Weekly Vulnerabilities Reports > April 26 to May 2, 2010

Overview

87 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 70 vendors including Joomla, Moodle, Drupal, IBM, and HP. Vulnerabilities are notably categorized as "Cross-site Scripting", "Path Traversal", "SQL Injection", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".

  • 83 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 48 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 76 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-29 CVE-2010-1608 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Notes 8.5/8.5.1/8.5.1.1

Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0.

10.0
2010-04-29 CVE-2010-1597 Zipgenius Buffer Errors vulnerability in Zipgenius 6.3.1.2552

Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing an entry with a long filename.

9.3
2010-04-28 CVE-2010-1585 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-29 CVE-2010-1615 Moodle SQL Injection vulnerability in Moodle

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

7.5
2010-04-29 CVE-2010-1605 Ncrypted SQL Injection vulnerability in Ncrypted NCT Jobs Portal Script

Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) anyword and (2) cityname parameters.

7.5
2010-04-29 CVE-2010-1603 Zimbllc
Joomla
Path Traversal vulnerability in Zimbllc COM Zimbcore 0.1

Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-04-29 CVE-2010-1602 Zimbllc
Joomla
Path Traversal vulnerability in Zimbllc COM Zimbcomment 0.8.1

Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-04-29 CVE-2010-1600 Thefactory
Joomla
SQL Injection vulnerability in Thefactory COM Mediamall 1.0.4

SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.

7.5
2010-04-29 CVE-2010-1599 Nkinfoweb SQL Injection vulnerability in Nkinfoweb 2.5/5.2.2.0

SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter.

7.5
2010-04-28 CVE-2010-1595 Ocsinventory NG SQL Injection vulnerability in Ocsinventory-Ng OCS Inventory NG 1.02.1

Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.

7.5
2010-04-28 CVE-2010-1588 Vpasp SQL Injection vulnerability in Vpasp Vp-Asp Shopping Cart 5.50/6.00

SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter.

7.5
2010-04-27 CVE-2010-1559 Martin Hess
Joomla
SQL Injection vulnerability in Martin Hess COM Sermonspeaker 3.2.1

SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php.

7.5
2010-04-27 CVE-2009-4830 Openx Improper Authentication vulnerability in Openx 2.8.1/2.8.2

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.

7.5
2010-04-27 CVE-2009-4824 Kolab Unspecified vulnerability in Kolab Groupware Server Image Upload Form

Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."

7.5
2010-04-26 CVE-2010-1538 Bluestrikeweb SQL Injection vulnerability in Bluestrikeweb PHPraincheck

SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-04-26 CVE-2010-1537 Francois Bissonnette Path Traversal vulnerability in Francois Bissonnette PHPcdb

Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a ..

7.5
2010-04-26 CVE-2010-1535 Peter Hocherl
Joomla
Path Traversal vulnerability in Peter Hocherl COM Travelbook 1.0.1

Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-04-26 CVE-2010-1533 Peter Hocherl
Joomla
Path Traversal vulnerability in Peter Hocherl COM Tweetla 1.0.1

Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-04-26 CVE-2010-1531 Redcomponent
Joomla
Path Traversal vulnerability in Redcomponent COM Redshop

Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-04-26 CVE-2010-1529 Freestyle
Joomla
SQL Injection vulnerability in Freestyle Faqs Lite 1.3

SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.

7.5
2010-04-29 CVE-2009-4832 Deslock Permissions, Privileges, and Access Controls vulnerability in Deslock Deslock+ 4.0.2

The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.

7.2
2010-04-28 CVE-2010-1591 Rising Global Improper Input Validation vulnerability in Rising-Global Rising Antivirus 2008/2009/2010

Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \Device\RSNTGDI.

7.2
2010-04-29 CVE-2010-1166 X Numeric Errors vulnerability in X X.Org 7.1

The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.

7.1

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-28 CVE-2010-1592 Sisoftware Improper Input Validation vulnerability in Sisoftware Sandra

sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoftware Sandra 16.10.2010.1 and earlier allows local users to gain privileges or cause a denial of service (system crash) via unspecified vectors involving "Model-Specific Registers."

6.9
2010-04-29 CVE-2010-1613 Moodle Improper Authentication vulnerability in Moodle

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

6.8
2010-04-29 CVE-2010-1611 Alegrocart Cross-Site Request Forgery (CSRF) vulnerability in Alegrocart 1.1

Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.

6.8
2010-04-29 CVE-2010-1610 Opencart Cross-Site Request Forgery (CSRF) vulnerability in Opencart 1.4

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information.

6.8
2010-04-29 CVE-2010-1607 Paysyspro
Joomla
Path Traversal vulnerability in Paysyspro COM WMI 1.5.0

Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-04-29 CVE-2010-1604 Ncrypted SQL Injection vulnerability in Ncrypted NCT Jobs Portal Script

Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field).

6.8
2010-04-29 CVE-2010-1598 Silisoftware Improper Input Validation vulnerability in Silisoftware PHPthumb() 1.7.9

phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ImageMagick is installed, allows remote attackers to execute arbitrary commands via the fltr[] parameter, as discovered in the wild in April 2010.

6.8
2010-04-28 CVE-2010-1596 Sitracker Improper Authentication vulnerability in Sitracker Support Incident Tracker

Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

6.8
2010-04-28 CVE-2010-1037 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Systems Insight Manager

Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2010-04-27 CVE-2009-4828 Phpwebscripts Cross-Site Request Forgery (CSRF) vulnerability in PHPwebscripts AD Manager PRO 3.0

Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action.

6.8
2010-04-27 CVE-2009-4827 Scriptez Cross-Site Request Forgery (CSRF) vulnerability in Scriptez Mail Manager PRO

Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.

6.8
2010-04-27 CVE-2009-4826 Scriptsez Cross-Site Request Forgery (CSRF) vulnerability in Scriptsez Mini Hosting Panel

Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action.

6.8
2010-04-27 CVE-2009-4819 Stoverud Unspecified vulnerability in Stoverud PHPhotoalbum 0.3/0.4/0.5

Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.

6.8
2010-04-27 CVE-2009-4818 Phpsimplicity Unspecified vulnerability in PHPsimplicity Simplicity of Upload 1.3.2

Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.

6.8
2010-04-27 CVE-2009-4817 Element IT Unspecified vulnerability in Element-It Ultimate Uploader 1.3.0

Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.

6.8
2010-04-26 CVE-2010-1542 Dragonfrugal Cross-Site Request Forgery (CSRF) vulnerability in Dragonfrugal DFD Cart

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.

6.8
2010-04-26 CVE-2010-1528 Uiga Code Injection vulnerability in Uiga Proxy

PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.

6.8
2010-04-28 CVE-2010-1038 HP Remote Privilege Escalation vulnerability in HP Systems Insight Manager

Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors.

6.5
2010-04-29 CVE-2009-4833 Oracle Improper Input Validation vulnerability in Oracle Mysql Connector/Net

MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.

5.8
2010-04-29 CVE-2009-4831 Trillian Improper Input Validation vulnerability in Trillian 3.1

Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.

5.8
2010-04-29 CVE-2010-1612 IBM
Qlogic
Denial of Service vulnerability in IBM Datapower XS40 Malformed ICMP Packet

The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address.

5.0
2010-04-29 CVE-2010-1601 Joomlamart
Joomla
Path Traversal vulnerability in Joomlamart COM Jacomment

Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-28 CVE-2010-1589 Vpasp Path Traversal vulnerability in Vpasp Vp-Asp Shopping Cart 5.50/6.00

Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.

5.0
2010-04-28 CVE-2010-1587 Apache Improper Input Validation vulnerability in Apache Activemq

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

5.0
2010-04-28 CVE-2010-1429 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

5.0
2010-04-28 CVE-2010-1428 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

5.0
2010-04-28 CVE-2010-0738 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

5.0
2010-04-27 CVE-2009-4825 8Pixel Permissions, Privileges, and Access Controls vulnerability in 8Pixel Simple Blog 4.0

8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb.

5.0
2010-04-27 CVE-2009-4821 Dlink Improper Authentication vulnerability in Dlink Dir-615 3.10Na

The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.

5.0
2010-04-27 CVE-2009-4820 Aspindir Permissions, Privileges, and Access Controls vulnerability in Aspindir Angelo-Emlak 1.0

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.

5.0
2010-04-27 CVE-2009-4816 Andy Stedemos Path Traversal vulnerability in Andy Stedemos the Uploader 2.0.0

Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a ..

5.0
2010-04-27 CVE-2009-4812 Wolfram Information Exposure vulnerability in Wolfram Webmathematica 2.3/3.0

Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message.

5.0
2010-04-27 CVE-2009-4811 Vmware USE of Externally-Controlled Format String vulnerability in VMWare products

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707.

5.0
2010-04-26 CVE-2010-1544 Acme
RCA
Improper Input Validation vulnerability in multiple products

micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80.

5.0
2010-04-26 CVE-2010-1540 Myblog
Joomla
Path Traversal vulnerability in Myblog COM Myblog 3.0.329

Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-26 CVE-2010-1534 Joomla Batjo
Joomla
Path Traversal vulnerability in Joomla.Batjo COM Shoutbox 1.2/1.3

Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-04-26 CVE-2010-1532 Givesight
Joomla
Path Traversal vulnerability in Givesight COM Powermail 1.53

Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

5.0
2010-04-27 CVE-2010-0105 Apple Local Denial of Service vulnerability in Apple Mac OS X HFS Hard Links

The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

4.9
2010-04-29 CVE-2010-1619 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.

4.3
2010-04-29 CVE-2010-1618 JA SIG
Moodle
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

4.3
2010-04-29 CVE-2010-1614 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine.

4.3
2010-04-29 CVE-2010-0817 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Server and Sharepoint Services

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

4.3
2010-04-29 CVE-2010-1609 SAP Cross-Site Scripting vulnerability in SAP Netweaver 4.0/7.0

Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-04-29 CVE-2010-1606 Ncrypted Cross-Site Scripting vulnerability in Ncrypted NCT Jobs Portal Script

Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.

4.3
2010-04-28 CVE-2010-1594 Ocsinventory NG Cross-Site Scripting vulnerability in Ocsinventory-Ng OCS Inventory NG 1.02.1

Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter.

4.3
2010-04-28 CVE-2010-1593 Silverstripe Cross-Site Scripting vulnerability in Silverstripe

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).

4.3
2010-04-28 CVE-2010-1590 Vpasp Cross-Site Scripting vulnerability in Vpasp Vp-Asp Shopping Cart 5.50/6.00

Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.

4.3
2010-04-28 CVE-2010-1586 HP Improper Input Validation vulnerability in HP System Management Homepage

Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.

4.3
2010-04-28 CVE-2010-1036 HP Cross-Site Scripting vulnerability in HP Systems Insight Manager

Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-04-27 CVE-2009-4823 Cpanel Cross-Site Scripting vulnerability in Cpanel

Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.

4.3
2010-04-27 CVE-2009-4822 Kasseler CMS Cross-Site Scripting vulnerability in Kasseler-Cms Kasseler CMS 1.3.4

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.

4.3
2010-04-27 CVE-2009-4814 Wolfram Cross-Site Scripting vulnerability in Wolfram Webmathematica 2.3/3.0

Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script.

4.3
2010-04-27 CVE-2009-4813 Mybboard Cross-Site Scripting vulnerability in Mybboard Mybb 1.4.10

Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.

4.3
2010-04-26 CVE-2010-1543 Etracker
Drupal
Cross-Site Scripting vulnerability in Etracker 6.X1.0/6.X1.Xdev

Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site.

4.3
2010-04-26 CVE-2010-1541 Dragonfrugal Cross-Site Scripting vulnerability in Dragonfrugal DFD Cart

Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php.

4.3
2010-04-29 CVE-2010-1617 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

4.0
2010-04-29 CVE-2010-1616 Moodle Unspecified vulnerability in Moodle

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

4.0
2010-04-27 CVE-2010-1560 IBM Buffer Errors vulnerability in IBM DB2 8.2/9.1

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors.

4.0
2010-04-27 CVE-2010-0772 IBM Unspecified vulnerability in IBM Websphere MQ 7.0.0/7.0.1/7.0.1.1

Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data."

4.0
2010-04-27 CVE-2009-4815 Solarwinds Path Traversal vulnerability in Solarwinds Serv-U File Server

Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-27 CVE-2009-4829 James Glasgow
John Vandervort
Drupal
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.

2.1
2010-04-26 CVE-2010-1539 John Vandyk
Drupal
Cross-Site Scripting vulnerability in John Vandyk Workflow

Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.

2.1
2010-04-26 CVE-2010-1536 Mearra
Drupal
Cross-Site Scripting vulnerability in Mearra Addthis

Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.

2.1
2010-04-26 CVE-2010-1530 Reyero
Drupal
Cross-Site Scripting vulnerability in Reyero I18N

Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.

2.1