Vulnerability Summary for the Week of January 10, 2011

Released
Jan 17, 2011
Document ID
SB11-017

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aimluck -- aipoSQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2011-01-137.5CVE-2010-3924
BID
SECUNIA
JVNDB
JVN
CONFIRM
ca -- arcserve_replication_and_high_availabilityBuffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.2011-01-077.5CVE-2010-3984
CONFIRM
MISC
SECTRACK
BID
BUGTRAQ
SECUNIA
cisco -- adaptive_security_appliance_softwareThe Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526.2011-01-077.8CVE-2010-4670
MISC
CONFIRM
MISC
MISC
MISC
cisco -- iosThe Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.2011-01-077.8CVE-2010-4671
MISC
CONFIRM
MISC
MISC
MISC
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269.2011-01-077.8CVE-2010-4672
CONFIRM
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316.2011-01-077.8CVE-2010-4673
CONFIRM
cisco -- adaptive_security_appliance_softwareUnspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992.2011-01-077.8CVE-2010-4674
CONFIRM
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504.2011-01-079.0CVE-2010-4675
CONFIRM
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769.2011-01-077.5CVE-2010-4678
CONFIRM
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816.2011-01-077.8CVE-2010-4679
CONFIRM
cisco -- adaptive_security_appliance_softwareThe WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.2011-01-079.0CVE-2010-4680
CONFIRM
cisco -- adaptive_security_appliance_softwareUnspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901.2011-01-077.5CVE-2010-4681
CONFIRM
cisco -- adaptive_security_appliance_softwareMemory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867.2011-01-077.8CVE-2010-4682
CONFIRM
cisco -- iosCisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336.2011-01-077.8CVE-2009-5038
CONFIRM
cisco -- iosMemory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535.2011-01-077.8CVE-2009-5039
CONFIRM
cisco -- iosMemory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.2011-01-077.8CVE-2010-4683
CONFIRM
cisco -- iosCisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.2011-01-077.1CVE-2010-4684
CONFIRM
cisco -- iosCallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.2011-01-077.8CVE-2010-4686
CONFIRM
cisco -- adaptive_security_appliance_softwareUnspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030.2011-01-077.8CVE-2010-4688
CONFIRM
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460.2011-01-077.8CVE-2010-4689
CONFIRM
cisco -- adaptive_security_appliance_softwareUnspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742.2011-01-077.8CVE-2010-4691
CONFIRM
cisco -- adaptive_security_appliance_softwareUnspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592.2011-01-077.8CVE-2010-4692
CONFIRM
freetype -- freetypeInteger overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.2011-01-079.3CVE-2010-3311
REDHAT
REDHAT
CONFIRM
UBUNTU
BID
REDHAT
DEBIAN
SUSE
fribidi -- gnu_fribidiBuffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.2011-01-107.5CVE-2010-3444
MISC
CONFIRM
VUPEN
BID
SECUNIA
FEDORA
FEDORA
gnu -- glibcld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.2011-01-077.2CVE-2010-3856
CONFIRM
MLIST
REDHAT
VUPEN
CONFIRM
UBUNTU
BID
BUGTRAQ
REDHAT
DEBIAN
CONFIRM
GENTOO
SECUNIA
FULLDISC
gnu -- gimpStack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.2011-01-079.3CVE-2010-4541
CONFIRM
VUPEN
MLIST
MLIST
MISC
gnu -- gimpHeap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.2011-01-077.5CVE-2010-4543
CONFIRM
VUPEN
OSVDB
MLIST
MLIST
MISC
google -- chromeThe node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2011-01-1410.0CVE-2011-0471
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.2011-01-149.3CVE-2011-0472
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."2011-01-1410.0CVE-2011-0473
CONFIRM
CONFIRM
hp -- openview_network_node_managerUnspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.2011-01-1310.0CVE-2011-0261
MISC
HP
HP
hp -- openview_network_node_managerBuffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.2011-01-1310.0CVE-2011-0262
MISC
HP
HP
hp -- openview_network_node_managerMultiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.2011-01-1310.0CVE-2011-0263
MISC
HP
HP
hp -- openview_network_node_managerStack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.2011-01-1310.0CVE-2011-0264
MISC
HP
HP
hp -- openview_network_node_managerBuffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.2011-01-1310.0CVE-2011-0265
MISC
HP
HP
hp -- openview_network_node_managerBuffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.2011-01-1310.0CVE-2011-0266
MISC
HP
HP
hp -- openview_network_node_managerMultiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.2011-01-1310.0CVE-2011-0267
MISC
HP
HP
hp -- openview_network_node_managerBuffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.2011-01-1310.0CVE-2011-0268
MISC
HP
HP
hp -- openview_network_node_managerBuffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.2011-01-1310.0CVE-2011-0269
MISC
HP
HP
hp -- openview_network_node_managerFormat string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.2011-01-1310.0CVE-2011-0270
MISC
HP
HP
hp -- openview_network_node_managerThe CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."2011-01-1310.0CVE-2011-0271
HP
HP
IDEFENSE
imgburn -- imgburnUntrusted search path vulnerability in ImgBurn.exe in [VENDOR] ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.2011-01-109.3CVE-2011-0403
XF
BID
SECUNIA
MISC
OSVDB
linux -- linux_kernelInteger overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.2011-01-107.2CVE-2010-3865
XF
MLIST
MLIST
BID
REDHAT
MLIST
MLIST
SUSE
SUSE
SUSE
linux -- kernelRace condition in the Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.2011-01-107.1CVE-2010-4526
CONFIRM
MLIST
MLIST
CONFIRM
microsoft -- windows_2003_serverThe Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.2011-01-077.8CVE-2010-4669
MISC
MISC
MISC
MISC
microsoft -- ieUse-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.2011-01-0710.0CVE-2011-0346
CERT-VN
XF
VUPEN
BID
BUGTRAQ
MISC
MISC
MISC
MISC
FULLDISC
microsoft -- ieMicrosoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.2011-01-079.3CVE-2011-0347
BUGTRAQ
MISC
MISC
MISC
MISC
FULLDISC
microsoft -- data_access_componentsInteger signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."2011-01-119.3CVE-2011-0026
MS
microsoft -- data_access_componentsMicrosoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.2011-01-119.3CVE-2011-0027
MS
netsupport -- netsupport_manager_agentStack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.2011-01-107.5CVE-2011-0404
XF
VUPEN
SECTRACK
BID
MISC
EXPLOIT-DB
SECUNIA
FULLDISC
novell -- suse_linuxThe supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.2011-01-1210.0CVE-2010-3912
SUSE
opensc-project -- openscMultiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.2011-01-077.2CVE-2010-4523
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
MLIST
MISC
CONFIRM
VUPEN
SECUNIA
SECUNIA
FEDORA
FEDORA
phenotype-cms -- phenotype_cmsSQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.2011-01-107.5CVE-2011-0407
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
polyvision -- roomwizard_firmwareThe PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214.2011-01-117.5CVE-2011-0423
CERT-VN
XF
VUPEN
BID
FULLDISC
MISC
redhat -- evinceArray index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.2011-01-077.6CVE-2010-2640
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
SECTRACK
BID
REDHAT
SECUNIA
SECUNIA
SECUNIA
FEDORA
redhat -- evinceArray index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.2011-01-077.6CVE-2010-2641
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
SECTRACK
BID
REDHAT
SECUNIA
SECUNIA
SECUNIA
FEDORA
redhat -- evinceHeap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.2011-01-077.6CVE-2010-2642
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
SECTRACK
BID
REDHAT
SECUNIA
SECUNIA
SECUNIA
FEDORA
redhat -- evinceInteger overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.2011-01-077.6CVE-2010-2643
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
SECTRACK
BID
REDHAT
SECUNIA
SECUNIA
SECUNIA
FEDORA
rim -- blackberry_enterprise_serverMultiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.2011-01-129.3CVE-2010-2604
VUPEN
BID
CONFIRM
SECUNIA
tibco -- activecatalogMultiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2011-01-077.5CVE-2010-4496
XF
VUPEN
CONFIRM
CONFIRM
SECTRACK
BID
SECUNIA
tibco -- activecatalogUnspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.2011-01-077.5CVE-2010-4498
XF
VUPEN
CONFIRM
CONFIRM
SECTRACK
BID
SECUNIA
wellintek -- kingviewHeap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.2011-01-1010.0CVE-2011-0406
XF
VUPEN
BID
EXPLOIT-DB
SECUNIA
wireshark -- wiresharkBuffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.2011-01-079.3CVE-2010-4538
CONFIRM
VUPEN
REDHAT
SECUNIA
OSVDB
MLIST
MLIST
wireshark -- wiresharkBuffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.2011-01-1210.0CVE-2011-0444
CONFIRM
MISC
CONFIRM
CONFIRM
VUPEN

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
a51dev -- activecollabActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.2011-01-076.0CVE-2010-0215
CERT-VN
CONFIRM
apache -- subversionThe walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.2011-01-076.8CVE-2010-4539
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
XF
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
MLIST
MLIST
MLIST
apple -- mac_os_xFormat string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.2011-01-106.8CVE-2010-4013
CONFIRM
APPLE
SECUNIA
catb -- gif2pngStack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.2011-01-146.8CVE-2009-5018
CONFIRM
MLIST
MLIST
FULLDISC
FEDORA
CONFIRM
CONFIRM
VUPEN
VUPEN
GENTOO
SECUNIA
MLIST
MLIST
CONFIRM
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911.2011-01-075.0CVE-2009-5037
MISC
MISC
CONFIRM
cisco -- adaptive_security_appliance_softwareUnspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748.2011-01-076.8CVE-2010-4676
CONFIRM
cisco -- adaptive_security_appliance_softwareemWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416.2011-01-075.0CVE-2010-4677
CONFIRM
cisco -- iosCallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.2011-01-076.8CVE-2009-5040
CONFIRM
cisco -- iosCisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031.2011-01-074.0CVE-2010-4685
CONFIRM
cisco -- iosSTCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.2011-01-075.0CVE-2010-4687
CONFIRM
cisco -- adaptive_security_appliance_softwareThe Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.2011-01-075.0CVE-2010-4690
CONFIRM
citrix -- xenThe do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.2011-01-105.5CVE-2010-4247
CONFIRM
MISC
MISC
MLIST
MLIST
BID
REDHAT
SECUNIA
coppermine-gallery -- coppermine_photo_galleryMultiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.2011-01-104.3CVE-2010-4693
XF
MISC
BID
BUGTRAQ
OSVDB
OSVDB
SECUNIA
crawltrack -- crawltrackUnspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors.2011-01-136.8CVE-2010-4537
CONFIRM
MLIST
MLIST
debian -- dpkgDirectory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.2011-01-106.8CVE-2010-1679
VUPEN
VUPEN
UBUNTU
DEBIAN
SECUNIA
SECUNIA
debian -- dpkgdpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.2011-01-106.8CVE-2011-0402
VUPEN
VUPEN
UBUNTU
DEBIAN
SECUNIA
SECUNIA
djangoproject -- djangoThe administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.2011-01-104.0CVE-2010-4534
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
SECUNIA
MISC
MISC
FULLDISC
djangoproject -- djangoThe password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.2011-01-105.0CVE-2010-4535
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
SECUNIA
eclipse -- eclipse_ideMultiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.2011-01-134.3CVE-2008-7271
MISC
MISC
eclipse -- eclipse_ideMultiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.2011-01-134.3CVE-2010-4647
MISC
MLIST
MLIST
gnu -- glibcelf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.2011-01-076.9CVE-2010-3847
CERT-VN
CONFIRM
MLIST
REDHAT
VUPEN
CONFIRM
UBUNTU
BUGTRAQ
REDHAT
DEBIAN
CONFIRM
GENTOO
SECUNIA
FULLDISC
FULLDISC
FULLDISC
gnu -- gimpStack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.2011-01-076.8CVE-2010-4540
CONFIRM
VUPEN
MLIST
MLIST
MISC
gnu -- gimpStack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.2011-01-076.8CVE-2010-4542
CONFIRM
VUPEN
MLIST
MLIST
MISC
gnu -- glibcThe regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."2011-01-135.0CVE-2010-4051
CERT-VN
MISC
MISC
BID
BUGTRAQ
SECTRACK
SREASON
SREASONRES
SECUNIA
FULLDISC
gnu -- glibcStack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.2011-01-135.0CVE-2010-4052
CERT-VN
MISC
MISC
BID
BUGTRAQ
SECTRACK
SREASON
SREASONRES
SECUNIA
FULLDISC
google -- chromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.2011-01-145.0CVE-2011-0470
CONFIRM
CONFIRM
ibm -- websphere_mqHeap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.2011-01-116.5CVE-2011-0314
XF
AIXAPAR
ibm -- websphere_application_serverCross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application.2011-01-114.3CVE-2011-0315
XF
CONFIRM
AIXAPAR
ibm -- websphere_application_serverThe Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.2011-01-115.0CVE-2011-0316
XF
CONFIRM
AIXAPAR
ibm -- websphere_mqBuffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.2011-01-136.8CVE-2011-0310
XF
AIXAPAR
io-socket-ssl -- io-socket-sslIO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.2011-01-134.0CVE-2010-4334
CONFIRM
BID
SECUNIA
OSVDB
CONFIRM
joomla -- com_searchCross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.2011-01-104.3CVE-2011-0005
MISC
XF
BID
BUGTRAQ
BUGTRAQ
MISC
linux -- kernelMultiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.2011-01-076.9CVE-2010-4160
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
SUSE
linux -- kernelInteger overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865.2011-01-104.9CVE-2010-4175
MLIST
MLIST
MLIST
SUSE
SUSE
linux -- kernelThe hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.2011-01-104.0CVE-2010-4242
CONFIRM
MISC
CONFIRM
MLIST
REDHAT
linux -- kernelThe load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.2011-01-136.9CVE-2010-4527
CONFIRM
MLIST
CONFIRM
MISC
BID
CONFIRM
MLIST
mediawiki -- mediawikiMediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.2011-01-105.8CVE-2011-0003
MLIST
CONFIRM
XF
VUPEN
OSVDB
MLIST
MLIST
SECUNIA
mono -- monoUnspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."2011-01-105.0CVE-2010-4225
XF
VUPEN
BID
CONFIRM
SECUNIA
OSVDB
mysql -- mysqlstorage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.2011-01-114.0CVE-2010-3676
CONFIRM
MLIST
CONFIRM
CONFIRM
mysql -- mysqlMySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.2011-01-114.0CVE-2010-3677
CONFIRM
MLIST
SUSE
CONFIRM
CONFIRM
MISC
mysql -- mysqlMySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.2011-01-114.0CVE-2010-3678
CONFIRM
MLIST
CONFIRM
SUSE
CONFIRM
mysql -- mysqlMySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.2011-01-114.0CVE-2010-3679
CONFIRM
MLIST
CONFIRM
CONFIRM
mysql -- mysqlMySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure.2011-01-114.0CVE-2010-3680
CONFIRM
MLIST
CONFIRM
CONFIRM
mysql -- mysqlMySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.2011-01-114.0CVE-2010-3681
CONFIRM
MLIST
CONFIRM
SUSE
SUSE
CONFIRM
CONFIRM
mysql -- mysqlMySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.2011-01-114.0CVE-2010-3682
CONFIRM
MLIST
CONFIRM
SUSE
CONFIRM
CONFIRM
mysql -- mysqlMySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.2011-01-114.0CVE-2010-3683
CONFIRM
MLIST
CONFIRM
SUSE
SUSE
CONFIRM
CONFIRM
netwin -- surgemailCross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.2011-01-074.3CVE-2010-3201
BID
BUGTRAQ
SECUNIA
MISC
novell -- identity_managerCross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2011-01-074.3CVE-2010-4324
CONFIRM
XF
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
OSVDB
php -- phpstrtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers.2011-01-105.0CVE-2010-4645
MLIST
MISC
XF
VUPEN
BID
MLIST
MLIST
MISC
CONFIRM
phpgedview -- phpgedviewDirectory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.2011-01-106.8CVE-2011-0405
CONFIRM
VUPEN
EXPLOIT-DB
CONFIRM
SECUNIA
OSVDB
pidgin -- libpurpledirectconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.2011-01-074.0CVE-2010-4528
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
VUPEN
BID
SECUNIA
SECUNIA
SUSE
FEDORA
piwik -- piwikMultiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2011-01-104.3CVE-2011-0004
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
SECUNIA
piwik -- piwikThe Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.2011-01-106.4CVE-2011-0398
CONFIRM
CONFIRM
piwik -- piwikPiwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.2011-01-104.3CVE-2011-0399
CONFIRM
CONFIRM
piwik -- piwikCookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2011-01-105.0CVE-2011-0400
CONFIRM
CONFIRM
piwik -- piwikPiwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions.2011-01-105.0CVE-2011-0401
CONFIRM
CONFIRM
CONFIRM
polyvision -- roomwizard_firmwareThe administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI.2011-01-115.0CVE-2010-0214
CERT-VN
XF
VUPEN
BID
FULLDISC
MISC
rim -- blackberry_softwareUnspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.2011-01-124.3CVE-2010-2599
VUPEN
BID
CONFIRM
tibco -- activecatalogCross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2011-01-074.3CVE-2010-4497
XF
VUPEN
CONFIRM
CONFIRM
SECTRACK
BID
SECUNIA
tibco -- activecatalogSession fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors.2011-01-074.3CVE-2010-4499
XF
VUPEN
CONFIRM
CONFIRM
SECTRACK
BID
SECUNIA
tinybb -- tinybbSQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.2011-01-126.8CVE-2011-0443
XF
SECTRACK
BID
EXPLOIT-DB
CONFIRM
SECUNIA
wb-i -- sgx-sp_finalMultiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2011-01-114.3CVE-2010-3926
BID
CONFIRM
SECUNIA
JVNDB
JVN
wb-i -- contents-mallContents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors.2011-01-135.8CVE-2010-3925
MISC
JVNDB
JVN
wireshark -- wiresharkThe ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.2011-01-125.0CVE-2011-0445
CONFIRM
CONFIRM
VUPEN

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- subversionMultiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.2011-01-073.5CVE-2010-4644
XF
VUPEN
SECTRACK
BID
MLIST
CONFIRM
CONFIRM
SECUNIA
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
linux -- kernelLinux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.2011-01-101.9CVE-2010-4525
MISC
XF
BID
MLIST
MLIST
MLIST
linux -- kernelInteger underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.2011-01-132.1CVE-2010-4529
MLIST
MLIST
CONFIRM
CONFIRM
SECUNIA
MLIST
novell -- vibe_onpremCross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.2011-01-073.5CVE-2010-4322
MISC
BUGTRAQ
troglobit -- pimdpimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.2011-01-103.3CVE-2011-0007
MLIST
XF
BID
OSVDB
MLIST
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.