Vulnerability Summary for the Week of February 7, 2011

Released
Feb 14, 2011
Document ID
SB11-045

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
adobe -- shockwave_playerThe dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188.2011-02-109.3CVE-2010-2587
CONFIRM
adobe -- shockwave_playerThe dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188.2011-02-109.3CVE-2010-2588
CONFIRM
adobe -- shockwave_playerInteger overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.2011-02-109.3CVE-2010-2589
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.2011-02-109.3CVE-2010-4093
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.2011-02-109.3CVE-2010-4187
CONFIRM
adobe -- shockwave_playerThe dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.2011-02-109.3CVE-2010-4188
CONFIRM
adobe -- shockwave_playerThe IML32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.2011-02-109.3CVE-2010-4189
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.2011-02-109.3CVE-2010-4190
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4192, and CVE-2010-4306.2011-02-109.3CVE-2010-4191
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4306.2011-02-109.3CVE-2010-4192
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.2011-02-109.3CVE-2010-4193
CONFIRM
adobe -- shockwave_playerThe dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.2011-02-109.3CVE-2010-4194
CONFIRM
adobe -- shockwave_playerThe TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.2011-02-109.3CVE-2010-4195
CONFIRM
adobe -- shockwave_playerThe Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.2011-02-109.3CVE-2010-4196
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4192.2011-02-109.3CVE-2010-4306
CONFIRM
adobe -- shockwave_playerBuffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.2011-02-109.3CVE-2010-4307
CONFIRM
adobe -- shockwave_playerAdobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.2011-02-109.3CVE-2011-0555
CONFIRM
adobe -- shockwave_playerThe Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0569.2011-02-109.3CVE-2011-0556
CONFIRM
adobe -- shockwave_playerInteger overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.2011-02-109.3CVE-2011-0557
CONFIRM
adobe -- flash_playerInteger overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via unspecified vectors.2011-02-109.3CVE-2011-0558
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0559
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0560
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0561
CONFIRM
adobe -- shockwave_playerThe Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0556.2011-02-109.3CVE-2011-0569
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0571
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0572
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0573
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0574
CONFIRM
adobe -- flash_playerUnspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.2011-02-109.3CVE-2011-0577
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0607, and CVE-2011-0608.2011-02-109.3CVE-2011-0578
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0608.2011-02-109.3CVE-2011-0607
CONFIRM
adobe -- flash_playerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.2011-02-109.3CVE-2011-0608
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606.2011-02-109.3CVE-2011-0563
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.2011-02-109.3CVE-2011-0564
CONFIRM
adobe -- acrobatUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585.2011-02-109.3CVE-2011-0565
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603.2011-02-109.3CVE-2011-0566
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0603.2011-02-109.3CVE-2011-0567
CONFIRM
adobe -- acrobatUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565.2011-02-109.3CVE-2011-0585
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.2011-02-109.3CVE-2011-0586
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.2011-02-109.3CVE-2011-0589
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.2011-02-109.3CVE-2011-0590
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.2011-02-109.3CVE-2011-0591
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.2011-02-109.3CVE-2011-0592
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.2011-02-109.3CVE-2011-0593
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.2011-02-109.3CVE-2011-0594
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.2011-02-109.3CVE-2011-0595
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602.2011-02-109.3CVE-2011-0596
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602.2011-02-109.3CVE-2011-0598
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.2011-02-109.3CVE-2011-0599
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.2011-02-109.3CVE-2011-0600
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599.2011-02-109.3CVE-2011-0602
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567.2011-02-109.3CVE-2011-0603
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0589.2011-02-109.3CVE-2011-0606
CONFIRM
bmc -- capacity_management_essentialsStack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.2011-02-1010.0CVE-2011-0975
XF
MISC
VUPEN
BID
BUGTRAQ
SECUNIA
OSVDB
ca -- etrust_secure_content_managerThe CA ETrust Secure Content Manager Common Services Transport (ECSQdmn.exe) allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow.2011-02-1010.0CVE-2011-0758
MISC
VUPEN
BID
BUGTRAQ
SECUNIA
MISC
emc -- networker_moduleThe irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.2011-02-1010.0CVE-2011-0647
MISC
VUPEN
BID
BUGTRAQ
SECUNIA
google -- chromeUse-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.2011-02-0410.0CVE-2011-0777
CONFIRM
CONFIRM
google -- chromeThe PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.2011-02-049.3CVE-2011-0780
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.2011-02-047.5CVE-2011-0781
CONFIRM
google -- chromeRace condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.2011-02-049.3CVE-2011-0784
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."2011-02-1010.0CVE-2011-0981
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.2011-02-1010.0CVE-2011-0982
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."2011-02-1010.0CVE-2011-0983
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.2011-02-107.8CVE-2011-0984
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.2011-02-1010.0CVE-2011-0985
CONFIRM
CONFIRM
hp -- data_protectorcrs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.2011-02-0810.0CVE-2011-0921
MISC
VUPEN
BID
MISC
hp -- data_protectorThe client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.2011-02-0810.0CVE-2011-0922
MISC
VUPEN
BID
MISC
hp -- data_protectorThe client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."2011-02-0810.0CVE-2011-0923
MISC
VUPEN
BID
MISC
hp -- data_protectorThe client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.2011-02-0810.0CVE-2011-0924
MISC
VUPEN
BID
MISC
ibm -- lotus_notesIBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.2011-02-089.3CVE-2011-0912
MISC
VUPEN
CONFIRM
ibm -- lotus_dominoStack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.2011-02-0810.0CVE-2011-0913
MISC
CONFIRM
ibm -- lotus_dominoInteger signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow.2011-02-0810.0CVE-2011-0914
MISC
CONFIRM
ibm -- lotus_dominoStack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23.2011-02-0810.0CVE-2011-0915
MISC
CONFIRM
ibm -- lotus_dominoStack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H.2011-02-0810.0CVE-2011-0916
MISC
CONFIRM
ibm -- lotus_dominoBuffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via an LDAP Bind operation, aka SPR KLYH87LMVX.2011-02-0810.0CVE-2011-0917
MISC
MISC
ibm -- lotus_dominoStack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.2011-02-0810.0CVE-2011-0918
MISC
MISC
ibm -- lotus_dominoMultiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ.2011-02-0810.0CVE-2011-0919
MISC
MISC
ibm -- lotus_dominoThe Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.2011-02-089.3CVE-2011-0920
CONFIRM
johan_lindskog -- aes_encryption_moduleThe AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user.2011-02-077.5CVE-2011-0899
BID
CONFIRM
CONFIRM
XF
SECUNIA
OSVDB
microsoft -- windows_7The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."2011-02-087.1CVE-2011-0031
MS
XF
VUPEN
BID
SECUNIA
microsoft -- windows_2003_serverThe Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."2011-02-087.2CVE-2011-0039
MS
VUPEN
BID
SECUNIA
microsoft -- windows_xpThe kernel in Microsoft Windows XP SP3 performs memory allocation before properly validating unspecified data obtained from a user, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Integer Truncation Vulnerability."2011-02-087.2CVE-2011-0045
MS
XF
microsoft -- windows_2003_serverwin32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."2011-02-087.2CVE-2011-0086
MS
VUPEN
BID
SECUNIA
microsoft -- windows_2003_serverwin32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."2011-02-087.2CVE-2011-0087
MS
VUPEN
BID
SECUNIA
microsoft -- windows_2003_serverwin32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."2011-02-087.2CVE-2011-0088
MS
VUPEN
BID
SECUNIA
microsoft -- windows_2003_serverwin32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."2011-02-087.2CVE-2011-0089
MS
VUPEN
BID
SECUNIA
microsoft -- windows_2003_serverwin32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."2011-02-087.2CVE-2011-0090
MS
VUPEN
BID
SECUNIA
microsoft -- windows_2003_serverThe OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."2011-02-109.3CVE-2011-0033
MS
microsoft -- ieMicrosoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.2011-02-109.3CVE-2011-0035
MS
microsoft -- ieMicrosoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.2011-02-109.3CVE-2011-0036
MS
microsoft -- ieUntrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."2011-02-109.3CVE-2011-0038
MS
microsoft -- windows_2003_serverKerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."2011-02-107.2CVE-2011-0043
MS
microsoft -- visioORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly handle objects in memory during the parsing of Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Object Memory Corruption Vulnerability."2011-02-109.3CVE-2011-0092
MS
microsoft -- visioELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."2011-02-109.3CVE-2011-0093
MS
microsoft -- powerpointMicrosoft Office PowerPoint 2007 does not properly handle Office Art containers, which allows remote attackers to execute arbitrary code via a container that triggers certain access to an uninitialized object.2011-02-109.3CVE-2011-0976
MISC
MISC
microsoft -- excelUse-after-free vulnerability in Microsoft Excel 2007 allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format.2011-02-109.3CVE-2011-0977
MISC
MISC
microsoft -- excelMicrosoft Office Excel does not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record.2011-02-109.3CVE-2011-0979
MISC
MISC
smc_networks -- smcd3g-ccr_firmwareA certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.2011-02-0810.0CVE-2011-0885
MISC
XF
BID
BUGTRAQ
EXPLOIT-DB
BUGTRAQ
topazsystems -- sigplus_pro_activex_controlTopaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content.2011-02-079.3CVE-2011-0323
XF
BID
MISC
SECUNIA
topazsystems -- sigplus_pro_activex_controlMultiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyString property, (2) NewPath parameter to the SetLocalIniFilePath method, or (3) NewPortPath parameter to the SetTabletPortPath method.2011-02-079.3CVE-2011-0324
XF
XF
XF
BID
MISC
SECUNIA
videolan -- vlc_media_playerThe StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.2011-02-079.3CVE-2011-0522
MLIST
MLIST
MLIST
CONFIRM
XF
VUPEN
BID
EXPLOIT-DB
MLIST
videolan -- vlc_media_playerdemux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.2011-02-079.3CVE-2011-0531
CONFIRM
MLIST
MLIST
CONFIRM
XF
SECTRACK
BID
SECUNIA
OSVDB
wireshark -- wiresharkWireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.2011-02-087.5CVE-2011-0538
CONFIRM
MLIST
MISC
XF
BID

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
adobe -- flash_playerUntrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.2011-02-106.9CVE-2011-0575
CONFIRM
adobe -- coldfusionMultiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2011-02-104.3CVE-2011-0580
CONFIRM
adobe -- coldfusionMultiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.2011-02-104.3CVE-2011-0581
CONFIRM
adobe -- coldfusionUnspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors.2011-02-105.0CVE-2011-0582
CONFIRM
adobe -- coldfusionCross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag.2011-02-104.3CVE-2011-0583
CONFIRM
adobe -- coldfusionSession fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors.2011-02-104.3CVE-2011-0584
CONFIRM
adobe -- acrobatUntrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588.2011-02-106.9CVE-2011-0562
CONFIRM
adobe -- acrobatUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.2011-02-106.8CVE-2011-0568
CONFIRM
adobe -- acrobatUntrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588.2011-02-106.9CVE-2011-0570
CONFIRM
adobe -- acrobatCross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604.2011-02-104.3CVE-2011-0587
CONFIRM
adobe -- acrobatUntrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570.2011-02-106.9CVE-2011-0588
CONFIRM
adobe -- acrobatCross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.2011-02-104.3CVE-2011-0604
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.2011-02-106.8CVE-2011-0605
CONFIRM
apache -- tomcatApache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.2011-02-105.0CVE-2011-0534
CONFIRM
XF
VUPEN
SECTRACK
BID
BUGTRAQ
CONFIRM
OSVDB
awcm-cms -- ar_web_content_managerMultiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php.2011-02-076.8CVE-2011-0903
XF
BID
EXPLOIT-DB
erick_woods -- terminal_server_clientStack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a .RDP file with a long hostname argument.2011-02-076.8CVE-2011-0900
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
erick_woods -- terminal_server_clientMultiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers to execute arbitrary code via a .RDP file with a long (1) username, (2) password, or (3) domain argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2011-02-076.8CVE-2011-0901
XF
XF
XF
SECUNIA
OSVDB
google -- chromeThe sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.2011-02-045.0CVE-2011-0776
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.2011-02-045.0CVE-2011-0778
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.2011-02-045.0CVE-2011-0779
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.2011-02-045.0CVE-2011-0782
CONFIRM
CONFIRM
google -- chromeUnspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."2011-02-044.3CVE-2011-0783
CONFIRM
CONFIRM
hp -- power_managerCross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.2011-02-086.8CVE-2011-0277
SECTRACK
BID
HP
HP
SECUNIA
microsoft -- windows_2003_serverThe Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.2011-02-086.9CVE-2011-0030
MS
microsoft -- windows_2003_serverThe server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."2011-02-085.0CVE-2011-0040
MS
VUPEN
BID
SECUNIA
microsoft -- windows_7Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."2011-02-106.4CVE-2011-0091
MS
microsoft -- excelStack-based buffer overflow in Microsoft Office Excel allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index.2011-02-106.8CVE-2011-0978
MISC
MISC
microsoft -- excelMicrosoft Office Excel 2003 does not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer.2011-02-106.8CVE-2011-0980
MISC
MISC
mit -- kerberosThe do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.2011-02-105.0CVE-2010-4022
BUGTRAQ
CONFIRM
BID
mit -- kerberosThe unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a
sequence.
2011-02-105.0CVE-2011-0281
BUGTRAQ
REDHAT
CONFIRM
MLIST
mit -- kerberosThe Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.2011-02-105.0CVE-2011-0282
BUGTRAQ
REDHAT
CONFIRM
mit -- kerberosThe Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.2011-02-105.0CVE-2011-0283
BUGTRAQ
CONFIRM
novell -- edirectoryUnspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.2011-02-105.0CVE-2010-4327
MISC
VUPEN
BID
BUGTRAQ
CONFIRM
SECUNIA
MISC
openssh -- opensshThe key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.2011-02-105.0CVE-2011-0539
CONFIRM
XF
VUPEN
SECTRACK
BID
MLIST
SECUNIA
oracle -- enterprise_managerPasslogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.2011-02-074.6CVE-2010-4506
MISC
redhat -- icedteaIcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.2011-02-046.8CVE-2011-0025
MISC
CONFIRM
XF
UBUNTU
BID
SECUNIA
smc_networks -- smcd3g-ccr_firmwareMultiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.2011-02-086.8CVE-2011-0886
MISC
XF
BID
BUGTRAQ
EXPLOIT-DB
BUGTRAQ
smc_networks -- smcd3g-ccr_firmwareThe web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.2011-02-085.0CVE-2011-0887
MISC
XF
BID
BUGTRAQ
EXPLOIT-DB
BUGTRAQ
sun -- sunosMultiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable.2011-02-076.9CVE-2011-0902
XF
BID
EXPLOIT-DB
vanillaforums -- vanilla_forumsCross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.2011-02-084.3CVE-2011-0526
MISC
MISC
OSVDB
SECUNIA
MLIST
MLIST
vanillaforums -- vanilla_forumsOpen redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.2011-02-085.8CVE-2011-0908
CONFIRM
vanillaforums -- vanilla_forumsCross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.2011-02-084.3CVE-2011-0909
CONFIRM
vanillaforums -- vanilla_forumsThe cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.2011-02-086.4CVE-2011-0910
CONFIRM
zikula -- zikula_application_frameworkZikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.2011-02-085.0CVE-2010-4728
CONFIRM
zikula -- zikula_application_frameworkZikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.2011-02-086.8CVE-2010-4729
CONFIRM
CONFIRM
zikula -- zikula_application_frameworkCross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.2011-02-086.8CVE-2011-0535
OSVDB
SECUNIA
FULLDISC
MLIST
MLIST
CONFIRM
CONFIRM
MISC
zikula -- zikula_application_frameworkCross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535.2011-02-084.3CVE-2011-0911
CONFIRM

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apache -- tomcatApache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.2011-02-101.2CVE-2010-3718
XF
BID
BUGTRAQ
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.