Weekly Vulnerabilities Reports > April 19 to 25, 2010

Overview

103 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 36 high severity vulnerabilities. This weekly summary report vulnerabilities in 131 products from 71 vendors including Joomla, Microsoft, Google, HP, and Typo3. Vulnerabilities are notably categorized as "SQL Injection", "Path Traversal", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 96 reported vulnerabilities are remotely exploitables.
  • 38 reported vulnerabilities have public exploit available.
  • 54 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 92 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-23 CVE-2010-1505 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.

10.0
2010-04-21 CVE-2010-1490 IBM Security vulnerability in IBM Cognos 8 Business Intelligence

Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.

10.0
2010-04-20 CVE-2010-0887 SUN Unspecified vulnerability in SUN Java 6

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2010-04-20 CVE-2010-0886 SUN
Microsoft
Unspecified vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2010-04-20 CVE-2010-1319 Realnetworks Numeric Errors vulnerability in Realnetworks products

Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.

10.0
2010-04-20 CVE-2010-1318 Realnetworks Buffer Errors vulnerability in Realnetworks products

Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2010-04-23 CVE-2010-1502 Google Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059

Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."

9.3
2010-04-22 CVE-2010-1278 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Reader

Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.

9.3
2010-04-21 CVE-2010-1033 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Operations Manager 7.5/8.10/8.16

Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.

9.3
2010-04-21 CVE-2009-4778 RIM Remote Code Execution vulnerability in RIM products

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646.

9.3
2010-04-21 CVE-2009-4776 Hitachi Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hitachi products

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.

9.3
2010-04-20 CVE-2009-4769 Jasper USE of Externally-Controlled Format String vulnerability in Jasper Httpdx

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.

9.3
2010-04-20 CVE-2009-4768 Blizzard Code Injection vulnerability in Blizzard Warcraft 3 the Frozen Throne 1.2.4/1.2.4A

Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map.

9.3
2010-04-23 CVE-2010-1035 HP Remote Privilege Escalation vulnerability in HP Insight Virtual Machine Management 3.6.1

Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VMM) before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors.

9.0
2010-04-22 CVE-2010-0593 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726.

9.0
2010-04-22 CVE-2009-4790 Sysax Path Traversal vulnerability in Sysax Multi Server 4.5

Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands.

9.0
2010-04-20 CVE-2010-1165 Atlassian Code Injection vulnerability in Atlassian Jira

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

9.0

36 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-23 CVE-2010-1506 Google Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059

The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.

7.8
2010-04-23 CVE-2010-1500 Google Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059

Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."

7.5
2010-04-23 CVE-2010-1499 Musicboxv2 SQL Injection vulnerability in Musicboxv2 Musicbox 3.3

SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-04-23 CVE-2010-1498 Clausvb SQL Injection vulnerability in Clausvb DL Stats

Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.

7.5
2010-04-23 CVE-2010-1496 Jolt
Joomla
SQL Injection vulnerability in Jolt COM Joltcard 1.2.1

SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.

7.5
2010-04-23 CVE-2010-1495 Matamko
Joomla
Path Traversal vulnerability in Matamko COM Matamko 1.01

Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-04-23 CVE-2010-1493 Awdsolution
Joomla
SQL Injection vulnerability in Awdsolution COM Awdwall

SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.

7.5
2010-04-23 CVE-2009-4810 Samhain Labs Improper Input Validation vulnerability in Samhain Labs Samhain

The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.

7.5
2010-04-23 CVE-2009-4808 Graugon Improper Authentication vulnerability in Graugon PHP Article Publisher 1.0

admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.

7.5
2010-04-23 CVE-2009-4807 Graugon SQL Injection vulnerability in Graugon PHP Article Publisher 1.0

Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php.

7.5
2010-04-23 CVE-2009-4806 Digitalinterchange Improper Authentication vulnerability in Digitalinterchange Digital Interchange Document Library 1.0.1

admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors.

7.5
2010-04-23 CVE-2009-4803 Andreas Schwarzkopf
Typo3
SQL Injection vulnerability in Andreas Schwarzkopf Accessibility Glossary

SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-04-23 CVE-2009-4802 Joachim Ruhs
Typo3
SQL Injection vulnerability in Joachim Ruhs Flat Manager

SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-04-23 CVE-2009-4801 Will Kraft Improper Authentication vulnerability in Will Kraft Ez-Blog

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts.

7.5
2010-04-22 CVE-2009-4798 Diskos SQL Injection vulnerability in Diskos CMS 6

Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.

7.5
2010-04-22 CVE-2009-4797 Jobhut Spranger SQL Injection vulnerability in Jobhut.Spranger Jobhut 1.2

SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter.

7.5
2010-04-22 CVE-2009-4796 Glfusion SQL Injection vulnerability in Glfusion

Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.

7.5
2010-04-22 CVE-2009-4794 Community CMS SQL Injection vulnerability in Community CMS Community CMS 0.5

Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.

7.5
2010-04-22 CVE-2009-4792 Karl Core SQL Injection vulnerability in Karl Core Bandsite CMS 1.1.4

SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.

7.5
2010-04-22 CVE-2009-4791 Ryan Haudenschilt SQL Injection vulnerability in Ryan Haudenschilt Family Connections

Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.

7.5
2010-04-21 CVE-2009-4789 Mojoblog
Joomla
Code Injection vulnerability in Mojoblog Rc0.15

Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.

7.5
2010-04-21 CVE-2009-4785 Joomla
Bhavesh Chauhan
SQL Injection vulnerability in Bhavesh Chauhan COM Quicknews

SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.

7.5
2010-04-21 CVE-2009-4784 Joaktree
Joomla
SQL Injection vulnerability in Joaktree COM Joaktree 1.0

SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.

7.5
2010-04-21 CVE-2009-4783 Mntechsolutions SQL Injection vulnerability in Mntechsolutions Theeta CMS 0.0/0.01

Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php.

7.5
2010-04-21 CVE-2009-4779 Robert Garrigos Code Injection vulnerability in Robert Garrigos Nukehall 0.2/0.2.1/0.3

Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/.

7.5
2010-04-20 CVE-2010-1317 Realnetworks Buffer Errors vulnerability in Realnetworks Helix DNA Server, Helix Server and Helix Server Mobile

Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.

7.5
2010-04-20 CVE-2009-4770 Jasper Credentials Management vulnerability in Jasper Httpdx

The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.

7.5
2010-04-19 CVE-2010-1480 Rockettheme
Joomla
SQL Injection vulnerability in Rockettheme COM Rokmodule 1.1

SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php.

7.5
2010-04-19 CVE-2010-1479 Rockettheme
Joomla
SQL Injection vulnerability in Rockettheme COM Rokmodule 1.1

SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.

7.5
2010-04-19 CVE-2010-1477 Martin Hess
Joomla
SQL Injection vulnerability in Martin Hess COM Sermonspeaker 2.9

SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.

7.5
2010-04-19 CVE-2010-1472 Kazulah
Joomla
Path Traversal vulnerability in Kazulah COM Horoscope 1.5.0

Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-04-19 CVE-2010-1471 B Elektro
Joomla
Path Traversal vulnerability in B-Elektro COM Addressbook 1.5.0

Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-04-19 CVE-2010-1470 DEV Pucit EDU PK
Joomla
Path Traversal vulnerability in Dev.Pucit.Edu.Pk COM Webtv 1.0

Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-04-19 CVE-2010-1468 Focusdev
Joomla
SQL Injection vulnerability in Focusdev COM MV Restaurantmenumanager

SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.

7.5
2010-04-21 CVE-2009-4781 Tukeva Credentials Management vulnerability in Tukeva Password Reminder 1.0.0.0/1.0.0.1

TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.

7.2
2010-04-20 CVE-2010-1162 Linux Unspecified vulnerability in Linux Kernel

The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors.

7.2

46 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-23 CVE-2009-4805 Will Kraft SQL Injection vulnerability in Will Kraft Ez-Blog

Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.

6.8
2010-04-22 CVE-2010-0991 Enlightenment Buffer Errors vulnerability in Enlightenment Imlib2 1.4.3

Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.

6.8
2010-04-22 CVE-2009-4795 Xlightftpd SQL Injection vulnerability in Xlightftpd Xlight FTP Server

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

6.8
2010-04-21 CVE-2009-4787 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 1.0.0/1.0.1/1.0.2

Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact.

6.8
2010-04-20 CVE-2010-1153 Typo3 Code Injection vulnerability in Typo3 4.3.0/4.3.1/4.3.2

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

6.8
2010-04-20 CVE-2010-1458 Tweakfs
Microsoft
Buffer Errors vulnerability in Tweakfs ZIP Utility 1.0

Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive.

6.8
2010-04-20 CVE-2010-1151 Apache Race Condition vulnerability in Apache Http Server

Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.

6.8
2010-04-20 CVE-2009-4773 Ubercart
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Ubercart

Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2010-04-19 CVE-2010-1478 Ternaria
Joomla
Path Traversal vulnerability in Ternaria COM Jfeedback 1.2

Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-04-19 CVE-2010-1476 Alphaplug
Joomla
Path Traversal vulnerability in Alphaplug COM Alphauserpoints 1.5.5

Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-04-19 CVE-2010-1475 Ternaria
Joomla
Path Traversal vulnerability in Ternaria COM Preventive 1.0.5

Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-04-19 CVE-2010-1474 Supachai Teasakul
Joomla
Path Traversal vulnerability in Supachai Teasakul COM Sweetykeeper

Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-04-19 CVE-2010-1473 Johnmccollum
Joomla
Path Traversal vulnerability in Johnmccollum COM Advertising 0.25

Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-04-19 CVE-2010-1469 Ternaria
Joomla
Path Traversal vulnerability in Ternaria COM Jprojectmanager 1.0

Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-04-22 CVE-2009-4793 Karl Core Code Injection vulnerability in Karl Core Bandsite CMS 1.1.4

Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name.

6.0
2010-04-20 CVE-2010-0996 E107 Unspecified vulnerability in E107

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file.

6.0
2010-04-20 CVE-2010-1150 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.

6.0
2010-04-20 CVE-2010-0744 Alvaro Improper Authentication vulnerability in Alvaro Alvaros Messenger

aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.

5.8
2010-04-23 CVE-2010-1494 Awdsolution
Joomla
Path Traversal vulnerability in Awdsolution COM Awdwall 1.5.4

Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-23 CVE-2010-1492 Palosanto Path Traversal vulnerability in Palosanto Elastix 1.6.0

Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a ..

5.0
2010-04-23 CVE-2010-1491 MMS Pipp
Joomla
Path Traversal vulnerability in Mms.Pipp COM Mmsblog 2.3.0

Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

5.0
2010-04-23 CVE-2009-4809 Sharing File Path Traversal vulnerability in Sharing-File Easy File Sharing web Server 4.8

Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a ..

5.0
2010-04-22 CVE-2009-4799 Diskos Permissions, Privileges, and Access Controls vulnerability in Diskos CMS 6

Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.

5.0
2010-04-20 CVE-2010-1158 Perl Numeric Errors vulnerability in Perl

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

5.0
2010-04-20 CVE-2009-4771 Ubercart
Drupal
Improper Input Validation vulnerability in Ubercart

The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.

5.0
2010-04-21 CVE-2010-1032 HP Local Denial Of Service vulnerability in HP Hp-Ux B.11.11

Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.

4.9
2010-04-23 CVE-2010-1034 HP
Linux
Microsoft
Remote vulnerability in HP System Management Homepage 6.0

Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.

4.6
2010-04-20 CVE-2008-7255 Amsn Credentials Management vulnerability in Amsn

login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.

4.6
2010-04-23 CVE-2010-1504 Google Cross-Site Scripting vulnerability in Google Chrome

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.

4.3
2010-04-23 CVE-2010-1503 Google Cross-Site Scripting vulnerability in Google Chrome

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.

4.3
2010-04-23 CVE-2010-1497 Clausvb Cross-Site Scripting vulnerability in Clausvb DL Stats 1.2

Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2010-04-23 CVE-2009-4804 Mario Matzulla
Microsoft
Typo3
Cross-Site Scripting vulnerability in Mario Matzulla Calendar Base

Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters." Updated version available per: http://typo3.org/extensions/repository/view/cal/current/

4.3
2010-04-22 CVE-2010-1486 Cactushop Cross-Site Scripting vulnerability in Cactushop

Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.

4.3
2010-04-21 CVE-2009-4788 Pligg Improper Input Validation vulnerability in Pligg CMS

Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php.

4.3
2010-04-21 CVE-2009-4786 Pligg Cross-Site Scripting vulnerability in Pligg CMS

Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php.

4.3
2010-04-21 CVE-2009-4782 Mntechsolutions Cross-Site Scripting vulnerability in Mntechsolutions Theeta CMS 0.0/0.01

Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum.php; and (6) start parameter to blog/index.php.

4.3
2010-04-21 CVE-2009-4780 Phpmyfaq Cross-Site Scripting vulnerability in PHPmyfaq

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action.

4.3
2010-04-21 CVE-2009-4777 Hitachi
Microsoft
HP
SUN
Products GIF File Parsing Denial of Service vulnerability in Hitachi

Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file."

4.3
2010-04-21 CVE-2009-4775 Ipswitch USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP 12.0/12.0.1

Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.

4.3
2010-04-20 CVE-2010-1489 Microsoft Cross-Site Scripting vulnerability in Microsoft IE 8

The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.

4.3
2010-04-20 CVE-2010-1164 Atlassian Cross-Site Scripting vulnerability in Atlassian Jira

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010.

4.3
2010-04-20 CVE-2009-4772 Ubercart
Drupal
Information Disclosure vulnerability in Ubercart

Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.

4.3
2010-04-20 CVE-2009-4767 Plohni Cross-Site Scripting vulnerability in Plohni Shoutbox 1.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters.

4.3
2010-04-22 CVE-2010-1320 MIT Resource Management Errors vulnerability in MIT Kerberos 5

Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.

4.0
2010-04-22 CVE-2009-4800 Sysax Path Traversal vulnerability in Sysax Multi Server 4.3/4.5

Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.

4.0
2010-04-21 CVE-2009-4774 SUN Local Denial Of Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-20 CVE-2010-0997 E107 Cross-Site Scripting vulnerability in E107

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.

3.5
2010-04-23 CVE-2010-1157 Apache Information Exposure vulnerability in Apache Tomcat

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

2.6
2010-04-20 CVE-2010-1488 Linux Resource Management Errors vulnerability in Linux Kernel

The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.

2.1
2010-04-20 CVE-2010-1487 IBM Credentials Management vulnerability in IBM Lotus Notes 7.0/8.0/8.5

IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.

2.1