Weekly Vulnerabilities Reports > January 25 to 31, 2010
Overview
46 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 47 products from 27 vendors including Apple, Microsoft, Realnetworks, SUN, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "SQL Injection", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".
- 43 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 41 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-01-28 | CVE-2010-0140 | Cisco | Multiple vulnerability in Cisco Unified MeetingPlace Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661. | 10.0 |
2010-01-28 | CVE-2003-1576 | SUN | Buffer Errors vulnerability in SUN Change Manager 1.0 Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2010-01-25 | CVE-2009-4257 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths. | 9.3 |
2010-01-25 | CVE-2009-4248 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. | 9.3 |
2010-01-25 | CVE-2009-4247 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow." Specific affected release information can be found from RealNetworks at: http://service.real.com/realplayer/security/01192010_player/en/ | 9.3 |
2010-01-25 | CVE-2009-4246 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values. | 9.3 |
2010-01-25 | CVE-2009-4245 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp. | 9.3 |
2010-01-25 | CVE-2009-4244 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation. | 9.3 |
2010-01-25 | CVE-2009-4243 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." Specific affected release information can be found from RealNetworks at: http://service.real.com/realplayer/security/01192010_player/en/ | 9.3 |
2010-01-25 | CVE-2009-4242 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation. | 9.3 |
2010-01-25 | CVE-2009-4241 | Realnetworks Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption. | 9.3 |
2010-01-28 | CVE-2010-0139 | Cisco | SQL Injection vulnerability in Cisco Unified Meetingplace Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691. | 9.0 |
12 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-01-28 | CVE-2010-0142 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Meetingplace MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530. | 8.5 |
2010-01-29 | CVE-2010-0005 | Viewvc | Permissions, Privileges, and Access Controls vulnerability in Viewvc query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. | 7.5 |
2010-01-28 | CVE-2010-0459 | Yoflash Joomla | SQL Injection vulnerability in Yoflash COM Mochigames 0.51 SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
2010-01-28 | CVE-2010-0458 | Netartmedia | SQL Injection vulnerability in Netartmedia Blog System 1.5 Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php. | 7.5 |
2010-01-28 | CVE-2010-0457 | A3Malnet | SQL Injection vulnerability in A3Malnet Magic-Portal 2.1 SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-01-28 | CVE-2010-0456 | Indianpulses Joomla | SQL Injection vulnerability in Indianpulses COM Gameserver 1.2 SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php. | 7.5 |
2010-01-28 | CVE-2010-0454 | Fabricadigital | SQL Injection vulnerability in Fabricadigital Publique! 2.3 SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
2010-01-28 | CVE-2005-4885 | SUN | Remote Security vulnerability in StorEdge 6130 Array Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors. | 7.5 |
2010-01-27 | CVE-2009-4272 | Linux Redhat | Improper Locking vulnerability in multiple products A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. | 7.5 |
2010-01-26 | CVE-2010-0391 | Embarcadero | Buffer Errors vulnerability in Embarcadero Interbase SMP 2009 9.0.3.437 Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. | 7.5 |
2010-01-25 | CVE-2010-0388 | SUN | USE of Externally-Controlled Format String vulnerability in SUN Java System web Server 7.0 Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. | 7.5 |
2010-01-25 | CVE-2010-0387 | SUN | Buffer Errors vulnerability in SUN Java System web Server 7.0 Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. | 7.5 |
20 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-01-29 | CVE-2009-2624 | GNU | Improper Input Validation vulnerability in GNU Gzip The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. | 6.8 |
2010-01-26 | CVE-2010-0390 | Phpf1 | Unspecified vulnerability in PHPf1 Max'S Image Uploader 1.0 Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. | 6.8 |
2010-01-25 | CVE-2005-4884 | Oracle | Remote Security vulnerability in Oracle Database Server 10.1.0.4 Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02. | 6.8 |
2010-01-28 | CVE-2010-0462 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 9.1/9.5/9.7 Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. | 6.5 |
2010-01-28 | CVE-2010-0461 | Joomla | SQL Injection vulnerability in Joomla COM Casino 1.0 SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php. | 6.5 |
2010-01-28 | CVE-2010-0141 | Cisco | Credentials Management vulnerability in Cisco Unified Meetingplace 6.0/6.0.170.0/6.0.244 MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935. | 6.4 |
2010-01-29 | CVE-2010-0464 | Roundcube | Information Exposure vulnerability in Roundcube Webmail Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | 5.0 |
2010-01-29 | CVE-2010-0463 | Horde | Information Exposure vulnerability in Horde IMP Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | 5.0 |
2010-01-29 | CVE-2009-4630 | Mozilla | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. | 5.0 |
2010-01-29 | CVE-2009-4629 | Mozilla | Information Exposure vulnerability in Mozilla Seamonkey and Thunderbird Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird. | 5.0 |
2010-01-25 | CVE-2010-0389 | SUN | Unspecified vulnerability in SUN Java System web Server 7.0 The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token. | 5.0 |
2010-01-25 | CVE-2010-0385 | TOR | Information Exposure vulnerability in TOR Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query. | 5.0 |
2010-01-25 | CVE-2010-0383 | TOR | Information Exposure vulnerability in TOR Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. | 5.0 |
2010-01-28 | CVE-2009-4183 | HP | Remote Unauthorized Access vulnerability in HP OpenView Storage Data Protector 6.00/6.10 Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to obtain unspecified "access" via unknown vectors. | 4.6 |
2010-01-28 | CVE-2003-1575 | Symantec SUN | Permissions, Privileges, and Access Controls vulnerability in Symantec Vxfs 3.3.3/3.4/3.5 VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | 4.6 |
2010-01-28 | CVE-2010-0455 | Punbb | Cross-Site Scripting vulnerability in Punbb 1.3 Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter. | 4.3 |
2010-01-28 | CVE-2004-2766 | SUN Redhat | Information Exposure vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | 4.3 |
2010-01-28 | CVE-2004-2765 | SUN Redhat | Cross-Site Scripting vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | 4.3 |
2010-01-25 | CVE-2010-0386 | SUN | Configuration vulnerability in SUN Java System Application Server 7.0 The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | 4.3 |
2010-01-25 | CVE-2008-7253 | IBM | Configuration vulnerability in IBM Lotus Domino Server The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-01-28 | CVE-2010-0460 | Kayako | Cross-Site Scripting vulnerability in Kayako Esupport and Supportsuite Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. | 3.5 |
2010-01-25 | CVE-2010-0384 | TOR | Information Exposure vulnerability in TOR Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files. | 2.1 |