoft -- iisBuffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."2010-09-159.3CVE-2010-2730
MS
microsoft -- officeThe Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."2010-09-159.3CVE-2010-2738
MS
pgp -- desktopUntrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file.2010-09-159.3CVE-2010-3397
BID
BUGTRAQ
SECUNIA
qualcomm -- extensible_diagnostic_monitorUntrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file.2010-09-169.3CVE-2010-3403
MISC
SECUNIA
OSVDB
rim -- blackberry_desktop_softwareUntrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.2010-09-159.3CVE-2010-2600
CONFIRM
SECTRACK
BID
SECUNIA
SECUNIA
samba -- sambaStack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.2010-09-157.5CVE-2010-3069
VUPEN
XF
UBUNTU
SECTRACK
BID
CONFIRM
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
solventus -- com_jgenSQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.2010-09-167.5CVE-2010-3422
BID
EXPLOIT-DB
tigris -- tortoisesvnUntrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.2010-09-109.3CVE-2010-3199
BUGTRAQ
BUGTRAQ
MISC
MISC

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apache -- traffic_serverApache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.2010-09-134.3CVE-2010-2952
CONFIRM
XF
BID
BUGTRAQ
MISC
CONFIRM
SECTRACK
SECUNIA
apache -- couchdbUntrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.2010-09-146.9CVE-2010-2953
VUPEN
BID
MLIST
MLIST
MLIST
MLIST
MISC
DEBIAN
SECUNIA
CONFIRM
apple -- safariUntrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.2010-09-106.9CVE-2010-1805
BID
CONFIRM
APPLE
cisco -- wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034.2010-09-105.0CVE-2010-0575
CISCO
CONFIRM
cisco -- wireless_lan_controller_softwareUnspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938.2010-09-106.8CVE-2010-2841
CISCO
CONFIRM
cisco -- wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575.2010-09-105.0CVE-2010-3034
CISCO
CONFIRM
dest-unreach -- socatStack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.2010-09-146.8CVE-2010-2799
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM
CONFIRM
djangoproject -- djangoCross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.2010-09-144.3CVE-2010-3082
BID
CONFIRM
CONFIRM
XF
MLIST
flock -- flockCross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.2010-09-134.3CVE-2010-3202
BID
MISC
futomi -- access_analyzer_cgiCross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-09-134.3CVE-2010-2366
BID
CONFIRM
JVNDB
JVN
google -- chromeGoogle Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.2010-09-165.0CVE-2010-3411
CONFIRM
CONFIRM
google -- chromeUnspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.2010-09-165.0CVE-2010-3413
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.2010-09-165.0CVE-2010-3417
CONFIRM
CONFIRM
hp -- insight_diagnosticsCross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-09-104.3CVE-2010-3003
VUPEN
MISC
HP
HP
hp -- 3crevf100-73Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-09-154.3CVE-2010-3010
HP
HP
SECTRACK
ibm -- filenet_content_managerCross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-09-134.3CVE-2010-3317
BID
AIXAPAR
SECUNIA
ibm -- filenet_content_managerIBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.2010-09-135.0CVE-2010-3318
BID
AIXAPAR
SECUNIA
ibm -- filenet_content_managerIBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.2010-09-135.0CVE-2010-3319
BID
AIXAPAR
ibm -- filenet_content_managerOpen redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2010-09-136.8CVE-2010-3320
BID
AIXAPAR
SECUNIA
ibm -- proventia_network_mail_security_system_virtual_applianceMultiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters.2010-09-144.3CVE-2010-0152
MISC
BUGTRAQ
ibm -- proventia_network_mail_security_system_virtual_applianceMultiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks.2010-09-146.8CVE-2010-0153
MISC
BUGTRAQ
ibm -- proventia_network_mail_security_system_virtual_applianceDirectory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability."2010-09-144.0CVE-2010-0154
MISC
BUGTRAQ
ibm -- viosBuffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.2010-09-166.8CVE-2010-3405
CONFIRM
XF
VUPEN
BID
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECTRACK
SECUNIA
invisionpower -- invision_power_boardCross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-09-164.3CVE-2010-3424
VUPEN
BID
CONFIRM
SECUNIA
mailenable -- mailenableThe SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."2010-09-155.0CVE-2010-2580
CONFIRM
SECTRACK
BID
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
MISC
SECUNIA
microsoft -- windows_server_2003The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."2010-09-156.9CVE-2010-1891
MS
microsoft -- iisStack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."2010-09-154.3CVE-2010-1899
MS
microsoft -- iisUnspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."2010-09-156.8CVE-2010-2731
MS
mozilla -- firefoxThe Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.2010-09-155.8CVE-2010-3171
MISC
MISC
BID
BUGTRAQ
mozilla -- firefoxThe js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.2010-09-155.8CVE-2010-3399
MISC
MISC
MISC
BUGTRAQ
mozilla -- firefoxThe js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.2010-09-155.8CVE-2010-3400
CONFIRM
netartmedia -- car_portalMultiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php.2010-09-164.3CVE-2010-3418
XF
BID
SECUNIA
MISC
OSVDB
novell -- suse_linux_enterprise_desktopMultiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 allow local users to gain privileges via unspecified vectors. NOTE: this might overlap CVE-2010-3110.2010-09-106.9CVE-2010-3278
SUSE
open-classifieds -- open_classifiedsMultiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php.2010-09-164.3CVE-2010-3427
BID
SECUNIA
MISC
OSVDB
OSVDB
phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.2010-09-104.3CVE-2010-3263
XF
CONFIRM
SECUNIA
productcart -- productcartCross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information.2010-09-164.3CVE-2010-3421
MISC
XF
BID
SECUNIA
OSVDB
quagga -- quagga_routing_software_suiteStack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.2010-09-106.5CVE-2010-2948
CONFIRM
VUPEN
BID
CONFIRM
MLIST
MLIST
MANDRIVA
DEBIAN
SECUNIA
SECUNIA
CONFIRM
quagga -- quagga_routing_software_suitebgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.2010-09-105.0CVE-2010-2949
CONFIRM
VUPEN
BID
CONFIRM
MLIST
MLIST
MANDRIVA
DEBIAN
SECUNIA
SECUNIA
CONFIRM
scott_james_remnant -- mountallmountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.2010-09-146.9CVE-2010-2961
CONFIRM
VUPEN
UBUNTU
OSVDB
SECUNIA
smartertools -- smarterstatsCross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter.2010-09-164.3CVE-2010-3425
XF
OSVDB
SECUNIA
MISC
splunk -- splunkThe XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.2010-09-146.0CVE-2010-3322
CONFIRM
splunk -- splunkSplunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.2010-09-144.6CVE-2010-3323
CONFIRM
todd_miller -- sudoSudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.2010-09-106.2CVE-2010-2956
CONFIRM
VUPEN
VUPEN
VUPEN
VUPEN
UBUNTU
CONFIRM
SECTRACK
BID
REDHAT
MANDRIVA
GENTOO
SECUNIA
SECUNIA
FEDORA
webassist -- powerstoreCross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter.2010-09-164.3CVE-2010-3420
XF
SECUNIA
MISC
OSVDB

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
gnu -- mailmanMultiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.2010-09-153.5CVE-2010-3089
CONFIRM
CONFIRM
CONFIRM
SECUNIA
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
ibm -- proventia_network_mail_security_system_virtual_applianceCRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.2010-09-143.5CVE-2010-0155
MISC
BUGTRAQ
ibm -- aixUnspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.2010-09-161.7CVE-2010-3406
CONFIRM
XF
VUPEN
BID
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
SECUNIA
s9y -- serendipityCross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-09-102.6CVE-2010-2957
CONFIRM
MLIST
MLIST
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.