Vulnerability Summary for the Week of November 1, 2010
Released
Nov 08, 2010
Document ID
SB10-312
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 4site -- 4site_cms | SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646. | 2010-11-03 | 7.5 | CVE-2010-4152 BID BUGTRAQ MISC SECUNIA |
| adobe -- shockwave_player | dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. | 2010-10-29 | 9.3 | CVE-2010-2581 CONFIRM |
| adobe -- shockwave_player | An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code. | 2010-10-29 | 9.3 | CVE-2010-2582 CONFIRM |
| adobe -- acrobat | Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.95.2 and earlier on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. | 2010-10-29 | 9.3 | CVE-2010-3654 CERT-VN BID CONFIRM SECUNIA MISC |
| adobe -- shockwave_player | Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors. | 2010-10-29 | 9.3 | CVE-2010-3655 CONFIRM |
| adobe -- shockwave_player | dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. | 2010-10-29 | 9.3 | CVE-2010-4084 CONFIRM |
| adobe -- shockwave_player | dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088. | 2010-10-29 | 9.3 | CVE-2010-4085 CONFIRM |
| adobe -- shockwave_player | dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088. | 2010-10-29 | 9.3 | CVE-2010-4086 CONFIRM |
| adobe -- shockwave_player | IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089. | 2010-10-29 | 9.3 | CVE-2010-4087 CONFIRM |
| adobe -- shockwave_player | dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086. | 2010-10-29 | 9.3 | CVE-2010-4088 CONFIRM |
| adobe -- shockwave_player | IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4087. | 2010-10-29 | 9.3 | CVE-2010-4089 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2010-10-29 | 9.3 | CVE-2010-4090 CONFIRM |
| anyconnect -- anyconnect | Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-11-01 | 9.3 | CVE-2010-4148 XF BID OSVDB MISC SECUNIA MISC BUGTRAQ |
| aspindir -- kisisel_radyo_script | SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. | 2010-11-01 | 7.5 | CVE-2010-4144 XF BID EXPLOIT-DB SECUNIA MISC |
| avactis -- avactis_shopping_cart | Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php. | 2010-11-01 | 7.5 | CVE-2010-4147 XF CONFIRM BID OSVDB OSVDB SECUNIA MISC |
| cisco -- ciscoworks_common_services | Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. | 2010-10-29 | 10.0 | CVE-2010-3036 BID CISCO VUPEN SECTRACK SECUNIA |
| crossftp -- crossftp_pro | Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-11-03 | 9.3 | CVE-2010-4153 XF BID OSVDB MISC SECUNIA |
| freshwebmaster -- fresh_ftp | Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. | 2010-11-01 | 9.3 | CVE-2010-4149 XF BID BUGTRAQ OSVDB MISC SECUNIA MISC |
| hp -- insight_control_performance_management | Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | 2010-11-01 | 8.0 | CVE-2010-4031 VUPEN HP HP |
| realflex -- realwin | Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests. | 2010-11-01 | 10.0 | CVE-2010-4142 BID EXPLOIT-DB EXPLOIT-DB SECUNIA MISC |
| rhinosoft -- ftp_voyager | Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a filename. | 2010-11-03 | 9.3 | CVE-2010-4154 XF BID OSVDB MISC SECUNIA MISC BUGTRAQ |
| sonicwall -- ssl-vpn_end-point_interrogator/installer_activex_control | Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. | 2010-11-03 | 9.3 | CVE-2010-2583 XF SECTRACK BID BUGTRAQ CONFIRM MISC SECUNIA |
| vim -- gvim | Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. | 2010-11-03 | 9.3 | CVE-2010-3914 JVN CONFIRM BID SECUNIA JVNDB |
| wsn -- links | Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. | 2010-11-03 | 7.5 | CVE-2010-4006 MISC BID BUGTRAQ |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| acegisecurity -- acegi-security | VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. | 2010-10-29 | 5.0 | CVE-2010-3700 MISC BID BUGTRAQ |
| aspindir -- kisisel_radyo_script | Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | 2010-11-01 | 5.0 | CVE-2010-4145 EXPLOIT-DB SECUNIA MISC |
| attachmate -- reflection_for_the_web | Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-11-01 | 4.3 | CVE-2010-4146 XF BID CONFIRM SECUNIA OSVDB |
| deliciousdays -- cforms | Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. | 2010-11-03 | 4.3 | CVE-2010-3977 BID BUGTRAQ MISC SECUNIA |
| deluxebb -- deluxebb | SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033. | 2010-11-03 | 6.8 | CVE-2010-4151 XF CONFIRM BID BUGTRAQ MISC SECUNIA MISC |
| exv2 -- exv2 | Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. | 2010-11-03 | 4.3 | CVE-2010-4155 XF MISC BID MISC |
| hp -- insight_control_performance_management | Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-11-01 | 4.3 | CVE-2010-4030 VUPEN HP HP |
| hp -- insight_control_performance_management | Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-11-01 | 6.8 | CVE-2010-4032 VUPEN HP HP |
| hp -- insight_control_performance_management | Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors. | 2010-11-01 | 5.0 | CVE-2010-4100 VUPEN HP HP |
| hp -- insight_recovery | Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-11-01 | 4.3 | CVE-2010-4101 VUPEN BID HP HP SECUNIA |
| hp -- insight_recovery | Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | 2010-11-01 | 5.0 | CVE-2010-4102 VUPEN BID HP HP SECUNIA |
| hp -- insight_managed_system_setup_wizard | Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | 2010-11-01 | 5.0 | CVE-2010-4103 XF VUPEN BID HP HP SECUNIA |
| hp -- insight_orchestration | Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | 2010-11-01 | 5.0 | CVE-2010-4104 VUPEN BID HP HP SECUNIA |
| hp -- insight_orchestration | Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors. | 2010-11-01 | 6.4 | CVE-2010-4105 VUPEN BID HP HP SECUNIA |
| hp -- insight_control_for_linux | Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-11-01 | 6.8 | CVE-2010-4106 XF VUPEN BID HP HP SECUNIA |
| phpcheckz -- phpcheckz | SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2010-11-01 | 6.8 | CVE-2010-4143 EXPLOIT-DB |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.