Weekly Vulnerabilities Reports > March 8 to 14, 2010
Overview
59 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 54 products from 42 vendors including Microsoft, Joomla, Radscripts, IBM, and Resalecode. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Code Injection", and "Permissions, Privileges, and Access Controls".
- 54 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 58 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-03-10 | CVE-2010-0447 | HP | Improper Authentication vulnerability in HP Openview Performance Insight The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. | 10.0 |
| 2010-03-10 | CVE-2010-0418 | Chumby | OS Command Injection vulnerability in Chumby Classic and Chumby ONE The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | 10.0 |
| 2010-03-10 | CVE-2010-0264 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." | 9.3 |
| 2010-03-10 | CVE-2010-0263 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability." | 9.3 |
| 2010-03-10 | CVE-2010-0262 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." | 9.3 |
| 2010-03-10 | CVE-2010-0261 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." | 9.3 |
| 2010-03-10 | CVE-2010-0260 | Microsoft | Code Injection vulnerability in Microsoft products Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability." | 9.3 |
| 2010-03-10 | CVE-2010-0257 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." | 9.3 |
| 2010-03-10 | CVE-2010-0103 | Energizer | Code Injection vulnerability in Energizer DUO USB UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. | 9.3 |
19 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-03-10 | CVE-2010-0728 | Samba | Permissions, Privileges, and Access Controls vulnerability in Samba 3.3.11/3.4.6/3.5.0 smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. | 8.5 |
| 2010-03-10 | CVE-2010-0258 | Microsoft | Type Confusion vulnerability in Microsoft products Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." | 7.8 |
| 2010-03-10 | CVE-2009-4696 | Radscripts | SQL Injection vulnerability in Radscripts Radnics 5 SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | 7.5 |
| 2010-03-10 | CVE-2009-4695 | Radscripts | SQL Injection vulnerability in Radscripts Radlance 7.5 SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | 7.5 |
| 2010-03-10 | CVE-2009-4693 | Grafxsoftware | Code Injection vulnerability in Grafxsoftware Minicwb 2.3.0 Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/. | 7.5 |
| 2010-03-10 | CVE-2009-4691 | Resalecode | SQL Injection vulnerability in Resalecode Classified Linktrader Script SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter. | 7.5 |
| 2010-03-10 | CVE-2009-4689 | Resalecode | SQL Injection vulnerability in Resalecode PHP Shopping Cart Selling Website Script SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2010-03-10 | CVE-2009-4687 | Hypersilence | SQL Injection vulnerability in Hypersilence Silentum Guestbook 2.0.2 SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter. | 7.5 |
| 2010-03-10 | CVE-2009-4683 | Scriptsez | Path Traversal vulnerability in Scriptsez Good/Bad Vote Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. | 7.5 |
| 2010-03-10 | CVE-2009-4680 | Phpdirectorysource | SQL Injection vulnerability in PHPdirectorysource 1.0/1.1 SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter. | 7.5 |
| 2010-03-10 | CVE-2010-0956 | Opencart | SQL Injection vulnerability in Opencart 1.3.2 SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2010-03-10 | CVE-2010-0955 | Media Products | SQL Injection vulnerability in Media-Products Bild Flirt Community 2.0 SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-03-10 | CVE-2010-0954 | Preprojects | SQL Injection vulnerability in Preprojects PRE E-Learning Portal SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. | 7.5 |
| 2010-03-10 | CVE-2010-0951 | Dev4U | SQL Injection vulnerability in Dev4U CMS SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter. | 7.5 |
| 2010-03-10 | CVE-2010-0950 | Natychmiast CMS | SQL Injection vulnerability in Natychmiast-Cms Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php. | 7.5 |
| 2010-03-08 | CVE-2010-0945 | Hotbrackets Joomla | SQL Injection vulnerability in Hotbrackets COM Hotbrackets SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2010-03-08 | CVE-2009-4679 | Inertialfate Joomla | Path Traversal vulnerability in Inertialfate COM IF Nexus 1.5 Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2010-03-10 | CVE-2010-0961 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2010-03-10 | CVE-2010-0960 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. | 7.2 |
29 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-03-10 | CVE-2010-0958 | Thomas Perez | Path Traversal vulnerability in Thomas Perez Tribisur 2.0 Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. | 6.8 |
| 2010-03-10 | CVE-2010-0957 | Saskia Bruckner | Path Traversal vulnerability in Saskia Bruckner Saskias Shopsystem Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter. | 6.8 |
| 2010-03-10 | CVE-2010-0953 | Phpcoin | Path Traversal vulnerability in PHPcoin 1.2.1 Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. | 6.8 |
| 2010-03-10 | CVE-2010-0952 | Insanevisions | SQL Injection vulnerability in Insanevisions Onecms 2.5 SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. | 6.8 |
| 2010-03-10 | CVE-2010-0948 | BFS Kilu | SQL Injection vulnerability in Bfs.Kilu Bigforum 4.5 SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2010-03-10 | CVE-2010-0962 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Airport Express, Airport Extreme and Time Capsule The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. | 5.0 |
| 2010-03-08 | CVE-2010-0944 | Thorsten Riess Joomla | Path Traversal vulnerability in Thorsten Riess COM Jcollection Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-03-08 | CVE-2010-0943 | Joomlart Joomla | Path Traversal vulnerability in Joomlart COM Jashowcase Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-03-08 | CVE-2010-0942 | Jvideodirect Joomla | Path Traversal vulnerability in Jvideodirect COM Jvideodirect Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-03-08 | CVE-2010-0939 | Visialis | Permissions, Privileges, and Access Controls vulnerability in Visialis ABB Forum 1.1 Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. | 5.0 |
| 2010-03-10 | CVE-2010-0959 | IBM | Cross-Site Scripting vulnerability in IBM Enovia Smarteam 5 Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. | 4.3 |
| 2010-03-10 | CVE-2009-4697 | Radscripts | Cross-Site Scripting vulnerability in Radscripts Radnics 5 Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action. | 4.3 |
| 2010-03-10 | CVE-2009-4694 | Radscripts | Cross-Site Scripting vulnerability in Radscripts Radlance 7.5 Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. | 4.3 |
| 2010-03-10 | CVE-2009-4692 | Radscripts | Cross-Site Scripting vulnerability in Radscripts Radlance 7.5 Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action. | 4.3 |
| 2010-03-10 | CVE-2009-4690 | Yourfreeworld | Cross-Site Scripting vulnerability in Yourfreeworld Programs Rating Script Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php. | 4.3 |
| 2010-03-10 | CVE-2009-4688 | Resalecode | Cross-Site Scripting vulnerability in Resalecode PHP Shopping Cart Selling Website Script Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters. | 4.3 |
| 2010-03-10 | CVE-2009-4686 | Phplemon | Cross-Site Scripting vulnerability in PHPlemon Adquick 2.2.1 Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter. | 4.3 |
| 2010-03-10 | CVE-2009-4685 | Phpscriptsnow | Cross-Site Scripting vulnerability in PHPscriptsnow Astrology Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter. | 4.3 |
| 2010-03-10 | CVE-2009-4684 | Edgephp | Cross-Site Scripting vulnerability in Edgephp Ezodiak Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter. | 4.3 |
| 2010-03-10 | CVE-2009-4682 | Scriptsez | Cross-Site Scripting vulnerability in Scriptsez Good/Bad Vote Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action. | 4.3 |
| 2010-03-10 | CVE-2009-4681 | Phpdirectorysource | Cross-Site Scripting vulnerability in PHPdirectorysource 1.0/1.1 Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter. | 4.3 |
| 2010-03-10 | CVE-2010-0949 | Natychmiast CMS | Cross-Site Scripting vulnerability in Natychmiast-Cms Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. | 4.3 |
| 2010-03-10 | CVE-2010-0947 | Bbsmax | Cross-Site Scripting vulnerability in Bbsmax 3.0/4.1/4.2 Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
| 2010-03-08 | CVE-2010-0941 | WEB Site Development | Cross-Site Scripting vulnerability in Web-Site-Development Etek Systems HIT Counter 2.0 Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php. | 4.3 |
| 2010-03-08 | CVE-2010-0940 | Sanusart | Cross-Site Scripting vulnerability in Sanusart Simple PHP Guestbook 1.0 Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
| 2010-03-08 | CVE-2010-0938 | Todoomasters | Cross-Site Scripting vulnerability in Todoomasters Todoo Forum 2.0 Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action. | 4.3 |
| 2010-03-08 | CVE-2010-0936 | D Link | Cross-Site Scripting vulnerability in D-Link Dkvm-Ip8 2282Dlinka4P820071213 Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. | 4.3 |
| 2010-03-08 | CVE-2009-4678 | Winn | Cross-Site Scripting vulnerability in Winn Guestbook 2.4 Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2010-03-08 | CVE-2009-4677 | Frank Karau | Cross-Site Scripting vulnerability in Frank-Karau PHPfk PHP Forum 7.0.4 Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-03-10 | CVE-2010-0791 | Ncpfs | Permissions, Privileges, and Access Controls vulnerability in Ncpfs 2.2.6 The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. | 2.1 |
| 2010-03-10 | CVE-2010-0790 | Ncpfs | Information Exposure vulnerability in Ncpfs 2.2.6 sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. | 2.1 |