Vulnerability Summary for the Week of May 10, 2010
Released
May 17, 2010
Document ID
SB10-137
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 29o3_cms -- 29o3_cms | Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/. | 2010-05-12 | 7.5 | CVE-2010-1922 VUPEN BID BUGTRAQ MISC MISC |
| abushhab -- alwasel | Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php. | 2010-05-11 | 7.5 | CVE-2009-4862 XF MILW0RM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. | 2010-05-13 | 9.3 | CVE-2010-0127 VUPEN CONFIRM MISC SECUNIA |
| adobe -- director | Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. | 2010-05-13 | 9.3 | CVE-2010-0128 VUPEN CONFIRM MISC MISC SECUNIA |
| adobe -- shockwave_player | Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. | 2010-05-13 | 9.3 | CVE-2010-0129 VUPEN CONFIRM IDEFENSE MISC SECUNIA MISC FULLDISC |
| adobe -- shockwave_player | Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. | 2010-05-13 | 9.3 | CVE-2010-0130 VUPEN CONFIRM MISC SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. | 2010-05-13 | 9.3 | CVE-2010-0986 VUPEN CONFIRM MISC SECUNIA |
| adobe -- shockwave_player | Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. | 2010-05-13 | 9.3 | CVE-2010-0987 VUPEN CONFIRM MISC SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. | 2010-05-13 | 9.3 | CVE-2010-1280 VUPEN CONFIRM MISC MISC SECUNIA FULLDISC |
| adobe -- shockwave_player | iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | 2010-05-13 | 9.3 | CVE-2010-1281 VUPEN CONFIRM MISC SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. | 2010-05-13 | 9.3 | CVE-2010-1283 VUPEN CONFIRM MISC SECUNIA |
| adobe -- shockwave_player | The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | 2010-05-13 | 9.3 | CVE-2010-1292 VUPEN CONFIRM MISC SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | 2010-05-13 | 9.3 | CVE-2010-1284 VUPEN CONFIRM SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | 2010-05-13 | 9.3 | CVE-2010-1286 VUPEN CONFIRM SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | 2010-05-13 | 9.3 | CVE-2010-1287 VUPEN CONFIRM SECUNIA |
| adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors. | 2010-05-13 | 9.3 | CVE-2010-1288 VUPEN CONFIRM SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. | 2010-05-13 | 9.3 | CVE-2010-1289 VUPEN CONFIRM SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291. | 2010-05-13 | 9.3 | CVE-2010-1290 VUPEN CONFIRM SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290. | 2010-05-13 | 9.3 | CVE-2010-1291 VUPEN CONFIRM SECUNIA |
| ajsquare -- aj_shopping_cart | SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | 2010-05-12 | 7.5 | CVE-2010-1876 XF MISC SECUNIA MISC |
| apple -- safari | Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | 2010-05-13 | 7.6 | CVE-2010-1939 CERT-VN VUPEN BID OSVDB SECTRACK SECUNIA MISC MISC |
| artifex -- gpl_ghostscript | Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. | 2010-05-12 | 9.3 | CVE-2010-1869 MISC |
| awingsoft -- awakening_winds3d_viewer_plugin | The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file. | 2010-05-07 | 9.3 | CVE-2009-4850 MISC MISC SECUNIA OSVDB |
| blueflyingfish.no-ip -- com_orgchart | Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | 2010-05-12 | 7.5 | CVE-2010-1878 XF BID MISC MISC |
| campware.org -- campsite | SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | 2010-05-07 | 7.5 | CVE-2010-1867 CONFIRM MISC |
| com-property -- com_properties | SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-12 | 7.5 | CVE-2010-1874 XF BID MISC SECUNIA |
| com-property -- com_properties | Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-12 | 7.5 | CVE-2010-1875 XF BID OSVDB MISC SECUNIA |
| consona -- consona_dynamic_agent | tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \.pipe__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service. | 2010-05-12 | 7.2 | CVE-2010-1906 CERT-VN CONFIRM MISC BUGTRAQ MISC SECUNIA |
| consona -- consona_dynamic_agent | The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile. | 2010-05-12 | 9.3 | CVE-2010-1908 CERT-VN MISC BUGTRAQ MISC SECUNIA |
| consona -- consona_dynamic_agent | Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information. | 2010-05-12 | 7.6 | CVE-2010-1909 CERT-VN MISC BUGTRAQ MISC SECUNIA |
| consona -- consona_dynamic_agent | The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack. | 2010-05-12 | 9.3 | CVE-2010-1911 CERT-VN CONFIRM MISC BUGTRAQ MISC |
| consona -- consona_dynamic_agent | The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks." | 2010-05-12 | 9.3 | CVE-2010-1912 CERT-VN MISC BUGTRAQ MISC |
| consona -- consona_dynamic_agent | The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server. | 2010-05-12 | 9.3 | CVE-2010-1913 CERT-VN MISC BUGTRAQ MISC |
| csphere -- clansphere | Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php). | 2010-05-07 | 7.5 | CVE-2010-1865 CONFIRM CONFIRM XF VUPEN BID CONFIRM SECUNIA MISC MISC OSVDB OSVDB |
| demarque -- typing_pal | SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. | 2010-05-11 | 7.5 | CVE-2009-4860 MILW0RM |
| efrontlearning -- efront | SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. | 2010-05-12 | 7.5 | CVE-2010-1918 VUPEN BID MISC SECUNIA MISC OSVDB |
| gnustep -- gnustep_base | Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow. | 2010-05-12 | 7.2 | CVE-2010-1620 CONFIRM CONFIRM CONFIRM SECUNIA CONFIRM MLIST MLIST |
| hp -- loadrunner | Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. | 2010-05-07 | 10.0 | CVE-2010-1549 HP HP |
| hp -- openview_network_node_manager | Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter. | 2010-05-13 | 10.0 | CVE-2010-1550 HP MISC |
| hp -- openview_network_node_manager | Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter. | 2010-05-13 | 10.0 | CVE-2010-1551 MISC HP |
| hp -- openview_network_node_manager | Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters. | 2010-05-13 | 10.0 | CVE-2010-1552 HP MISC |
| hp -- openview_network_node_manager | Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter. | 2010-05-13 | 10.0 | CVE-2010-1553 HP MISC |
| hp -- openview_network_node_manager | Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter. | 2010-05-13 | 10.0 | CVE-2010-1554 HP MISC |
| hp -- openview_network_node_manager | Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter. | 2010-05-13 | 10.0 | CVE-2010-1555 HP MISC |
| jtmreseller -- com_jtm | SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php. | 2010-05-12 | 7.5 | CVE-2010-1877 XF BID MISC MISC |
| jvehicles -- com_jvehicles | SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | 2010-05-12 | 7.5 | CVE-2010-1873 XF BID OSVDB MISC SECUNIA MISC MISC |
| logoshows -- logoshows_bbs | SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 2010-05-11 | 7.5 | CVE-2009-4871 XF MILW0RM |
| logoshows -- logoshows_bbs | Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 2010-05-11 | 7.5 | CVE-2009-4872 MILW0RM |
| microsoft -- office | VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." | 2010-05-12 | 9.3 | CVE-2010-0815 MS |
| microsoft -- outlook_express | Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability." | 2010-05-12 | 9.3 | CVE-2010-0816 MS BID MISC BUGTRAQ |
| php -- php | The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | 2010-05-07 | 7.5 | CVE-2010-1868 MISC MISC MISC |
| phpcityportal -- phpcityportal | Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information. | 2010-05-11 | 7.5 | CVE-2009-4870 MILW0RM SECUNIA |
| phpscripte24 -- web_social_network_freunde_community | SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action. | 2010-05-12 | 7.5 | CVE-2010-1923 SECUNIA MISC OSVDB |
| phpscripte24 -- live_shopping_multi_portal_system | SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter. | 2010-05-12 | 7.5 | CVE-2010-1924 XF BID MISC SECUNIA OSVDB |
| rifat_kurban -- tekno.portal | SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. | 2010-05-12 | 7.5 | CVE-2010-1925 VUPEN BID MISC SECUNIA MISC |
| s9y -- serendipity | The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin. | 2010-05-12 | 7.5 | CVE-2010-1916 MISC MISC |
| typo3 -- typo3 | SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. | 2010-05-11 | 7.5 | CVE-2009-4855 XF BID MILW0RM |
| ultraplayer -- ultraplayer_media_player | Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file. | 2010-05-11 | 9.3 | CVE-2009-4863 XF VUPEN BID MILW0RM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- coldfusion | Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2010-05-13 | 4.3 | CVE-2009-3467 VUPEN CONFIRM SECUNIA |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | 2010-05-13 | 4.3 | CVE-2010-1282 VUPEN CONFIRM MISC FULLDISC |
| adobe -- coldfusion | Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-05-13 | 4.3 | CVE-2010-1293 VUPEN CONFIRM SECUNIA |
| cmsmadesimple -- cms_made_simple | Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter. | 2010-05-12 | 4.3 | CVE-2010-1482 BID BUGTRAQ MISC CONFIRM |
| consona -- consona_dynamic_agent | Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp. | 2010-05-12 | 4.3 | CVE-2010-1905 CERT-VN CONFIRM MISC BID BUGTRAQ MISC SECUNIA |
| consona -- consona_dynamic_agent | The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method. | 2010-05-12 | 4.3 | CVE-2010-1907 CERT-VN MISC BUGTRAQ MISC |
| consona -- consona_dynamic_agent | The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields. | 2010-05-12 | 5.1 | CVE-2010-1910 CERT-VN CONFIRM BID BUGTRAQ MISC SECUNIA |
| ecomstudio -- php_easy_shopping_cart | Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 2010-05-11 | 4.3 | CVE-2009-4856 XF SECUNIA MISC OSVDB |
| ecomstudio -- php_photo_vote1.3f | Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 2010-05-11 | 4.3 | CVE-2009-4857 XF SECUNIA MISC OSVDB |
| ethereal_group -- ethereal | The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. | 2010-05-12 | 4.3 | CVE-2010-1455 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM BID OSVDB SECUNIA |
| gnustep -- gnustep_base | Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. | 2010-05-12 | 4.9 | CVE-2010-1457 CONFIRM CONFIRM BID MLIST CONFIRM SECUNIA CONFIRM |
| hitronsoft -- answer_me | Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information. | 2010-05-11 | 4.3 | CVE-2009-4868 SECUNIA MISC |
| hitronsoft -- nasim_guest_book | Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 2010-05-11 | 4.3 | CVE-2009-4869 SECUNIA MISC |
| i-escorts -- i-escorts_agency_script | Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. | 2010-05-11 | 4.3 | CVE-2009-4864 XF MISC |
| i-escorts -- i-escorts_agency_script | Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. | 2010-05-11 | 6.8 | CVE-2009-4865 XF SECUNIA MISC OSVDB |
| matt_wright -- simple_search | Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information. | 2010-05-11 | 4.3 | CVE-2009-4866 XF SECUNIA MISC OSVDB |
| onlinetechtools.com -- owos_lite | Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. | 2010-05-11 | 4.3 | CVE-2009-4859 SECUNIA MISC |
| openmairie -- openannuaire | Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 2010-05-12 | 6.8 | CVE-2010-1920 VUPEN BID MISC SECUNIA MISC |
| openmairie -- openannuaire | Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/. | 2010-05-12 | 6.8 | CVE-2010-1921 VUPEN BID OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB MISC SECUNIA MISC |
| openmairie -- opencourrier | Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information. | 2010-05-12 | 6.8 | CVE-2010-1926 VUPEN OSVDB MISC SECUNIA MISC |
| openmairie -- opencourrier | Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information. | 2010-05-12 | 6.8 | CVE-2010-1927 VUPEN OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB MISC SECUNIA MISC |
| openmairie -- openplanning | Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 2010-05-12 | 6.8 | CVE-2010-1928 XF OSVDB MISC SECUNIA MISC |
| openmairie -- openplanning | Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/. | 2010-05-12 | 6.8 | CVE-2010-1934 OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB MISC SECUNIA MISC |
| openmairie -- openpresse | Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 2010-05-12 | 6.8 | CVE-2010-1935 XF OSVDB MISC SECUNIA MISC |
| openmairie -- opencominterne | Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 2010-05-12 | 6.8 | CVE-2010-1936 XF OSVDB MISC SECUNIA MISC |
| php -- php | The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | 2010-05-12 | 5.0 | CVE-2010-1914 MISC MISC MISC |
| php -- php | The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. | 2010-05-12 | 5.0 | CVE-2010-1915 MISC |
| php -- php | Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. | 2010-05-12 | 5.0 | CVE-2010-1917 MISC |
| realitymedias -- repairshop2 | SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-05-07 | 6.8 | CVE-2010-1857 BID SECUNIA |
| supportpro -- supportdesk | Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 2010-05-11 | 4.3 | CVE-2009-4861 SECUNIA MISC |
| tony_million -- tuniac | Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file. | 2010-05-11 | 4.3 | CVE-2009-4867 XF VUPEN MILW0RM |
| toutvirtual -- virtualiq | The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields. | 2010-05-07 | 5.0 | CVE-2009-4845 BUGTRAQ MISC |
| transmissionbt -- transmission | Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. | 2010-05-07 | 6.8 | CVE-2010-1853 BID VUPEN OSVDB CONFIRM CONFIRM CONFIRM SECUNIA |
| tufat -- flashcard | Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | 2010-05-12 | 4.3 | CVE-2010-1872 MISC BID SECUNIA MISC |
| turnkeyforms -- yahoo-answers-clone | Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | 2010-05-11 | 4.3 | CVE-2009-4858 SECUNIA MISC |
| vmware -- view_manager | Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-05-07 | 4.3 | CVE-2010-1143 CONFIRM MLIST BID SECTRACK |
| xoops -- xoops | The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. | 2010-05-07 | 5.0 | CVE-2009-4851 CONFIRM MISC VUPEN SECUNIA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- coldfusion | Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. | 2010-05-13 | 2.1 | CVE-2010-1294 VUPEN CONFIRM SECUNIA |
| pmwiki -- pmwiki | Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute. | 2010-05-12 | 3.5 | CVE-2010-1481 BID BUGTRAQ SECUNIA MISC |
| redhat -- enterprise_linux | The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. | 2010-05-12 | 2.6 | CVE-2010-0730 REDHAT CONFIRM BID SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.