Vulnerability Summary for the Week of December 27, 2010
Released
Jan 03, 2011
Document ID
SB11-003
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| clear -- clearspot_firmware | Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi. | 2010-12-30 | 9.3 | CVE-2010-4507 MISC EXPLOIT-DB |
| html-edit -- cms | SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action. | 2010-12-29 | 7.5 | CVE-2010-4609 MISC EXPLOIT-DB SECUNIA |
| hycus -- hycus_cms | Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php. | 2010-12-29 | 7.5 | CVE-2010-4613 BID MISC EXPLOIT-DB |
| ibm -- rational_clearquest | Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files. | 2010-12-29 | 10.0 | CVE-2010-4601 AIXAPAR SECUNIA |
| ibm -- tivoli_storage_manager | Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe. | 2010-12-29 | 7.2 | CVE-2010-4604 VUPEN BUGTRAQ MISC MISC CONFIRM EXPLOIT-DB AIXAPAR SECTRACK SECUNIA |
| ibm -- tivoli_storage_manager | Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability." | 2010-12-29 | 10.0 | CVE-2010-4606 VUPEN CONFIRM AIXAPAR SECTRACK SECUNIA |
| intendance -- mysource_matrix | SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-12-30 | 7.5 | CVE-2010-4639 XF BID EXPLOIT-DB MISC |
| iskenderaltuntas -- oto_galeri_sistemi | Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp. | 2010-12-29 | 7.5 | CVE-2010-4615 XF BID EXPLOIT-DB SECUNIA |
| linux -- kernel | The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. | 2010-12-30 | 7.2 | CVE-2010-3850 CONFIRM MLIST CONFIRM CONFIRM FULLDISC |
| linux -- kernel | The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP. | 2010-12-30 | 7.1 | CVE-2010-4342 MLIST MLIST CONFIRM CONFIRM MLIST MLIST |
| mhproducts -- ero_auktion | SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723. | 2010-12-29 | 7.5 | CVE-2010-4614 BID EXPLOIT-DB SECUNIA |
| pilotcart -- pilot_cart | Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688. | 2010-12-30 | 7.5 | CVE-2010-4632 BID EXPLOIT-DB SECUNIA MISC FULLDISC MISC |
| redhat -- jboss_enterprise_application_platform | The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer. | 2010-12-30 | 7.5 | CVE-2010-3708 MISC CONFIRM REDHAT REDHAT REDHAT REDHAT SECTRACK |
| site2nite -- vacation_rental_listings | SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 2010-12-30 | 7.5 | CVE-2010-4635 XF BID EXPLOIT-DB SECUNIA MISC OSVDB |
| site2nite -- business_e-listings | SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 2010-12-30 | 7.5 | CVE-2010-4636 XF BID EXPLOIT-DB SECUNIA OSVDB |
| sumeffect -- digishop | SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1. | 2010-12-30 | 7.5 | CVE-2010-4633 XF BID EXPLOIT-DB MISC |
| webscripti -- mafya_oyun_scrpti | SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-12-29 | 7.5 | CVE-2010-4619 XF BID EXPLOIT-DB SECUNIA |
| xwiki -- xwiki | SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2010-12-30 | 7.5 | CVE-2010-4641 XF CONFIRM BID OSVDB SECUNIA |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| rational -- clearquest | IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference. | 2010-12-29 | 6.5 | CVE-2010-4603 CONFIRM AIXAPAR CONFIRM |
| html-edit web services | Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message. | 2010-12-29 | 5.0 | CVE-2010-4611 MISC EXPLOIT-DB |
| algisinfo -- aicontactsafe | Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-12-29 | 4.3 | CVE-2010-4618 BID CONFIRM CONFIRM SECUNIA |
| dojofoundation -- dojo_toolkit | Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue. | 2010-12-29 | 5.0 | CVE-2010-4600 AIXAPAR SECUNIA CONFIRM |
| finalcut -- feedlist | Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | 2010-12-30 | 4.3 | CVE-2010-4637 XF MISC SECUNIA MISC OSVDB |
| fubra -- wp-survey-and-quiz-tool | Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 2010-12-30 | 4.3 | CVE-2010-4630 XF MISC SECUNIA MISC OSVDB |
| habariproject -- habari | Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message. | 2010-12-29 | 5.0 | CVE-2010-4608 MISC EXPLOIT-DB CONFIRM |
| html-edit -- cms | Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 2010-12-29 | 4.3 | CVE-2010-4610 MISC EXPLOIT-DB SECUNIA |
| hycus -- cms | Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information. | 2010-12-29 | 6.8 | CVE-2010-4612 BID BUGTRAQ MISC MISC MISC MISC EXPLOIT-DB SECUNIA |
| ibm -- rational_clearquest | The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. | 2010-12-29 | 4.0 | CVE-2010-4602 AIXAPAR CONFIRM |
| ibm -- tivoli_storage_manager | Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors. | 2010-12-29 | 6.6 | CVE-2010-4605 VUPEN CONFIRM AIXAPAR SECTRACK SECUNIA |
| ibm -- tivoli_access_manager_for_e-business | Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI. | 2010-12-30 | 5.0 | CVE-2010-4622 XF VUPEN BID OSVDB CONFIRM SECTRACK SECUNIA |
| ibm -- tivoli_access_manager_for_e-business | WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. | 2010-12-30 | 6.8 | CVE-2010-4623 CONFIRM |
| impresscms -- impresscms | Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. | 2010-12-29 | 4.3 | CVE-2010-4616 CONFIRM BUGTRAQ MISC SECUNIA |
| iptechinside -- com_jquarks4s | SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. | 2010-12-30 | 6.8 | CVE-2010-4638 EXPLOIT-DB SECUNIA MISC |
| joomla -- com_jotloader | Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. | 2010-12-29 | 5.0 | CVE-2010-4617 XF EXPLOIT-DB MISC |
| linux -- kernel | Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c. | 2010-12-29 | 6.9 | CVE-2010-3859 CONFIRM MLIST MLIST MLIST MLIST MLIST CONFIRM CONFIRM MLIST MLIST MLIST MLIST CONFIRM MLIST |
| linux -- kernel | Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. | 2010-12-29 | 6.2 | CVE-2010-3874 CONFIRM MLIST MLIST CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
| linux -- kernel | drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. | 2010-12-29 | 4.7 | CVE-2010-4343 CONFIRM MLIST MLIST MLIST CONFIRM CONFIRM |
| linux -- kernel | Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. | 2010-12-30 | 6.9 | CVE-2010-3848 CONFIRM MLIST CONFIRM CONFIRM |
| linux -- kernel | The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. | 2010-12-30 | 4.7 | CVE-2010-3849 CONFIRM MLIST CONFIRM CONFIRM FULLDISC |
| linux -- linux_kernel | The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. | 2010-12-30 | 4.9 | CVE-2010-4161 CONFIRM MLIST CONFIRM BUGTRAQ |
| linux -- kernel | The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. | 2010-12-30 | 6.2 | CVE-2010-4258 MLIST MLIST CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MISC FULLDISC |
| livezilla -- livezilla | Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php. | 2010-12-30 | 4.3 | CVE-2010-4276 VUPEN BID FULLDISC |
| mitsu_hiro_hi_rose -- attachecase | Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-12-30 | 6.9 | CVE-2010-3923 CONFIRM SECUNIA JVNDB JVN |
| mybb -- mybb | Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php. | 2010-12-30 | 4.3 | CVE-2010-4522 CONFIRM MLIST MLIST |
| mybb -- mybb | MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. | 2010-12-30 | 5.0 | CVE-2010-4625 CONFIRM MLIST MLIST MLIST CONFIRM MISC |
| mybb -- mybb | The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. | 2010-12-30 | 5.1 | CVE-2010-4626 MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM |
| mybb -- mybb | Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-12-30 | 6.8 | CVE-2010-4627 CONFIRM MLIST MLIST MLIST CONFIRM |
| mybb -- mybb | member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table. | 2010-12-30 | 5.0 | CVE-2010-4628 CONFIRM MLIST MLIST MLIST CONFIRM |
| mybb -- mybb | MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php. | 2010-12-30 | 5.0 | CVE-2010-4629 CONFIRM MLIST MLIST MLIST CONFIRM CONFIRM |
| novell -- iprint_client | Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via vectors related to the GetDriverSettings method. | 2010-12-30 | 6.8 | CVE-2010-4321 MISC BID CONFIRM |
| osticket -- osticket | ** DISPUTED ** Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party. | 2010-12-30 | 5.0 | CVE-2010-4634 BID EXPLOIT-DB MLIST MLIST MISC |
| pilotcart -- pilot_cart | Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow. | 2010-12-30 | 4.3 | CVE-2010-4631 XF BID EXPLOIT-DB SECUNIA MISC FULLDISC MISC |
| redhat -- jboss_enterprise_application_platform | Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files. | 2010-12-30 | 4.3 | CVE-2010-3878 CONFIRM REDHAT REDHAT REDHAT SECTRACK |
| xwiki -- xwiki_watch | Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-12-30 | 4.3 | CVE-2010-4640 XF XF BID OSVDB OSVDB OSVDB SECUNIA |
| xwiki -- xwiki | Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-12-30 | 4.3 | CVE-2010-4642 XF CONFIRM BID OSVDB SECUNIA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| freedesktop -- dbus | Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants. | 2010-12-30 | 2.1 | CVE-2010-4352 CONFIRM CONFIRM MLIST MLIST FEDORA CONFIRM VUPEN BID MISC SECUNIA SECUNIA MLIST |
| habariproject -- habari | Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information. | 2010-12-29 | 2.6 | CVE-2010-4607 MISC MISC EXPLOIT-DB CONFIRM SECUNIA |
| linux -- kernel | The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. | 2010-12-29 | 2.1 | CVE-2010-4565 MISC MLIST MLIST MLIST MLIST BID MLIST MLIST MLIST MLIST |
| linux -- kernel | The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. | 2010-12-30 | 2.1 | CVE-2010-4158 CONFIRM MLIST CONFIRM BID BUGTRAQ BUGTRAQ CONFIRM FULLDISC |
| mybb -- mybb | MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. | 2010-12-30 | 3.5 | CVE-2010-4624 CONFIRM MLIST MLIST MLIST CONFIRM |
| redhat -- jboss_enterprise_application_platform | The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data. | 2010-12-30 | 2.6 | CVE-2010-3862 CONFIRM CONFIRM MISC REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT SECTRACK |
| redhat -- jboss_enterprise_application_platform | The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier. | 2010-12-30 | 2.6 | CVE-2010-4265 CONFIRM MISC CONFIRM REDHAT REDHAT SECTRACK |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.