Vulnerability Summary for the Week of December 6, 2010

Released
Dec 14, 2010
Document ID
SB10-347

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
aigaion -- aigaionSQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.2010-12-087.5CVE-2010-4503
BID
SECUNIA
MISC
anything-digital -- sh404sefSQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-12-067.5CVE-2010-4404
BID
MISC
SECUNIA
CONFIRM
apple -- quicktimeHeap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.2010-12-099.3CVE-2010-1508
APPLE
MISC
CONFIRM
MISC
apple -- quicktimeApple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.2010-12-099.3CVE-2010-3800
APPLE
MISC
MISC
CONFIRM
IDEFENSE
apple -- quicktimeApple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.2010-12-099.3CVE-2010-3801
APPLE
MISC
CONFIRM
apple -- quicktimeInteger signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.2010-12-099.3CVE-2010-3802
APPLE
MISC
CONFIRM
apple -- quicktimeInteger overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.2010-12-099.3CVE-2010-4009
APPLE
CONFIRM
ca -- internet_security_suite_plus_2010Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.2010-12-087.2CVE-2010-4502
VUPEN
SECTRACK
EXPLOIT-DB
SECUNIA
clamav -- clamavOff-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.2010-12-077.5CVE-2010-4261
CONFIRM
CONFIRM
MISC
VUPEN
VUPEN
BID
MANDRIVA
SECUNIA
SECUNIA
MLIST
MLIST
MLIST
FEDORA
CONFIRM
dynpg -- dynpg_cmsSQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.2010-12-067.5CVE-2010-4400
CONFIRM
BID
MISC
EXPLOIT-DB
MISC
OSVDB
google -- chromeUse-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.2010-12-079.3CVE-2010-4486
CONFIRM
CONFIRM
google -- chromeIncomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."2010-12-077.5CVE-2010-4487
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.2010-12-079.3CVE-2010-4490
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.2010-12-0710.0CVE-2010-4492
CONFIRM
CONFIRM
google -- chromeDouble free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.2010-12-0710.0CVE-2010-4494
CONFIRM
CONFIRM
linux -- kernelThe rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.2010-12-067.2CVE-2010-3904
CERT-VN
MISC
CONFIRM
CONFIRM
MISC
UBUNTU
REDHAT
REDHAT
CONFIRM
SECTRACK
SUSE
michael_dehaan -- cobblerCobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.2010-12-097.5CVE-2009-5021
CONFIRM
michael_dehaan -- cobblertemplate_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.2010-12-098.5CVE-2010-2235
CONFIRM
CONFIRM
REDHAT
michael_dehaan -- cobblerCobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.2010-12-097.2CVE-2010-4512
CONFIRM
microsoft -- windows_2003_serverStack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 through R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key.2010-12-067.2CVE-2010-4398
CERT-VN
EXPLOIT-DB
MISC
MISC
SECUNIA
MISC
MISC
mozilla -- firefoxThe WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.2010-12-0910.0CVE-2010-4508
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.2010-12-109.3CVE-2010-3766
CONFIRM
CONFIRM
novell -- monoMono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.2010-12-067.5CVE-2010-4254
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
openssh -- opensshOpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.2010-12-067.5CVE-2010-4478
MISC
CONFIRM
CONFIRM
CONFIRM
MISC
openssl -- opensslOpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.2010-12-067.5CVE-2010-4252
MISC
CONFIRM
CONFIRM
VUPEN
VUPEN
BID
SLACKWARE
SECTRACK
SECUNIA
MISC
CONFIRM
redhat -- enterprise_mrgThe installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.2010-12-077.5CVE-2010-4179
CONFIRM
VUPEN
SECTRACK
REDHAT
REDHAT
SECUNIA
sixapart -- movabletypeSQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-12-097.5CVE-2010-3922
CONFIRM
SECUNIA
JVNDB
JVN
sixapart -- movabletypeMultiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags.2010-12-0910.0CVE-2010-4509
CONFIRM
sixapart -- movabletypeUnspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message."2010-12-0910.0CVE-2010-4511
CONFIRM
systemtap -- systemtapThe staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.2010-12-077.2CVE-2010-4170
CONFIRM
XF
SECTRACK
BID
REDHAT
REDHAT
EXPLOIT-DB
MLIST
SECUNIA
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA
vmware -- movie_decoderThe frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.2010-12-069.3CVE-2010-4294
VUPEN
CONFIRM
SECTRACK
BID
BUGTRAQ
SECUNIA
OSVDB
MLIST
vmware -- fusionvmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.2010-12-067.2CVE-2010-4296
VUPEN
CONFIRM
SECTRACK
SECTRACK
BID
BUGTRAQ
SECUNIA
SECUNIA
OSVDB
MLIST
vmware -- esxiThe VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.2010-12-067.2CVE-2010-4297
VUPEN
CONFIRM
SECTRACK
SECTRACK
BID
BUGTRAQ
SECUNIA
SECUNIA
OSVDB
MLIST

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
alexej_kryukov -- fontforgeStack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.2010-12-076.8CVE-2010-4259
CONFIRM
CONFIRM
BID
MLIST
MLIST
alguest -- alguestMultiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters.2010-12-064.3CVE-2010-4407
MISC
BID
BUGTRAQ
MISC
anything-digital -- sh404sefCross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-12-064.3CVE-2010-4405
BID
MISC
SECUNIA
MISC
apache -- archivaApache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.2010-12-066.8CVE-2010-4408
BUGTRAQ
MLIST
CONFIRM
apple -- iphone_osRace condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.2010-12-086.2CVE-2010-4012
CONFIRM
brunetton -- littlephpgalleryDirectory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.2010-12-066.8CVE-2010-4406
BID
EXPLOIT-DB
SECUNIA
MISC
OSVDB
bsdperimeter -- pfsenseMultiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182.2010-12-074.3CVE-2010-4246
BID
SECUNIA
FULLDISC
MLIST
MLIST
bsdperimeter -- pfsenseMultiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.2010-12-074.3CVE-2010-4412
FULLDISC
MLIST
MLIST
MLIST
cgi-simple -- cgi-simpleCRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.2010-12-066.8CVE-2010-4410
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
BID
CONFIRM
cgi.pm -- cgi.pmUnspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.2010-12-066.8CVE-2010-4411
MLIST
citrix -- web_interfaceCross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454.2010-12-094.3CVE-2010-4515
VUPEN
BID
CONFIRM
SECUNIA
clam_anti-virus -- clamavUnspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.2010-12-076.8CVE-2010-4479
CONFIRM
CONFIRM
MISC
VUPEN
VUPEN
BID
MANDRIVA
SECUNIA
MLIST
MLIST
MLIST
FEDORA
CONFIRM
clamav -- clamavMultiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."2010-12-074.3CVE-2010-4260
CONFIRM
CONFIRM
CONFIRM
MISC
VUPEN
VUPEN
BID
MANDRIVA
SECUNIA
SECUNIA
MLIST
MLIST
MLIST
FEDORA
CONFIRM
codehaus -- redbackCross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1, allows remote attackers to hijack the authentication of administrators for requests that modify credentials.2010-12-066.8CVE-2010-3449
CONFIRM
CONFIRM
VUPEN
BID
BUGTRAQ
OSVDB
CONFIRM
SECUNIA
MLIST
CONFIRM
CONFIRM
dotnetnuke -- dotnetnukeCross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.2010-12-094.3CVE-2010-4514
SECTRACK
BID
MISC
SECUNIA
MISC
dynpg -- dynpg_cmsDirectory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.2010-12-064.3CVE-2010-4399
CONFIRM
BID
MISC
EXPLOIT-DB
SECUNIA
MISC
OSVDB
dynpg -- dynpg_cmslanguages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.2010-12-065.0CVE-2010-4401
CONFIRM
MISC
EXPLOIT-DB
MISC
OSVDB
epson -- lp-s7100_driver_4.1.0The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between may 2010 and 20101125, modifies access permissions for the "C:Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories.2010-12-084.6CVE-2010-3920
CONFIRM
SECUNIA
JVNDB
JVN
fedoraproject -- dracutplymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets insecure permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.2010-12-074.0CVE-2010-4176
CONFIRM
CONFIRM
VUPEN
VUPEN
BID
SECUNIA
SECUNIA
FEDORA
FEDORA
google -- chromeUnspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.2010-12-075.0CVE-2010-4482
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.2010-12-074.3CVE-2010-4483
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.2010-12-075.0CVE-2010-4484
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.2010-12-074.3CVE-2010-4485
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.2010-12-075.0CVE-2010-4488
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.215 does not properly handle WebM video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. NOTE: this vulnerability exists because of a regression.2010-12-074.3CVE-2010-4489
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.2010-12-074.3CVE-2010-4491
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.2010-12-074.3CVE-2010-4493
CONFIRM
CONFIRM
harmistechnology -- com_jeautoSQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.2010-12-096.8CVE-2010-4517
EXPLOIT-DB
hp -- hp-uxHP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.2010-12-086.8CVE-2010-4108
VUPEN
BID
SECUNIA
HP
HP
hp -- palm_webosCross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.2010-12-084.3CVE-2010-4109
VUPEN
HP
HP
ibm -- websphere_commerceIBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."2010-12-065.0CVE-2010-2639
XF
AIXAPAR
CONFIRM
injader -- injaderMultiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters.2010-12-086.8CVE-2010-4505
MISC
SECUNIA
intelliants -- esyndicatMultiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php.2010-12-084.3CVE-2010-4504
BID
SECUNIA
MISC
OSVDB
OSVDB
io-socket-ssl -- io-socket-sslIO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.2010-12-086.8CVE-2010-4501
CONFIRM
BID
SECUNIA
OSVDB
CONFIRM
isc -- bindnamed in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.2010-12-064.0CVE-2010-3613
CERT-VN
VUPEN
VUPEN
VUPEN
VUPEN
VUPEN
UBUNTU
BID
OSVDB
CONFIRM
CONFIRM
SECTRACK
SECUNIA
SECUNIA
SECUNIA
FEDORA
isc -- bindnamed in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.2010-12-066.4CVE-2010-3614
CERT-VN
VUPEN
VUPEN
VUPEN
VUPEN
VUPEN
UBUNTU
BID
OSVDB
CONFIRM
CONFIRM
SECTRACK
SECUNIA
SECUNIA
SECUNIA
FEDORA
isc -- bindnamed in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.2010-12-065.0CVE-2010-3615
CERT-VN
VUPEN
BID
CONFIRM
CONFIRM
SECTRACK
SECUNIA
OSVDB
jxtended -- jxtended_commentsMultiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-12-094.3CVE-2010-4516
BID
SECUNIA
CONFIRM
linux -- kernelThe io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag.2010-12-064.9CVE-2010-3066
CONFIRM
CONFIRM
CONFIRM
SECTRACK
mrcgiguy -- freeticketMultiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-12-086.8CVE-2010-4500
BID
SECUNIA
nordugrid -- nordugrid-arcUntrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information.2010-12-086.9CVE-2010-3372
CONFIRM
SECUNIA
openssl -- opensslOpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.2010-12-064.3CVE-2010-4180
CONFIRM
CONFIRM
CONFIRM
VUPEN
VUPEN
VUPEN
SECTRACK
BID
MANDRIVA
UBUNTU
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
OSVDB
openssl -- opensslOpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.2010-12-064.3CVE-2008-7270
CONFIRM
UBUNTU
SECUNIA
CONFIRM
php -- phpInteger overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.2010-12-065.0CVE-2010-4409
CERT-VN
CONFIRM
CONFIRM
php -- phpDouble free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.2010-12-075.0CVE-2010-4150
CONFIRM
CONFIRM
XF
VUPEN
SECTRACK
BID
MANDRIVA
phpmyadmin -- phpmyadminerror.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".2010-12-084.3CVE-2010-4480
VUPEN
EXPLOIT-DB
pulsecms -- pulse_cmsDirectory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.2010-12-076.8CVE-2010-4330
VUPEN
MISC
BID
BUGTRAQ
EXPLOIT-DB
SECUNIA
MISC
OSVDB
redhat -- spice-activexRace condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.2010-12-086.8CVE-2010-2793
REDHAT
CONFIRM
BID
SECTRACK
redhat -- icedteaIcedTea before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.2010-12-085.0CVE-2010-3860
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
SECUNIA
SECUNIA
FEDORA
sixapart -- movabletypeCross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-12-094.3CVE-2010-3921
CONFIRM
SECUNIA
JVNDB
JVN
vmware -- fusionRace condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.2010-12-066.9CVE-2010-4295
VUPEN
CONFIRM
SECTRACK
SECTRACK
BID
BUGTRAQ
SECUNIA
SECUNIA
OSVDB
MLIST
wobeo -- wp-safe-searchCross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.2010-12-094.3CVE-2010-4518
BID
MISC
SECUNIA
wordpress -- register_plus_pluginMultiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.2010-12-064.3CVE-2010-4402
BID
BUGTRAQ
MISC
SECUNIA
MISC
OSVDB
wordpress -- register_plus_pluginThe Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.2010-12-065.0CVE-2010-4403
BUGTRAQ
MISC
MISC
wordpress -- wordpressSQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.2010-12-076.0CVE-2010-4257
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
SECUNIA
CONFIRM
zimplit -- zimplit_cmsMultiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.2010-12-094.3CVE-2010-4513
BID
BUGTRAQ
MISC
MISC
SECUNIA
MISC
BUGTRAQ

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apple -- quicktimeApple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.2010-12-092.1CVE-2010-0530
APPLE
CONFIRM
cgi-simple -- cgi-simpleThe multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.2010-12-062.6CVE-2010-2761
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MISC
OSVDB
OSVDB
MLIST
CONFIRM
citrix -- xenThe backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.2010-12-082.7CVE-2010-3699
CONFIRM
SECTRACK
SECUNIA
systemtap -- systemtapThe staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).2010-12-072.1CVE-2010-4171
CONFIRM
CONFIRM
XF
SECTRACK
BID
REDHAT
MLIST
SECUNIA
SECUNIA
SECUNIA
FEDORA
FEDORA
FEDORA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.