Vulnerability Summary for the Week of August 2, 2010
Released
Aug 09, 2010
Document ID
SB10-221
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ajsquare -- aj_hyip | SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-07-30 | 7.5 | CVE-2010-2915 XF EXPLOIT-DB MISC |
| ajsquare -- aj_hyip | SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-07-30 | 7.5 | CVE-2010-2916 XF EXPLOIT-DB MISC |
| ali_kenan -- aky_blog | SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-07-30 | 7.5 | CVE-2010-2922 XF EXPLOIT-DB SECUNIA MISC |
| apple -- itunes | Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. | 2010-07-30 | 9.3 | CVE-2010-1777 CONFIRM APPLE |
| apple -- safari | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. | 2010-07-30 | 9.3 | CVE-2010-1780 BID APPLE CONFIRM |
| apple -- safari | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. | 2010-07-30 | 9.3 | CVE-2010-1782 BID APPLE CONFIRM |
| apple -- safari | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 2010-07-30 | 9.3 | CVE-2010-1783 BID APPLE CONFIRM |
| apple -- safari | The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 2010-07-30 | 9.3 | CVE-2010-1784 BID APPLE CONFIRM |
| apple -- safari | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | 2010-07-30 | 9.3 | CVE-2010-1785 BID APPLE CONFIRM |
| apple -- safari | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. | 2010-07-30 | 9.3 | CVE-2010-1786 BID APPLE CONFIRM |
| apple -- safari | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. | 2010-07-30 | 9.3 | CVE-2010-1787 BID APPLE CONFIRM |
| apple -- safari | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. | 2010-07-30 | 9.3 | CVE-2010-1788 BID APPLE CONFIRM |
| apple -- safari | Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. | 2010-07-30 | 9.3 | CVE-2010-1789 BID APPLE CONFIRM |
| apple -- safari | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." | 2010-07-30 | 9.3 | CVE-2010-1790 BID APPLE CONFIRM |
| apple -- safari | Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. | 2010-07-30 | 9.3 | CVE-2010-1791 BID APPLE CONFIRM |
| apple -- safari | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. | 2010-07-30 | 9.3 | CVE-2010-1792 BID APPLE CONFIRM |
| apple -- safari | Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. | 2010-07-30 | 9.3 | CVE-2010-1793 BID APPLE CONFIRM |
| emc -- disk_library | Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP. | 2010-08-02 | 7.8 | CVE-2010-2633 VUPEN BID SECTRACK SECUNIA BUGTRAQ |
| emc -- celerra_network_attached_storage | The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests. | 2010-08-05 | 9.3 | CVE-2010-2860 MISC SECTRACK FULLDISC |
| gigabyte -- dldrv2_activex_control | The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via vectors involving the SetDLInfo method in conjunction with the Bdl method. | 2010-08-02 | 10.0 | CVE-2010-1517 MISC SECUNIA |
| gigabyte -- dldrv2_activex_control | Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument. | 2010-08-02 | 10.0 | CVE-2010-1518 MISC SECUNIA |
| joomlaxt -- com_staticxt | SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 2010-07-30 | 7.5 | CVE-2010-2919 XF EXPLOIT-DB MISC |
| mozilla -- firefox | layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. | 2010-07-30 | 10.0 | CVE-2010-2755 CONFIRM CONFIRM |
| mozilla -- firefox | The attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. | 2010-07-30 | 9.3 | CVE-2010-1208 CONFIRM CONFIRM |
| mozilla -- firefox | Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes. | 2010-07-30 | 9.3 | CVE-2010-1209 CONFIRM CONFIRM |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-07-30 | 9.3 | CVE-2010-1211 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function. | 2010-07-30 | 9.3 | CVE-2010-1212 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. | 2010-07-30 | 9.3 | CVE-2010-1214 CONFIRM CONFIRM |
| mozilla -- firefox | Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array. | 2010-07-30 | 9.3 | CVE-2010-2752 CONFIRM CONFIRM |
| mozilla -- firefox | Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element. | 2010-07-30 | 9.3 | CVE-2010-2753 CONFIRM CONFIRM |
| openfreeway -- freeway | SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter. | 2010-07-30 | 7.5 | CVE-2010-2925 XF BID EXPLOIT-DB MISC |
| pharscape -- hsolink | hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action. | 2010-08-02 | 7.2 | CVE-2010-1671 OSVDB SECUNIA CONFIRM |
| pharscape -- hsolink | hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671. | 2010-08-02 | 7.2 | CVE-2010-2929 CONFIRM |
| pharscape -- hsolink | Multiple stack-based buffer overflows in hsolinkcontrol in hsolink 1.0.118 allow local users to gain privileges via long command-line arguments, a different vulnerability than CVE-2010-1671. NOTE: some of these details are obtained from third party information. | 2010-08-02 | 7.2 | CVE-2010-2930 SECUNIA MISC |
| photoindochina -- com_golfcourseguide | SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. | 2010-07-30 | 7.5 | CVE-2010-2921 XF EXPLOIT-DB MISC |
| prasanna -- com_youtube | SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. | 2010-07-30 | 7.5 | CVE-2010-2923 XF BID EXPLOIT-DB MISC |
| raphael_assenat -- libmikmod | Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. | 2010-08-05 | 9.3 | CVE-2010-2546 CONFIRM VUPEN BID DEBIAN MISC SECUNIA |
| raphael_assenat -- libmikmod | loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995. | 2010-08-05 | 9.3 | CVE-2010-2971 CONFIRM DEBIAN MISC |
| rockwellautomation -- 1756-enbt_series_a | The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. | 2010-08-05 | 10.0 | CVE-2010-2965 CERT-VN CONFIRM CONFIRM CONFIRM CONFIRM MISC |
| silvercover -- mylinksdump_plugin | SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. | 2010-07-30 | 7.5 | CVE-2010-2924 XF EXPLOIT-DB SECUNIA OSVDB |
| solucija -- snews | SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 2010-07-30 | 7.5 | CVE-2010-2926 XF EXPLOIT-DB |
| umn -- mapserver | mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments. | 2010-08-02 | 10.0 | CVE-2010-2540 BID CONFIRM MLIST MLIST MLIST |
| visocrea -- com_joomla_visites | PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 2010-07-30 | 7.5 | CVE-2010-2918 XF VUPEN BID EXPLOIT-DB MISC |
| windriver -- vxworks | The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. | 2010-08-05 | 7.8 | CVE-2010-2966 CERT-VN MISC |
| windriver -- vxworks | The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. | 2010-08-05 | 7.8 | CVE-2010-2967 CERT-VN CONFIRM CONFIRM MISC |
| windriver -- vxworks | The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2010-08-05 | 7.8 | CVE-2010-2968 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adjam -- rekonq | Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history. | 2010-08-02 | 4.3 | CVE-2010-2536 CONFIRM OSVDB SECUNIA MLIST MLIST |
| ajsquare -- aj_article | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information. | 2010-07-30 | 4.3 | CVE-2010-2917 XF BID OSVDB EXPLOIT-DB SECUNIA MISC |
| apple -- safari | Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | 2010-07-30 | 4.3 | CVE-2010-1778 BID APPLE CONFIRM |
| apple -- mac_os_x | The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field. | 2010-08-02 | 4.9 | CVE-2010-1794 BUGTRAQ BID SECTRACK |
| eterna -- bozohttpd | bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC." | 2010-08-02 | 5.0 | CVE-2010-2195 CONFIRM MISC CONFIRM CONFIRM |
| eterna -- bozohttpd | bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. | 2010-08-02 | 5.0 | CVE-2010-2320 CONFIRM CONFIRM CONFIRM SECUNIA CONFIRM |
| foobla -- com_foobla_suggestions | Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | 2010-07-30 | 6.8 | CVE-2010-2920 XF VUPEN BID EXPLOIT-DB MISC |
| heinz_mauelshagen -- lvm2 | The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. | 2010-08-05 | 4.6 | CVE-2010-2526 MLIST REDHAT REDHAT CONFIRM XF VUPEN OSVDB SECTRACK SECUNIA |
| ibm -- tivoli_directory_server | The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. | 2010-08-02 | 5.0 | CVE-2010-2927 CONFIRM AIXAPAR BID SECUNIA |
| kvirc -- kvirc | The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving and 40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452. | 2010-08-02 | 6.5 | CVE-2010-2785 CONFIRM CONFIRM MLIST MLIST OSVDB SECUNIA SECUNIA FEDORA FEDORA CONFIRM |
| mlmmj -- mlmmj | Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action. | 2010-08-02 | 6.5 | CVE-2009-4896 MLIST CONFIRM MLIST MLIST MLIST MLIST MLIST DEBIAN SECUNIA CONFIRM CONFIRM |
| moinmo -- moinmoin | Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. | 2010-08-05 | 4.3 | CVE-2010-2487 CONFIRM VUPEN BID DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| moinmo -- moinmoin | Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. | 2010-08-05 | 4.3 | CVE-2010-2969 VUPEN BID DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| moinmo -- moinmoin | Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. | 2010-08-05 | 4.3 | CVE-2010-2970 VUPEN BID DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | 2010-07-30 | 5.0 | CVE-2010-2754 CONFIRM CONFIRM |
| mozilla -- firefox | Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. | 2010-07-30 | 4.3 | CVE-2010-1207 CONFIRM CONFIRM |
| mozilla -- firefox | intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. | 2010-07-30 | 4.3 | CVE-2010-1210 CONFIRM CONFIRM |
| mozilla -- firefox | The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. | 2010-07-30 | 4.3 | CVE-2010-1213 CONFIRM CONFIRM |
| mozilla -- firefox | Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope." | 2010-07-30 | 6.8 | CVE-2010-1215 CONFIRM CONFIRM |
| nessus -- web_server_plugin | Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-07-30 | 4.3 | CVE-2010-2914 CONFIRM SECTRACK BUGTRAQ SECUNIA |
| nokia -- qtdemobrowser | Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | 2010-08-02 | 4.3 | CVE-2009-4975 MISC MISC MISC |
| pidgin -- pidgin | The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. | 2010-07-30 | 4.0 | CVE-2010-2528 CONFIRM XF VUPEN BID OSVDB SECUNIA CONFIRM CONFIRM |
| piwik -- piwik | Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request. | 2010-08-02 | 6.8 | CVE-2010-2786 XF VUPEN BID OSVDB SECUNIA CONFIRM CONFIRM MLIST MLIST |
| urs_wolfer -- kwebkitpart | Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | 2010-08-02 | 4.3 | CVE-2009-4976 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- safari | The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. | 2010-07-30 | 2.6 | CVE-2010-1796 BID APPLE CONFIRM |
| citibank -- citi_mobile | The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | 2010-07-30 | 2.1 | CVE-2010-2913 MISC SECTRACK MISC |
| mozilla -- firefox | The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. | 2010-07-30 | 2.6 | CVE-2010-2751 CONFIRM CONFIRM |
| umn -- mapserver | Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files. | 2010-08-02 | 2.1 | CVE-2010-2539 CONFIRM MLIST CONFIRM BID MLIST MLIST |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.