Weekly Vulnerabilities Reports > April 19 to 25, 2010
Overview
97 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 127 products from 69 vendors including Joomla, Google, Microsoft, HP, and SUN. Vulnerabilities are notably categorized as "SQL Injection", "Path Traversal", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".
- 93 reported vulnerabilities are remotely exploitables.
- 37 reported vulnerabilities have public exploit available.
- 54 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 87 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 21 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-04-23 | CVE-2010-1505 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors. | 10.0 | |
2010-04-21 | CVE-2010-1490 | IBM | Security vulnerability in IBM Cognos 8 Business Intelligence Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors. | 10.0 |
2010-04-20 | CVE-2010-0887 | SUN | Unspecified vulnerability in SUN Java 6 Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-04-20 | CVE-2010-0886 | SUN Microsoft | Unspecified vulnerability in SUN JDK and JRE Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-04-20 | CVE-2010-1319 | Realnetworks | Numeric Errors vulnerability in Realnetworks products Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length. | 10.0 |
2010-04-20 | CVE-2010-1318 | Realnetworks | Buffer Errors vulnerability in Realnetworks products Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2010-04-23 | CVE-2010-1502 | Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059 Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools." | 9.3 | |
2010-04-22 | CVE-2010-1278 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Reader Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. | 9.3 |
2010-04-21 | CVE-2009-4778 | RIM | Remote Code Execution vulnerability in RIM products Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646. | 9.3 |
2010-04-21 | CVE-2009-4776 | Hitachi | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hitachi products Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. | 9.3 |
2010-04-20 | CVE-2009-4769 | Jasper | USE of Externally-Controlled Format String vulnerability in Jasper Httpdx Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. | 9.3 |
2010-04-20 | CVE-2009-4768 | Blizzard | Code Injection vulnerability in Blizzard Warcraft 3 the Frozen Throne 1.2.4/1.2.4A Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. | 9.3 |
2010-04-23 | CVE-2010-1035 | HP | Remote Privilege Escalation vulnerability in HP Insight Virtual Machine Management 3.6.1 Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VMM) before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
2010-04-22 | CVE-2010-0593 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726. | 9.0 |
2010-04-22 | CVE-2009-4790 | Sysax | Path Traversal vulnerability in Sysax Multi Server 4.5 Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. | 9.0 |
2010-04-20 | CVE-2010-1165 | Atlassian | Code Injection vulnerability in Atlassian Jira Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. | 9.0 |
34 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-04-23 | CVE-2010-1506 | Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059 The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors. | 7.8 | |
2010-04-23 | CVE-2010-1500 | Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059 Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error." | 7.5 | |
2010-04-23 | CVE-2010-1499 | Musicboxv2 | SQL Injection vulnerability in Musicboxv2 Musicbox 3.3 SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-04-23 | CVE-2010-1498 | Clausvb | SQL Injection vulnerability in Clausvb DL Stats Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php. | 7.5 |
2010-04-23 | CVE-2010-1496 | Jolt Joomla | SQL Injection vulnerability in Jolt COM Joltcard 1.2.1 SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php. | 7.5 |
2010-04-23 | CVE-2010-1495 | Matamko Joomla | Path Traversal vulnerability in Matamko COM Matamko 1.01 Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. | 7.5 |
2010-04-23 | CVE-2010-1493 | Awdsolution Joomla | SQL Injection vulnerability in Awdsolution COM Awdwall SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php. | 7.5 |
2010-04-23 | CVE-2009-4810 | Samhain Labs | Improper Input Validation vulnerability in Samhain Labs Samhain The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input. | 7.5 |
2010-04-23 | CVE-2009-4808 | Graugon | Improper Authentication vulnerability in Graugon PHP Article Publisher 1.0 admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1. | 7.5 |
2010-04-23 | CVE-2009-4807 | Graugon | SQL Injection vulnerability in Graugon PHP Article Publisher 1.0 Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php. | 7.5 |
2010-04-23 | CVE-2009-4806 | Digitalinterchange | Improper Authentication vulnerability in Digitalinterchange Digital Interchange Document Library 1.0.1 admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. | 7.5 |
2010-04-23 | CVE-2009-4803 | Andreas Schwarzkopf Typo3 | SQL Injection vulnerability in Andreas Schwarzkopf Accessibility Glossary SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-04-23 | CVE-2009-4802 | Joachim Ruhs Typo3 | SQL Injection vulnerability in Joachim Ruhs Flat Manager SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-04-23 | CVE-2009-4801 | Will Kraft | Improper Authentication vulnerability in Will Kraft Ez-Blog EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts. | 7.5 |
2010-04-22 | CVE-2009-4798 | Diskos | SQL Injection vulnerability in Diskos CMS 6 Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature. | 7.5 |
2010-04-22 | CVE-2009-4797 | Jobhut Spranger | SQL Injection vulnerability in Jobhut.Spranger Jobhut 1.2 SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter. | 7.5 |
2010-04-22 | CVE-2009-4796 | Glfusion | SQL Injection vulnerability in Glfusion Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php. | 7.5 |
2010-04-22 | CVE-2009-4794 | Community CMS | SQL Injection vulnerability in Community CMS Community CMS 0.5 Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php. | 7.5 |
2010-04-22 | CVE-2009-4792 | Karl Core | SQL Injection vulnerability in Karl Core Bandsite CMS 1.1.4 SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php. | 7.5 |
2010-04-22 | CVE-2009-4791 | Ryan Haudenschilt | SQL Injection vulnerability in Ryan Haudenschilt Family Connections Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php. | 7.5 |
2010-04-21 | CVE-2009-4789 | Mojoblog Joomla | Code Injection vulnerability in Mojoblog Rc0.15 Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. | 7.5 |
2010-04-21 | CVE-2009-4785 | Joomla Bhavesh Chauhan | SQL Injection vulnerability in Bhavesh Chauhan COM Quicknews SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. | 7.5 |
2010-04-21 | CVE-2009-4784 | Joaktree Joomla | SQL Injection vulnerability in Joaktree COM Joaktree 1.0 SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. | 7.5 |
2010-04-21 | CVE-2009-4783 | Mntechsolutions | SQL Injection vulnerability in Mntechsolutions Theeta CMS 0.0/0.01 Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php. | 7.5 |
2010-04-21 | CVE-2009-4779 | Robert Garrigos | Code Injection vulnerability in Robert Garrigos Nukehall 0.2/0.2.1/0.3 Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/. | 7.5 |
2010-04-20 | CVE-2010-1317 | Realnetworks | Buffer Errors vulnerability in Realnetworks Helix DNA Server, Helix Server and Helix Server Mobile Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data. | 7.5 |
2010-04-20 | CVE-2009-4770 | Jasper | Credentials Management vulnerability in Jasper Httpdx The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | 7.5 |
2010-04-19 | CVE-2010-1480 | Rockettheme Joomla | SQL Injection vulnerability in Rockettheme COM Rokmodule 1.1 SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. | 7.5 |
2010-04-19 | CVE-2010-1479 | Rockettheme Joomla | SQL Injection vulnerability in Rockettheme COM Rokmodule 1.1 SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. | 7.5 |
2010-04-19 | CVE-2010-1477 | Martin Hess Joomla | SQL Injection vulnerability in Martin Hess COM Sermonspeaker 2.9 SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php. | 7.5 |
2010-04-19 | CVE-2010-1472 | Kazulah Joomla | Path Traversal vulnerability in Kazulah COM Horoscope 1.5.0 Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 7.5 |
2010-04-19 | CVE-2010-1471 | B Elektro Joomla | Path Traversal vulnerability in B-Elektro COM Addressbook 1.5.0 Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 7.5 |
2010-04-19 | CVE-2010-1470 | DEV Pucit EDU PK Joomla | Path Traversal vulnerability in Dev.Pucit.Edu.Pk COM Webtv 1.0 Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
2010-04-19 | CVE-2010-1468 | Focusdev Joomla | SQL Injection vulnerability in Focusdev COM MV Restaurantmenumanager SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php. | 7.5 |
45 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-04-23 | CVE-2009-4805 | Will Kraft | SQL Injection vulnerability in Will Kraft Ez-Blog Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php. | 6.8 |
2010-04-22 | CVE-2010-0991 | Enlightenment | Buffer Errors vulnerability in Enlightenment Imlib2 1.4.3 Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h. | 6.8 |
2010-04-22 | CVE-2009-4795 | Xlightftpd | SQL Injection vulnerability in Xlightftpd Xlight FTP Server Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command. | 6.8 |
2010-04-21 | CVE-2009-4787 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 1.0.0/1.0.1/1.0.2 Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | 6.8 |
2010-04-20 | CVE-2010-1153 | Typo3 | Code Injection vulnerability in Typo3 4.3.0/4.3.1/4.3.2 PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. | 6.8 |
2010-04-20 | CVE-2010-1458 | Tweakfs Microsoft | Buffer Errors vulnerability in Tweakfs ZIP Utility 1.0 Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive. | 6.8 |
2010-04-20 | CVE-2010-1151 | Apache | Race Condition vulnerability in Apache Http Server Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials. | 6.8 |
2010-04-20 | CVE-2009-4773 | Ubercart Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Ubercart Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2010-04-19 | CVE-2010-1478 | Ternaria Joomla | Path Traversal vulnerability in Ternaria COM Jfeedback 1.2 Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-04-19 | CVE-2010-1476 | Alphaplug Joomla | Path Traversal vulnerability in Alphaplug COM Alphauserpoints 1.5.5 Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-04-19 | CVE-2010-1475 | Ternaria Joomla | Path Traversal vulnerability in Ternaria COM Preventive 1.0.5 Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-04-19 | CVE-2010-1474 | Supachai Teasakul Joomla | Path Traversal vulnerability in Supachai Teasakul COM Sweetykeeper Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-04-19 | CVE-2010-1473 | Johnmccollum Joomla | Path Traversal vulnerability in Johnmccollum COM Advertising 0.25 Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-04-19 | CVE-2010-1469 | Ternaria Joomla | Path Traversal vulnerability in Ternaria COM Jprojectmanager 1.0 Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-04-22 | CVE-2009-4793 | Karl Core | Code Injection vulnerability in Karl Core Bandsite CMS 1.1.4 Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. | 6.0 |
2010-04-20 | CVE-2010-0996 | E107 | Unspecified vulnerability in E107 Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. | 6.0 |
2010-04-20 | CVE-2010-0744 | Alvaro | Improper Authentication vulnerability in Alvaro Alvaros Messenger aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate. | 5.8 |
2010-04-23 | CVE-2010-1494 | Awdsolution Joomla | Path Traversal vulnerability in Awdsolution COM Awdwall 1.5.4 Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-04-23 | CVE-2010-1492 | Palosanto | Path Traversal vulnerability in Palosanto Elastix 1.6.0 Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-04-23 | CVE-2010-1491 | MMS Pipp Joomla | Path Traversal vulnerability in Mms.Pipp COM Mmsblog 2.3.0 Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 5.0 |
2010-04-23 | CVE-2009-4809 | Sharing File | Path Traversal vulnerability in Sharing-File Easy File Sharing web Server 4.8 Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-04-22 | CVE-2009-4799 | Diskos | Permissions, Privileges, and Access Controls vulnerability in Diskos CMS 6 Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | 5.0 |
2010-04-20 | CVE-2010-1158 | Perl | Numeric Errors vulnerability in Perl Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. | 5.0 |
2010-04-20 | CVE-2009-4771 | Ubercart Drupal | Improper Input Validation vulnerability in Ubercart The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. | 5.0 |
2010-04-21 | CVE-2010-1032 | HP | Local Denial Of Service vulnerability in HP Hp-Ux B.11.11 Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors. | 4.9 |
2010-04-23 | CVE-2010-1034 | HP Linux Microsoft | Remote vulnerability in HP System Management Homepage 6.0 Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. | 4.6 |
2010-04-20 | CVE-2008-7255 | Amsn | Credentials Management vulnerability in Amsn login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. | 4.6 |
2010-04-23 | CVE-2010-1504 | Cross-Site Scripting vulnerability in Google Chrome Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI. | 4.3 | |
2010-04-23 | CVE-2010-1503 | Cross-Site Scripting vulnerability in Google Chrome Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI. | 4.3 | |
2010-04-23 | CVE-2010-1497 | Clausvb | Cross-Site Scripting vulnerability in Clausvb DL Stats 1.2 Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2010-04-23 | CVE-2009-4804 | Mario Matzulla | Cross-Site Scripting vulnerability in Mario Matzulla Calendar Base Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters." | 4.3 |
2010-04-22 | CVE-2010-1486 | Cactushop | Cross-Site Scripting vulnerability in Cactushop Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. | 4.3 |
2010-04-21 | CVE-2009-4788 | Pligg | Improper Input Validation vulnerability in Pligg CMS Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. | 4.3 |
2010-04-21 | CVE-2009-4786 | Pligg | Cross-Site Scripting vulnerability in Pligg CMS Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. | 4.3 |
2010-04-21 | CVE-2009-4782 | Mntechsolutions | Cross-Site Scripting vulnerability in Mntechsolutions Theeta CMS 0.0/0.01 Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum.php; and (6) start parameter to blog/index.php. | 4.3 |
2010-04-21 | CVE-2009-4780 | Phpmyfaq | Cross-Site Scripting vulnerability in PHPmyfaq Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. | 4.3 |
2010-04-21 | CVE-2009-4777 | Hitachi Microsoft HP SUN | Products GIF File Parsing Denial of Service vulnerability in Hitachi Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file." | 4.3 |
2010-04-21 | CVE-2009-4775 | Ipswitch | USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP 12.0/12.0.1 Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | 4.3 |
2010-04-20 | CVE-2010-1489 | Microsoft | Cross-site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. | 4.3 |
2010-04-20 | CVE-2010-1164 | Atlassian | Cross-Site Scripting vulnerability in Atlassian Jira Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010. | 4.3 |
2010-04-20 | CVE-2009-4772 | Ubercart Drupal | Information Disclosure vulnerability in Ubercart Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. | 4.3 |
2010-04-20 | CVE-2009-4767 | Plohni | Cross-Site Scripting vulnerability in Plohni Shoutbox 1.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. | 4.3 |
2010-04-22 | CVE-2010-1320 | MIT | Resource Management Errors vulnerability in MIT Kerberos 5 Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. | 4.0 |
2010-04-22 | CVE-2009-4800 | Sysax | Path Traversal vulnerability in Sysax Multi Server 4.3/4.5 Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command. | 4.0 |
2010-04-21 | CVE-2009-4774 | SUN | Local Denial Of Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-04-20 | CVE-2010-0997 | E107 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. | 3.5 |
2010-04-20 | CVE-2010-1487 | IBM | Credentials Management vulnerability in IBM Lotus Notes 7.0/8.0/8.5 IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. | 2.1 |