Weekly Vulnerabilities Reports > February 22 to 28, 2010

Overview

103 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 72 vendors including Joomla, Microsoft, Mozilla, Moinmo, and Wikyblog. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 92 reported vulnerabilities are remotely exploitables.
  • 35 reported vulnerabilities have public exploit available.
  • 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 93 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-26 CVE-2010-0689 Datev Remote Command Execution vulnerability in DateV 'DVBSExeCall.ocx' ActiveX Control

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.

10.0
2010-02-22 CVE-2010-0160 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10.0
2010-02-22 CVE-2010-0159 Mozilla
Debian
Canonical
Remote Memory Corruption vulnerability in Mozilla Firefox

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

10.0
2010-02-22 CVE-2009-1571 Mozilla Code Injection vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

10.0
2010-02-25 CVE-2010-0620 EMC Path Traversal vulnerability in EMC Homebase Server 6.2/6.3

Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a ..

9.3
2010-02-23 CVE-2010-0189 NOS Microsystems
Adobe
Improper Input Validation vulnerability in multiple products

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

9.3
2010-02-23 CVE-2010-0107 Symantec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

9.3
2010-02-22 CVE-2010-0679 Hyleos Buffer Errors vulnerability in Hyleos Chemview 1.9.5.1

Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.

9.3
2010-02-22 CVE-2010-0188 Adobe Code Injection vulnerability in Adobe Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-02-26 CVE-2009-4654 Novell
Microsoft
Buffer Errors vulnerability in Novell Edirectory 8.8

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.

9.0
2010-02-26 CVE-2009-4653 Novell
Microsoft
Buffer Errors vulnerability in Novell Edirectory 8.8

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.

9.0

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-26 CVE-2005-4886 Linux Numeric Errors vulnerability in Linux Kernel

The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function.

7.8
2010-02-23 CVE-2010-0148 Cisco
Linux
Remote Denial of Service vulnerability in Cisco Security Agent 5.2

Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets." Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability (the Windows version is not affected). The Linux version of standalone agents are installed in the following products: * Cisco Unified Communications Manager (CallManager) * IPCC Express * IP Interactive Voice Response (IP IVR) * Cisco Unified Meeting Place * Cisco Personal Assistant (PA) * Cisco Unity Connection Note: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities.

7.8
2010-02-22 CVE-2010-0283 MIT Improper Input Validation vulnerability in MIT Kerberos and Kerberos 5

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

7.8
2010-02-27 CVE-2010-0759 Greatjoomla
Joomla
Path Traversal vulnerability in Greatjoomla Scriptegrator Plugin 1.4.1

Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.

7.5
2010-02-27 CVE-2010-0758 Softbizscripts SQL Injection vulnerability in Softbizscripts Softbiz Jobs and Recruitment Script

SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-02-27 CVE-2010-0755 Wikyblog Code Injection vulnerability in Wikyblog 1.7.3

PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.

7.5
2010-02-27 CVE-2010-0753 Componentslab
Joomla
SQL Injection vulnerability in Componentslab COM Sqlreport 1.1

SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php.

7.5
2010-02-26 CVE-2010-0724 MHD Zaher Ghaibeh SQL Injection vulnerability in MHD Zaher Ghaibeh Arab Cart 1.0.2.0

SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-02-26 CVE-2010-0723 Mhproducts SQL Injection vulnerability in Mhproducts ERO Auktion 2.0/2010

SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-02-26 CVE-2010-0722 Mhproducts SQL Injection vulnerability in Mhproducts PHP Auktion PRO

SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-02-26 CVE-2010-0721 Systemsoftware SQL Injection vulnerability in Systemsoftware Auktionshaus Gelb 3.0

SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-02-26 CVE-2010-0720 Systemsoftware SQL Injection vulnerability in Systemsoftware Erotik Auktionshaus

SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-02-26 CVE-2010-0717 Moinmo Configuration vulnerability in Moinmo Moinmoin

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.

7.5
2010-02-26 CVE-2010-0669 Moinmo Security vulnerability in MoinMoin

MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.

7.5
2010-02-26 CVE-2009-4655 Novell Cryptographic Issues vulnerability in Novell Edirectory 8.8.5

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

7.5
2010-02-25 CVE-2010-0710 Aspcodecms SQL Injection vulnerability in Aspcodecms Aspcode CMS 1.5.8/2.0.0

SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26.

7.5
2010-02-25 CVE-2010-0011 Uzbl Permissions, Privileges, and Access Controls vulnerability in Uzbl

The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.

7.5
2010-02-25 CVE-2010-0412 Systemtap Remote Arbitrary Command Execution vulnerability in Systemtap 1.1

stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.

7.5
2010-02-23 CVE-2010-0702 Fonality SQL Injection vulnerability in Fonality Trixbox 2.2.4

SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2010-02-23 CVE-2010-0701 Newgensoft SQL Injection vulnerability in Newgensoft Omnidocs

SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-02-23 CVE-2010-0698 Dynamicsoft SQL Injection vulnerability in Dynamicsoft WSC CMS 2.2

SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter.

7.5
2010-02-23 CVE-2010-0694 Percha
Joomla
SQL Injection vulnerability in Percha COM Perchagallery

SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.

7.5
2010-02-23 CVE-2010-0693 Commodityrentals SQL Injection vulnerability in Commodityrentals Trade Manager Script

SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2010-02-23 CVE-2010-0692 Iptechinside
Joomla
SQL Injection vulnerability in Iptechinside COM Jquarks 0.2.2/0.2.3

SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2010-02-23 CVE-2010-0691 JTL Software SQL Injection vulnerability in Jtl-Software Jtl-Shop 2

SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter.

7.5
2010-02-23 CVE-2010-0690 Commodityrentals SQL Injection vulnerability in Commodityrentals Video Games Rentals

SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.

7.5
2010-02-22 CVE-2010-0680 Zeuscms Path Traversal vulnerability in Zeuscms 0.2

Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

7.5
2010-02-22 CVE-2010-0677 Katalog Hurricane SQL Injection vulnerability in Katalog.Hurricane Katalog Stron Hurricane 1.3.5

SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.

7.5
2010-02-22 CVE-2009-4650 Onnogroen
Joomla
SQL Injection vulnerability in Onnogroen COM Webeecomment 1.1.1/1.2/2.0

SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php.

7.5
2010-02-22 CVE-2010-0673 Copperleaf
Wordpress
SQL Injection vulnerability in Copperleaf Photolog 0.16

SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.

7.5
2010-02-22 CVE-2010-0672 Webmastersite SQL Injection vulnerability in Webmastersite WSN Guest 1.02

SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.

7.5
2010-02-22 CVE-2010-0671 Michalin SQL Injection vulnerability in Michalin KR Media Pogodny CMS

SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.

7.5
2010-02-25 CVE-2010-0705 Avast
Microsoft
Improper Input Validation vulnerability in Avast Antivirus Home and Avast Antivirus Professional

Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

7.2

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-24 CVE-2010-0426 Todd Miller Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

6.9
2010-02-27 CVE-2010-0760 Greatjoomla
Joomla
Path Traversal vulnerability in Greatjoomla Scriptegrator Plugin 1.4.1

Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759.

6.8
2010-02-26 CVE-2010-0715 IBM Remote Security vulnerability in Websphere Portal

Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.

6.8
2010-02-26 CVE-2010-0668 Moinmo Security vulnerability in MoinMoin

Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.

6.8
2010-02-26 CVE-2010-0713 Zenoss Cross-Site Request Forgery (CSRF) vulnerability in Zenoss

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.

6.8
2010-02-25 CVE-2010-0711 Aspcodecms Cross-Site Request Forgery (CSRF) vulnerability in Aspcodecms Aspcode CMS 1.5.8/2.0.0

Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.

6.8
2010-02-25 CVE-2010-0709 Limny Cross-Site Request Forgery (CSRF) vulnerability in Limny 2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.

6.8
2010-02-25 CVE-2010-0707 Timeclock Software Cross-Site Request Forgery (CSRF) vulnerability in Timeclock-Software Employee Timeclock Software 0.99

Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users.

6.8
2010-02-23 CVE-2010-0146 Cisco Path Traversal vulnerability in Cisco Security Agent 6.0

Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.

6.8
2010-02-22 CVE-2010-0678 Katalog Hurricane Code Injection vulnerability in Katalog.Hurricane Katalog Stron Hurricane 1.3.5

PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.

6.8
2010-02-27 CVE-2010-0757 Wikyblog Remote Input Validation vulnerability in Wikyblog 1.7.3

Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.

6.5
2010-02-26 CVE-2010-0712 Zenoss SQL Injection vulnerability in Zenoss

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.

6.5
2010-02-23 CVE-2010-0147 Cisco SQL Injection vulnerability in Cisco Security Agent 5.1/5.2/6.0

SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2010-02-25 CVE-2010-0683 Tibco Unspecified vulnerability in Tibco Administrator 5.4.0/5.6.0

Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials.

6.0
2010-02-27 CVE-2010-0756 Wikyblog Improper Authentication vulnerability in Wikyblog 1.7.3

Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.

5.8
2010-02-24 CVE-2010-0285 Gnome Unspecified vulnerability in Gnome Screensaver

gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.

5.6
2010-02-22 CVE-2010-0286 Typo3 Security Bypass vulnerability in Typo3 4.3.0

Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication.

5.1
2010-02-27 CVE-2010-0752 Earl Dunovant
Drupal
Permissions, Privileges, and Access Controls vulnerability in Earl Dunovant Week

The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.

5.0
2010-02-26 CVE-2010-0667 Moinmo Information Exposure vulnerability in Moinmo Moinmoin 1.9.0

MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2010-02-25 CVE-2010-0708 SUN Unspecified vulnerability in SUN Java System Directory Server

Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of service (daemon crash) via a crafted LDAP search request.

5.0
2010-02-25 CVE-2003-1590 SUN
Microsoft
Denial Of Service vulnerability in SUN ONE web Server 6.0

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.

5.0
2010-02-25 CVE-2003-1589 SUN
Microsoft
Denial Of Service vulnerability in SUN ONE web Server 4.1/6.0

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.

5.0
2010-02-24 CVE-2010-0423 Pidgin Resource Management Errors vulnerability in Pidgin

gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.

5.0
2010-02-23 CVE-2010-0685 Digium Remote Security vulnerability in Asterisk

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg.

5.0
2010-02-23 CVE-2010-0696 Joomlaworks
Joomla
Path Traversal vulnerability in Joomlaworks JW Allvideos 3.0/3.1/3.2

Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.

5.0
2010-02-22 CVE-2010-0681 Zeuscms Permissions, Privileges, and Access Controls vulnerability in Zeuscms 0.2

ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql.

5.0
2010-02-22 CVE-2010-0676 Weberr
Joomla
Path Traversal vulnerability in Weberr COM Rwcards 3.0.18

Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-02-22 CVE-2010-0674 2Enetworx Permissions, Privileges, and Access Controls vulnerability in 2Enetworx Statcountex 3.1

StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb.

5.0
2010-02-22 CVE-2010-0670 Iptechinside
Joomla
Information Exposure vulnerability in Iptechinside COM Jquarks 0.2.2

Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors.

5.0
2010-02-22 CVE-2009-3988 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

5.0
2010-02-22 CVE-2010-0410 Linux
Debian
Canonical
Resource Management Errors vulnerability in Linux Kernel

drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.

4.9
2010-02-26 CVE-2010-0719 Microsoft Improper Input Validation vulnerability in Microsoft products

An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.

4.7
2010-02-22 CVE-2010-0299 Opensuse Permissions, Privileges, and Access Controls vulnerability in Opensuse 11.2

openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors.

4.6
2010-02-25 CVE-2010-0427 Todd Miller Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

4.4
2010-02-27 CVE-2010-0754 Wikyblog Cross-Site Scripting vulnerability in Wikyblog 1.7.2/1.7.3

Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.

4.3
2010-02-26 CVE-2010-0725 MHD Zaher Ghaibeh Cross-Site Scripting vulnerability in MHD Zaher Ghaibeh Arab Cart 1.0.2.0

Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2010-02-26 CVE-2010-0718 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows Media Player 11.0.5721.5145/9

Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.

4.3
2010-02-26 CVE-2010-0714 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2010-02-25 CVE-2010-0706 Subexworld Cross-Site Scripting vulnerability in Subexworld Nikira Fraud Management System

Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2010-02-25 CVE-2010-0704 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal 6.0.1.5

Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.

4.3
2010-02-24 CVE-2010-0420 Pidgin Improper Input Validation vulnerability in Pidgin

libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.

4.3
2010-02-23 CVE-2010-0703 Portwise Cross-Site Scripting vulnerability in Portwise SSL VPN 4.6

Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.

4.3
2010-02-23 CVE-2010-0700 Wampserver Cross-Site Scripting vulnerability in Wampserver 2.0I

Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2010-02-23 CVE-2010-0699 Videosearchscript Cross-Site Scripting vulnerability in Videosearchscript PRO 3.5

Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2010-02-23 CVE-2009-3036 Symantec Cross-Site Scripting vulnerability in Symantec IM Manager 8.3/8.4

Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-02-23 CVE-2010-0695 Basic CMS Cross-Site Scripting vulnerability in Basic-Cms

Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.

4.3
2010-02-22 CVE-2009-4651 Onnogroen
Joomla
Cross-Site Scripting vulnerability in Onnogroen COM Webeecomment 1.1.1/1.2/2.0

Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.

4.3
2010-02-22 CVE-2010-0675 Bgsvetionik Cross-Site Scripting vulnerability in Bgsvetionik BGS CMS 2.2.1

Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action.

4.3
2010-02-22 CVE-2009-4649 Geccbblite Cross-Site Scripting vulnerability in Geccbblite 0.1

Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php.

4.3
2010-02-22 CVE-2010-0162 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.

4.3
2010-02-24 CVE-2010-0422 Gnome Unspecified vulnerability in Gnome Screensaver 2.28.0/2.28.1/2.28.2

gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

4.0
2010-02-23 CVE-2010-0682 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress 2.9/2.9.1

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-26 CVE-2010-0716 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Server 2007

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026.

3.5
2010-02-23 CVE-2010-0697 Ilya Ivanchenko
Drupal
Cross-Site Scripting vulnerability in Ilya Ivanchenko Itweak Upload

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.

3.5
2010-02-25 CVE-2010-0424 Fedorahosted
Paul Vixie
Link Following vulnerability in multiple products

The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.

3.3
2010-02-25 CVE-2010-0118 Becauseinter Link Following vulnerability in Becauseinter Bournal

Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.

3.3
2010-02-26 CVE-2009-4652 Ngircd Denial Of Service vulnerability in ngIRCd SSL/TLS Support MOTD Request

The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.

2.6
2010-02-24 CVE-2010-0640 CA Cross-Site Scripting vulnerability in CA Ehealth Performance Manager 6.0/6.1/6.2

Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.

2.6
2010-02-25 CVE-2010-0119 Becauseinter
Freebsd
Information Exposure vulnerability in Becauseinter Bournal

Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing."

2.1