Weekly Vulnerabilities Reports > April 5 to 11, 2010

Overview

111 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 83 products from 70 vendors including Novell, Joomla, Mozilla, Linux, and Pulsecms. Vulnerabilities are notably categorized as "Path Traversal", "SQL Injection", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Code Injection".

  • 106 reported vulnerabilities are remotely exploitables.
  • 35 reported vulnerabilities have public exploit available.
  • 46 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 99 reported vulnerabilities are exploitable by an anonymous user.
  • Novell has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-08 CVE-2010-0098 Clamav
Clamavs
Unspecified vulnerability in clamav

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

10.0
2010-04-07 CVE-2010-1223 CA Buffer Errors vulnerability in CA products

Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

10.0
2010-04-05 CVE-2010-0174 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2010-04-05 CVE-2003-1595 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.

10.0
2010-04-06 CVE-2009-4737 Justsystems Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Justsystems Ichitaro and Ichitaro Viewer

Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter."

9.3
2010-04-06 CVE-2010-1273 Emweb Improper Input Validation vulnerability in Emweb WT

Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.

9.3
2010-04-05 CVE-2010-0177 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability."

9.3
2010-04-05 CVE-2010-0176 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability."

9.3
2010-04-05 CVE-2010-0175 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.

9.3
2010-04-05 CVE-2010-0173 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-04-05 CVE-2010-1241 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat Reader

Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.

9.3
2010-04-05 CVE-2010-1240 Adobe
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat Reader 9.3.1

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.

9.3
2010-04-05 CVE-2010-1239 Foxitsoftware Code Injection vulnerability in Foxitsoftware Foxit Reader

Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

9.3
2010-04-05 CVE-2009-4764 Adobe
Microsoft
Code Injection vulnerability in Adobe Acrobat Reader

Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.

9.3

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-06 CVE-2010-1087 Linux
Debian
Local Denial of Service vulnerability in Linux Kernel

The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.

7.8
2010-04-06 CVE-2010-1086 Linux
Debian
Resource Management Errors vulnerability in Linux Kernel

The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.

7.8
2010-04-05 CVE-2010-0178 Mozilla Code Injection vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.

7.6
2010-04-09 CVE-2010-1344 Cookex
Joomla
SQL Injection vulnerability in Cookex COM Ckforms 1.3.3

SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.

7.5
2010-04-09 CVE-2010-1343 Bjsintay SQL Injection vulnerability in Bjsintay Sitex 0.7.4

SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

7.5
2010-04-09 CVE-2010-1341 Systemsoftware SQL Injection vulnerability in Systemsoftware Community Black Forum

SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.

7.5
2010-04-09 CVE-2010-1338 Robertotto
Woltlab
SQL Injection vulnerability in Robertotto Teamsite Hack Plugin

SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.

7.5
2010-04-09 CVE-2010-1337 Lussumo Code Injection vulnerability in Lussumo Vanilla

Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.

7.5
2010-04-09 CVE-2010-1336 Invohost SQL Injection vulnerability in Invohost 3.4

Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php.

7.5
2010-04-09 CVE-2010-1331 Heartlogic SQL Injection vulnerability in Heartlogic Hl-Sitemanager

SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2010-04-08 CVE-2010-1306 Roberto Aloi
Joomla
Path Traversal vulnerability in Roberto Aloi COM Joomlapicasa2

Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a ..

7.5
2010-04-07 CVE-2010-1301 Merethis SQL Injection vulnerability in Merethis Centreon 2.1.5

SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.

7.5
2010-04-07 CVE-2010-1300 Yamamah SQL Injection vulnerability in Yamamah 1.00

SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.

7.5
2010-04-07 CVE-2010-0400 Mahara SQL Injection vulnerability in Mahara 1.0.4

SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.

7.5
2010-04-06 CVE-2010-1277 Zabbix SQL Injection vulnerability in Zabbix 1.8/1.8.1

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.

7.5
2010-04-06 CVE-2010-1272 Komputer BOO Code Injection vulnerability in Komputer.Boo Gnat-Tgp

PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

7.5
2010-04-06 CVE-2010-1271 Smart Plugs SQL Injection vulnerability in Smart-Plugs Smartplugs 1.3

SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

7.5
2010-04-06 CVE-2010-1270 Phpscripte24 SQL Injection vulnerability in PHPscripte24 Multi Suktions Komplett System 2

SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

7.5
2010-04-06 CVE-2010-1269 Phpscripte24 SQL Injection vulnerability in PHPscripte24 Niedrig Gebote PRO Auktions System II

SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

7.5
2010-04-06 CVE-2010-1266 Kjetiltroan Code Injection vulnerability in Kjetiltroan Webmaid CMS

Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.

7.5
2010-04-06 CVE-2010-1265 Ekith
Joomla
SQL Injection vulnerability in Ekith COM DCS Flashgames 2.0

SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2010-04-05 CVE-2009-2936 Varnish Projects Linpro Improper Authentication vulnerability in Varnish.Projects.Linpro Varnish

** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives.

7.5
2010-04-05 CVE-2010-1243 IBM Remote Security vulnerability in IBM Webi 1.0.2

The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors.

7.5
2010-04-05 CVE-2007-6735 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.

7.5
2010-04-05 CVE-2005-4887 Novell Remote Security vulnerability in Netware FTP Server

NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords.

7.5
2010-04-05 CVE-2003-1596 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.

7.5
2010-04-05 CVE-2003-1594 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.

7.5
2010-04-05 CVE-2003-1593 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.

7.5
2010-04-05 CVE-2000-1245 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.

7.5
2010-04-06 CVE-2010-1085 Linux Numeric Errors vulnerability in Linux Kernel

The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error.

7.1
2010-04-06 CVE-2010-1084 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.

7.1

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-05 CVE-2008-3279 Mielke Permissions, Privileges, and Access Controls vulnerability in Mielke Brltty 3.7.2

Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.

6.9
2010-04-09 CVE-2010-1346 Ribafs SQL Injection vulnerability in Ribafs Mini CMS Ribafs 1.0

SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.

6.8
2010-04-09 CVE-2010-1342 Directnews Code Injection vulnerability in Directnews Direct News 4.10.2

Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php.

6.8
2010-04-09 CVE-2010-1335 Miftahovn Code Injection vulnerability in Miftahovn Insky CMS 0060111

Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/.

6.8
2010-04-09 CVE-2010-0992 Pulsecms Cross-Site Request Forgery (CSRF) vulnerability in Pulsecms Pulse CMS 1.2.2/1.2.3/1.3.2

Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks.

6.8
2010-04-07 CVE-2008-7254 Ermenegildo Fiorito Path Traversal vulnerability in Ermenegildo Fiorito Irmin CMS 0.5/0.6

Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a ..

6.8
2010-04-06 CVE-2010-1268 Fh54 Path Traversal vulnerability in Fh54 Justvisual 2.0

Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter.

6.8
2010-04-05 CVE-2010-1244 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Activemq

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

6.8
2010-04-05 CVE-2009-2822 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Airport Utility

AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.

6.8
2010-04-05 CVE-2010-0625 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Netware and Netware FTP Server

Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.

6.5
2010-04-09 CVE-2010-1334 Pulsecms Unspecified vulnerability in Pulsecms Pulse CMS 1.2.4

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different vulnerability than CVE-2010-0993.

6.0
2010-04-09 CVE-2010-0993 Pulsecms Unspecified vulnerability in Pulsecms Pulse CMS 1.2.2/1.2.3/1.3.2

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

6.0
2010-04-06 CVE-2010-1147 Roshan Singh Buffer Errors vulnerability in Roshan Singh Open Direct Connect HUB 0.8.1

Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message.

6.0
2010-04-06 CVE-2010-1088 Linux Denial of Service vulnerability in Linux Kernel NFS Automount 'symlinks'

fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.

5.4
2010-04-07 CVE-2010-1299 Dynpg Code Injection vulnerability in Dynpg

Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php.

5.1
2010-04-05 CVE-2010-0179 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.

5.1
2010-04-09 CVE-2010-1345 Cookex
Joomla
Path Traversal vulnerability in Cookex COM Ckforms 1.3.3

Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-09 CVE-2010-1340 Joomla Research
Joomla
Path Traversal vulnerability in Joomla-Research COM Jresearch 1.1.4.1

Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-1315 Joomlamo
Joomla
Path Traversal vulnerability in Joomlamo COM Weberpcustomer 1.2.1

Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-1314 Joomlanook
Joomla
Path Traversal vulnerability in Joomlanook COM Hsconfig 1.5/2.0.9

Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-1312 Ijoomla
Joomla
Path Traversal vulnerability in Ijoomla COM News Portal

Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-1311 Clamav
Clamavs
Improper Input Validation vulnerability in clamav

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format.

5.0
2010-04-08 CVE-2010-1310 Opera Information Exposure vulnerability in Opera Browser 10.50

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.

5.0
2010-04-08 CVE-2010-1309 Ermenegildo Fiorito Path Traversal vulnerability in Ermenegildo Fiorito Irmin CMS 0.6

Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-0743 Zaal
Iscsitarget
USE of Externally-Controlled Format String vulnerability in multiple products

Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.

5.0
2010-04-08 CVE-2010-1308 LA Souris Verte
Joomla
Path Traversal vulnerability in La-Souris-Verte COM Svmap 1.1.1

Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-1307 Software Realtyna
Joomla
Path Traversal vulnerability in Software.Realtyna COM Joomlaupdater

Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-1305 Joomlamo
Joomla
Path Traversal vulnerability in Joomlamo COM Jinventory 1.23.02

Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a ..

5.0
2010-04-08 CVE-2010-1304 Joomlamo
Joomla
Path Traversal vulnerability in Joomlamo COM Userstatus 1.21.16

Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-07 CVE-2010-1302 Decryptweb
Joomla
Path Traversal vulnerability in Decryptweb COM Dwgraphs 1.0

Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

5.0
2010-04-07 CVE-2010-1222 CA Improper Authentication vulnerability in CA products

CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request.

5.0
2010-04-07 CVE-2010-1221 CA Improper Authentication vulnerability in CA products

CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.

5.0
2010-04-06 CVE-2010-0751 Libnids Project
Fedoraproject
Null Pointer Dereference vulnerability in multiple products

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

5.0
2010-04-06 CVE-2010-1267 Kjetiltroan Path Traversal vulnerability in Kjetiltroan Webmaid CMS

Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.

5.0
2010-04-05 CVE-2010-1238 Moinmo Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin 1.7.1

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.

5.0
2010-04-05 CVE-2005-4888 Novell Denial-Of-Service vulnerability in Novell NetWare

NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed.

5.0
2010-04-05 CVE-2003-1592 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Netware and Netware FTP Server

Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password.

5.0
2010-04-05 CVE-2002-2434 Novell Denial-Of-Service vulnerability in Netware

NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions.

5.0
2010-04-05 CVE-2002-2432 Novell Denial-Of-Service vulnerability in Netware FTP Server

Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username.

5.0
2010-04-05 CVE-2001-1587 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Netware

NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.

5.0
2010-04-06 CVE-2010-1083 Linux Resource Management Errors vulnerability in Linux Kernel

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

4.7
2010-04-05 CVE-2010-0825 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Emacs

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

4.4
2010-04-09 CVE-2010-1339 Robertotto
Woltlab
Cross-Site Scripting vulnerability in Robertotto Teamsite Hack Plugin

Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message.

4.3
2010-04-09 CVE-2010-1333 Almas Cross-Site Scripting vulnerability in Almas Compiere J253Ba02/J300A01/J300A02

Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc.

4.3
2010-04-09 CVE-2010-1332 Prettybook Cross-Site Scripting vulnerability in Prettybook Prettyformmail

Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-04-08 CVE-2010-1313 Seber
Joomla
Path Traversal vulnerability in Seber COM Sebercart 1.0.0.12/1.0.0.13

Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2010-04-07 CVE-2010-1186 Alex Rabe
Wordpress
Cross-Site Scripting vulnerability in Alex Rabe Nextgen Gallery

Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

4.3
2010-04-06 CVE-2010-1276 Bbsxp Cross-Site Scripting vulnerability in Bbsxp 2008

Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp.

4.3
2010-04-06 CVE-2010-1275 Bbsxp Cross-Site Scripting vulnerability in Bbsxp 2008

Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter.

4.3
2010-04-06 CVE-2010-1274 Webtoolkit Cross-Site Scripting vulnerability in Webtoolkit WT

Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.

4.3
2010-04-05 CVE-2010-0182 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

4.3
2010-04-05 CVE-2010-0181 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.

4.3
2010-04-05 CVE-2010-0009 Apache Information Exposure vulnerability in Apache Couchdb

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

4.3
2010-04-05 CVE-2010-1242 IBM Cross-Site Scripting vulnerability in IBM Webi 1.0.2

Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-04-05 CVE-2004-2767 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.

4.3
2010-04-05 CVE-2003-1591 Novell Denial-Of-Service vulnerability in Novell Netware 6.0/6.5

NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload.

4.3
2010-04-07 CVE-2010-0629 MIT Resource Management Errors vulnerability in MIT Kerberos and Kerberos 5

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

4.0
2010-04-06 CVE-2010-1298 Pulsecms Path Traversal vulnerability in Pulsecms Pulse CMS 1.2.2

Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter.

4.0
2010-04-05 CVE-2007-6734 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.

4.0
2010-04-05 CVE-2002-2433 Novell Improper Input Validation vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-05 CVE-2010-0684 Apache Cross-Site Scripting vulnerability in Apache Activemq

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

3.5
2010-04-05 CVE-2010-0828 Moinmo Cross-Site Scripting vulnerability in Moinmo Moinmoin 1.8.7/1.9.2

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

3.5
2010-04-05 CVE-2000-1246 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Netware and Netware FTP Server

NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.

3.5
2010-04-08 CVE-2010-1303 JIM Berry
Drupal
Cross-Site Scripting vulnerability in JIM Berry Taxonomy Filter 6.X1.0/6.X1.Xdev

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.

2.1
2010-04-06 CVE-2010-0750 Freedesktop Information Exposure vulnerability in Freedesktop Policykit 0.96

pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.

2.1
2010-04-05 CVE-2010-0826 Piotr Roszatycki Information Exposure vulnerability in Piotr Roszatycki Libnss-Db 2.2.3

The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

1.9