Weekly Vulnerabilities Reports > March 8 to 14, 2010

Overview

64 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 44 vendors including Microsoft, Joomla, Radscripts, IBM, and Resalecode. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Code Injection", and "Permissions, Privileges, and Access Controls".

  • 60 reported vulnerabilities are remotely exploitables.
  • 28 reported vulnerabilities have public exploit available.
  • 45 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 62 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-10 CVE-2010-0447 HP Improper Authentication vulnerability in HP Openview Performance Insight

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

10.0
2010-03-10 CVE-2010-0418 Chumby OS Command Injection vulnerability in Chumby Classic and Chumby ONE

The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.

10.0
2010-03-10 CVE-2010-0806 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." Further information on this vulnerability can be found at the following link from Microsoft: http://support.microsoft.com/kb/981374

9.3
2010-03-10 CVE-2010-0265 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx '[1]These versions of Windows Movie Maker are delivered with the indicated operating systems. [2]Windows Movie Maker 2.6 is an optional download that can be installed on the indicated operating systems.

9.3
2010-03-10 CVE-2010-0264 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."

9.3
2010-03-10 CVE-2010-0263 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."

9.3
2010-03-10 CVE-2010-0262 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."

9.3
2010-03-10 CVE-2010-0261 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."

9.3
2010-03-10 CVE-2010-0260 Microsoft Code Injection vulnerability in Microsoft products

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."

9.3
2010-03-10 CVE-2010-0258 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."

9.3
2010-03-10 CVE-2010-0257 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."

9.3
2010-03-10 CVE-2010-0103 Energizer Code Injection vulnerability in Energizer DUO USB

UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-10 CVE-2010-0728 Samba Permissions, Privileges, and Access Controls vulnerability in Samba 3.3.11/3.4.6/3.5.0

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.

8.5
2010-03-10 CVE-2009-4696 Radscripts SQL Injection vulnerability in Radscripts Radnics 5

SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.

7.5
2010-03-10 CVE-2009-4695 Radscripts SQL Injection vulnerability in Radscripts Radlance 7.5

SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.

7.5
2010-03-10 CVE-2009-4693 Grafxsoftware Code Injection vulnerability in Grafxsoftware Minicwb 2.3.0

Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/.

7.5
2010-03-10 CVE-2009-4691 Resalecode SQL Injection vulnerability in Resalecode Classified Linktrader Script

SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.

7.5
2010-03-10 CVE-2009-4689 Resalecode SQL Injection vulnerability in Resalecode PHP Shopping Cart Selling Website Script

SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2010-03-10 CVE-2009-4687 Hypersilence SQL Injection vulnerability in Hypersilence Silentum Guestbook 2.0.2

SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter.

7.5
2010-03-10 CVE-2009-4683 Scriptsez Path Traversal vulnerability in Scriptsez Good/Bad Vote

Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action.

7.5
2010-03-10 CVE-2009-4680 Phpdirectorysource SQL Injection vulnerability in PHPdirectorysource 1.0/1.1

SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.

7.5
2010-03-10 CVE-2010-0956 Opencart SQL Injection vulnerability in Opencart 1.3.2

SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2010-03-10 CVE-2010-0955 Media Products SQL Injection vulnerability in Media-Products Bild Flirt Community 2.0

SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-03-10 CVE-2010-0954 Preprojects SQL Injection vulnerability in Preprojects PRE E-Learning Portal

SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.

7.5
2010-03-10 CVE-2010-0951 Dev4U SQL Injection vulnerability in Dev4U CMS

SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.

7.5
2010-03-10 CVE-2010-0950 Natychmiast CMS SQL Injection vulnerability in Natychmiast-Cms

Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.

7.5
2010-03-08 CVE-2010-0946 Kiss Software
Joomla
SQL Injection vulnerability in Kiss-Software COM Ksadvertiser

SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.

7.5
2010-03-08 CVE-2010-0945 Hotbrackets
Joomla
SQL Injection vulnerability in Hotbrackets COM Hotbrackets

SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2010-03-08 CVE-2010-0937 Visualizationlibrary Security vulnerability in Visualization Library 2009.07.640/2009.08.800/2009.08.802

Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors.

7.5
2010-03-08 CVE-2009-4679 Inertialfate
Joomla
Path Traversal vulnerability in Inertialfate COM IF Nexus 1.5

Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-03-10 CVE-2010-0961 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios

Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.

7.2
2010-03-10 CVE-2010-0960 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios

Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.

7.2

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-10 CVE-2010-0958 Thomas Perez Path Traversal vulnerability in Thomas Perez Tribisur 2.0

Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter.

6.8
2010-03-10 CVE-2010-0957 Saskia Bruckner Path Traversal vulnerability in Saskia Bruckner Saskias Shopsystem

Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter.

6.8
2010-03-10 CVE-2010-0953 Phpcoin Path Traversal vulnerability in PHPcoin 1.2.1

Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a ..

6.8
2010-03-10 CVE-2010-0952 Insanevisions SQL Injection vulnerability in Insanevisions Onecms 2.5

SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.

6.8
2010-03-10 CVE-2010-0948 BFS Kilu SQL Injection vulnerability in Bfs.Kilu Bigforum 4.5

SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2010-03-10 CVE-2010-0962 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Airport Express, Airport Extreme and Time Capsule

The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.

5.0
2010-03-08 CVE-2010-0944 Thorsten Riess
Joomla
Path Traversal vulnerability in Thorsten Riess COM Jcollection

Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-03-08 CVE-2010-0943 Joomlart
Joomla
Path Traversal vulnerability in Joomlart COM Jashowcase

Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-03-08 CVE-2010-0942 Jvideodirect
Joomla
Path Traversal vulnerability in Jvideodirect COM Jvideodirect

Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-03-08 CVE-2010-0939 Visialis Permissions, Privileges, and Access Controls vulnerability in Visialis ABB Forum 1.1

Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb.

5.0
2010-03-10 CVE-2010-0959 IBM Cross-Site Scripting vulnerability in IBM Enovia Smarteam 5

Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.

4.3
2010-03-10 CVE-2009-4697 Radscripts Cross-Site Scripting vulnerability in Radscripts Radnics 5

Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.

4.3
2010-03-10 CVE-2009-4694 Radscripts Cross-Site Scripting vulnerability in Radscripts Radlance 7.5

Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action.

4.3
2010-03-10 CVE-2009-4692 Radscripts Cross-Site Scripting vulnerability in Radscripts Radlance 7.5

Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.

4.3
2010-03-10 CVE-2009-4690 Yourfreeworld Cross-Site Scripting vulnerability in Yourfreeworld Programs Rating Script

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

4.3
2010-03-10 CVE-2009-4688 Resalecode Cross-Site Scripting vulnerability in Resalecode PHP Shopping Cart Selling Website Script

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.

4.3
2010-03-10 CVE-2009-4686 Phplemon Cross-Site Scripting vulnerability in PHPlemon Adquick 2.2.1

Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter.

4.3
2010-03-10 CVE-2009-4685 Phpscriptsnow Cross-Site Scripting vulnerability in PHPscriptsnow Astrology

Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.

4.3
2010-03-10 CVE-2009-4684 Edgephp Cross-Site Scripting vulnerability in Edgephp Ezodiak

Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter.

4.3
2010-03-10 CVE-2009-4682 Scriptsez Cross-Site Scripting vulnerability in Scriptsez Good/Bad Vote

Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.

4.3
2010-03-10 CVE-2009-4681 Phpdirectorysource Cross-Site Scripting vulnerability in PHPdirectorysource 1.0/1.1

Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.

4.3
2010-03-10 CVE-2010-0949 Natychmiast CMS Cross-Site Scripting vulnerability in Natychmiast-Cms

Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.

4.3
2010-03-10 CVE-2010-0947 Bbsmax Cross-Site Scripting vulnerability in Bbsmax 3.0/4.1/4.2

Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2010-03-08 CVE-2010-0941 WEB Site Development Cross-Site Scripting vulnerability in Web-Site-Development Etek Systems HIT Counter 2.0

Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.

4.3
2010-03-08 CVE-2010-0940 Sanusart Cross-Site Scripting vulnerability in Sanusart Simple PHP Guestbook 1.0

Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2010-03-08 CVE-2010-0938 Todoomasters Cross-Site Scripting vulnerability in Todoomasters Todoo Forum 2.0

Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.

4.3
2010-03-08 CVE-2010-0936 D Link Cross-Site Scripting vulnerability in D-Link Dkvm-Ip8 2282Dlinka4P820071213

Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.

4.3
2010-03-08 CVE-2009-4678 Winn Cross-Site Scripting vulnerability in Winn Guestbook 2.4

Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2010-03-08 CVE-2009-4677 Frank Karau Cross-Site Scripting vulnerability in Frank-Karau PHPfk PHP Forum 7.0.4

Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-10 CVE-2010-0926 Samba Path Traversal vulnerability in Samba

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing ..

3.5
2010-03-10 CVE-2010-0791 Ncpfs Permissions, Privileges, and Access Controls vulnerability in Ncpfs 2.2.6

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.

2.1
2010-03-10 CVE-2010-0790 Ncpfs Information Exposure vulnerability in Ncpfs 2.2.6

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.

2.1