Vulnerability Summary for the Week of July 26, 2010

Released
Aug 02, 2010
Document ID
SB10-214

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
adammo -- fat_playerStack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.2010-07-289.3CVE-2009-4962
XF
VUPEN
SECUNIA
OSVDB
alexred -- com_oziogallerySQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.2010-07-287.5CVE-2010-2910
XF
EXPLOIT-DB
MISC
apple -- itunesBuffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.2010-07-309.3CVE-2010-1777
CONFIRM
APPLE
brotherscripts -- scripts_directorySQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.2010-07-287.5CVE-2010-2905
XF
BID
EXPLOIT-DB
SECUNIA
brotherscripts -- scripts_directorySQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.2010-07-287.5CVE-2010-2906
XF
EXPLOIT-DB
SECUNIA
christian_ehmann -- event_registrSQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4968
VUPEN
BID
CONFIRM
cisco -- content_delivery_systemDirectory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.2010-07-287.8CVE-2010-1577
CISCO
XF
VUPEN
SECTRACK
SECUNIA
OSVDB
elemente -- ast_addresszipsearchSQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4966
VUPEN
BID
CONFIRM
emophp -- emo_breeder_managerSQL injection vulnerability in video.php in EMO Breader Manager allows remote attackers to execute arbitrary SQL commands via the idd parameter.2010-07-287.5CVE-2009-4958
SECUNIA
gonzalo_maser -- com_artformsMultiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.2010-07-247.5CVE-2010-2847
XF
BID
BUGTRAQ
EXPLOIT-DB
MISC
google -- chromeGoogle Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.2010-07-2810.0CVE-2010-2897
SECUNIA
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.2010-07-2810.0CVE-2010-2898
SECUNIA
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.2010-07-2810.0CVE-2010-2900
SECUNIA
CONFIRM
CONFIRM
google -- chromeThe rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.2010-07-2810.0CVE-2010-2901
SECUNIA
CONFIRM
CONFIRM
google -- chromeThe SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.2010-07-2810.0CVE-2010-2902
SECUNIA
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.2010-07-2810.0CVE-2010-2903
SECUNIA
CONFIRM
CONFIRM
hp -- openview_network_node_managerStack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.2010-07-2810.0CVE-2010-2703
HP
HP
VUPEN
SECTRACK
SECTRACK
BID
BUGTRAQ
BUGTRAQ
VIM
SECUNIA
OSVDB
hp -- openview_network_node_managerBuffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.2010-07-2810.0CVE-2010-2704
HP
HP
VUPEN
BID
BUGTRAQ
VIM
SECUNIA
HP
huruhelpdesk -- com_huruhelpdeskSQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.2010-07-287.5CVE-2010-2907
XF
BID
EXPLOIT-DB
MISC
iscripts -- visualcasterSQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.2010-07-247.5CVE-2010-2853
XF
BID
OSVDB
MISC
EXPLOIT-DB
SECUNIA
MISC
jochen_rieger -- carSQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4967
VUPEN
CONFIRM
BID
joomdle -- com_joomdleSQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.2010-07-287.5CVE-2010-2908
XF
VUPEN
EXPLOIT-DB
MISC
kayako -- esupportSQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.2010-07-287.5CVE-2010-2911
XF
VUPEN
BID
EXPLOIT-DB
MISC
kayako -- esupportSQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.2010-07-287.5CVE-2010-2912
XF
BID
EXPLOIT-DB
MISC
ksplayer -- ksp_sound_playerStack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file.2010-07-289.3CVE-2009-4964
XF
VUPEN
likewise -- likewise_cifsThe pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.2010-07-289.3CVE-2010-0833
CONFIRM
VUPEN
UBUNTU
BUGTRAQ
SECUNIA
SECUNIA
mozilla -- firefoxlayout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.2010-07-3010.0CVE-2010-2755
CONFIRM
CONFIRM
ordasoft -- com_booklibrarySQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.2010-07-247.5CVE-2010-2851
XF
VUPEN
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
schlu.net -- com_quickfaqSQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.2010-07-247.5CVE-2010-2845
XF
BID
EXPLOIT-DB
MISC
stefan_koch -- t3mSQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4959
VUPEN
BID
CONFIRM
sweetphp -- totalcalendarSQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.2010-07-287.5CVE-2009-4973
MILW0RM
sweetphp -- totalcalendarDirectory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.2010-07-287.5CVE-2009-4974
MILW0RM
thomas_waggershauser -- air_lexiconSQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4965
VUPEN
BID
CONFIRM
toughtomato -- com_ttvideoSQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.2010-07-287.5CVE-2010-2909
XF
CONFIRM
BUGTRAQ
BUGTRAQ
EXPLOIT-DB
SECUNIA
OSVDB
MISC
typo3 -- sbannerSQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4969
VUPEN
BID
CONFIRM
typo3-macher -- t3m_affiliateSQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4970
VUPEN
BID
CONFIRM
vincent_tietz -- vjchatSQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-07-287.5CVE-2009-4971
VUPEN
CONFIRM
BID

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apache -- http_serverThe (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.2010-07-285.0CVE-2010-1452
MLIST
CONFIRM
CONFIRM
boesch-it -- simpnewsMultiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.2010-07-244.3CVE-2010-2858
XF
BID
BUGTRAQ
MISC
SECUNIA
MISC
boesch-it -- simpnewsnews.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.2010-07-245.0CVE-2010-2859
BUGTRAQ
MISC
danieljamesscott -- com_musicDirectory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.2010-07-246.8CVE-2010-2857
XF
BID
EXPLOIT-DB
MISC
gonzalo_maser -- com_artformsCross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.2010-07-244.3CVE-2010-2846
XF
BID
BUGTRAQ
EXPLOIT-DB
MISC
gonzalo_maser -- com_artformsDirectory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.2010-07-245.0CVE-2010-2848
XF
BID
BUGTRAQ
EXPLOIT-DB
MISC
google -- chromeUnspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.2010-07-285.0CVE-2010-2899
SECUNIA
CONFIRM
CONFIRM
ibm -- filenet_content_managerIBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.2010-07-284.3CVE-2010-2896
VUPEN
CONFIRM
SECUNIA
jared_meeker -- event_horizonMultiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-07-246.8CVE-2010-2855
BID
SECUNIA
kelvin_mo -- simpleidCross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter.2010-07-284.3CVE-2009-4972
CONFIRM
CONFIRM
CONFIRM
OSVDB
MISC
lanai-core -- lanai-coreDirectory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.2010-07-285.0CVE-2009-4960
XF
VUPEN
lanai-core -- lanai-coreLanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.2010-07-285.0CVE-2009-4961
MILW0RM
mozilla -- firefoxdom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.2010-07-305.0CVE-2010-2754
CONFIRM
CONFIRM
newanz -- newsofficeCross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter.2010-07-244.3CVE-2010-2844
XF
VUPEN
BID
MISC
MISC
nusoftware -- nubuilderCross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.2010-07-244.3CVE-2010-2849
CONFIRM
XF
VUPEN
BID
OSVDB
SECUNIA
MISC
MISC
nusoftware -- nubuilderDirectory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.2010-07-246.8CVE-2010-2850
CONFIRM
XF
VUPEN
BID
OSVDB
SECUNIA
MISC
MISC
openldap -- openldapThe slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.2010-07-285.0CVE-2010-0211
BID
VUPEN
VUPEN
SECTRACK
REDHAT
REDHAT
CONFIRM
SECUNIA
SECUNIA
SECUNIA
openldap -- openldapOpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.2010-07-285.0CVE-2010-0212
VUPEN
BID
VUPEN
SECTRACK
REDHAT
CONFIRM
SECUNIA
SECUNIA
openttd -- openttdThe NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.2010-07-285.0CVE-2010-2534
VUPEN
BID
CONFIRM
MISC
CONFIRM
XF
VUPEN
MLIST
SECUNIA
SECUNIA
OSVDB
FEDORA
FEDORA
oscss -- oscssCross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.2010-07-244.3CVE-2010-2856
XF
VUPEN
BID
MISC
SECUNIA
OSVDB
pidgin -- pidginThe clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.2010-07-304.0CVE-2010-2528
CONFIRM
XF
VUPEN
BID
OSVDB
SECUNIA
CONFIRM
CONFIRM
rsa -- federated_identity_managerOpen redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.2010-07-286.0CVE-2010-2337
CONFIRM
XF
VUPEN
SECTRACK
BID
SECUNIA
OSVDB
BUGTRAQ
sap -- netweaverMultiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.2010-07-284.3CVE-2010-2904
MISC
XF
VUPEN
OSVDB
OSVDB
SECUNIA
MISC
MISC
skbuff -- iputilsUnspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.2010-07-285.0CVE-2010-2529
VUPEN
BID
MANDRIVA

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
citibank -- citi_mobileThe Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.2010-07-302.1CVE-2010-2913
MISC
SECTRACK
MISC
isc -- bindBIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.2010-07-282.6CVE-2010-0213
CERT-VN
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
SECUNIA
FEDORA
jared_meeker -- event_horizonMultiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.2010-07-242.6CVE-2010-2854
SECUNIA
CONFIRM
runcms -- runcmsCross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.2010-07-242.6CVE-2010-2852
XF
BID
SECUNIA
OSVDB
MISC
typo3 -- commerce_extensionCross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2010-07-283.5CVE-2009-4963
VUPEN
CONFIRM
BID

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.