Weekly Vulnerabilities Reports > August 31 to September 6, 2009

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Opera, and ITD INC. Vulnerabilities are notably categorized as "Improper Certificate Validation", and "Cross-Site Request Forgery (CSRF)".

  • 2 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Opera has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-02 CVE-2009-3046 Opera Improper Certificate Validation vulnerability in Opera Browser

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-31 CVE-2009-3022 ITD INC Cross-Site Request Forgery (CSRF) vulnerability in Itd-Inc Bingo!Cms 1.0/1.1/1.2

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

6.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS