Weekly Vulnerabilities Reports > May 3 to 9, 2010
Overview
121 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 172 products from 90 vendors including Joomla, Microsoft, PHP, Toutvirtual, and Google. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Improper Input Validation".
- 114 reported vulnerabilities are remotely exploitables.
- 51 reported vulnerabilities have public exploit available.
- 67 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 116 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-05-07 | CVE-2010-1549 | HP Microsoft | Unspecified vulnerability in HP Loadrunner and Performance Center Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2010-05-03 | CVE-2010-1663 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 10.0 | |
2010-05-07 | CVE-2010-1866 | PHP Opensuse Suse | Integer Overflow or Wraparound vulnerability in multiple products The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. | 9.8 |
2010-05-07 | CVE-2009-4850 | Awingsoft | Buffer Errors vulnerability in Awingsoft Awakening Winds3D Viewer Plugin 3.5.0.9 The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file. | 9.3 |
2010-05-06 | CVE-2010-1728 | Opera Apple Microsoft | Resource Management Errors vulnerability in Opera Browser Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. | 9.3 |
2010-05-06 | CVE-2010-0995 | Tonec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tonec Internet Download Manager Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server. | 9.3 |
2010-05-06 | CVE-2009-4841 | Roxio | Buffer Errors vulnerability in Roxio Cineplayer 3.2 Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. | 9.3 |
2010-05-06 | CVE-2009-4840 | Roxio | Buffer Errors vulnerability in Roxio Cineplayer 3.2 Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method. | 9.3 |
2010-05-05 | CVE-2010-1686 | Abcbackup Internet Soft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. | 9.3 |
2010-05-05 | CVE-2010-1279 | Adobe | Code Injection vulnerability in Adobe Photoshop CS4 11.0 Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | 9.3 |
38 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-05-04 | CVE-2010-0101 | Lexmark | Improper Input Validation vulnerability in Lexmark products The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. | 7.8 |
2010-05-06 | CVE-2010-1681 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Visio 2002/2003/2007 Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. | 7.6 |
2010-05-07 | CVE-2010-1868 | PHP | Code Injection vulnerability in PHP The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | 7.5 |
2010-05-07 | CVE-2010-1867 | Campware ORG | SQL Injection vulnerability in Campware.Org Campsite SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | 7.5 |
2010-05-07 | CVE-2010-1865 | Csphere | SQL Injection vulnerability in Csphere Clansphere Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php). | 7.5 |
2010-05-07 | CVE-2010-1863 | Clantiger | SQL Injection vulnerability in Clantiger SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter. | 7.5 |
2010-05-07 | CVE-2009-4854 | Scripts Oldguy | Improper Input Validation vulnerability in Scripts.Oldguy Talkback 2.3.14 addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter. | 7.5 |
2010-05-07 | CVE-2010-1855 | Phpscripte24 | SQL Injection vulnerability in PHPscripte24 PAY PER Watch & BID Auktions System SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. | 7.5 |
2010-05-07 | CVE-2009-4843 | Toutvirtual | Improper Authentication vulnerability in Toutvirtual Virtualiq 3.5 ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console. | 7.5 |
2010-05-06 | CVE-2010-1744 | Alibabaclone | SQL Injection vulnerability in Alibabaclone B2B Gold Script SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-05-06 | CVE-2010-1743 | Satyadeep | SQL Injection vulnerability in Satyadeep Scratcher SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-05-06 | CVE-2010-1741 | Billwerx | SQL Injection vulnerability in Billwerx RC 5.2.2 SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter. | 7.5 |
2010-05-06 | CVE-2010-1740 | Freeguppy | SQL Injection vulnerability in Freeguppy Guppy 4.5.18 SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter. | 7.5 |
2010-05-06 | CVE-2010-1739 | Joomla | SQL Injection vulnerability in Joomla COM Newsfeeds SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php. | 7.5 |
2010-05-06 | CVE-2010-1727 | Aspsiteware | SQL Injection vulnerability in Aspsiteware Jobpost 1.0 SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. | 7.5 |
2010-05-06 | CVE-2010-1726 | Alibabaclone | SQL Injection vulnerability in Alibabaclone Ec21 Clone 3.0 SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-05-06 | CVE-2010-1725 | Alibabaclone | SQL Injection vulnerability in Alibabaclone Alibaba Clone Platinum SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-05-06 | CVE-2010-1583 | Taskfreak Tirzen | SQL Injection vulnerability in multiple products SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action. | 7.5 |
2010-05-06 | CVE-2009-4838 | Secureideas | SQL Injection vulnerability in Secureideas Basic Analysis and Security Engine SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
2010-05-06 | CVE-2009-4836 | Moviephp | Code Injection vulnerability in Moviephp Movie PHP Script 2.0 Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter. | 7.5 |
2010-05-04 | CVE-2010-1721 | Thethinkery Joomla | SQL Injection vulnerability in Thethinkery COM Iproperty 1.5.3 SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php. | 7.5 |
2010-05-04 | CVE-2010-1720 | Qproje Joomla | SQL Injection vulnerability in Qproje COM Qpersonel SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php. | 7.5 |
2010-05-04 | CVE-2010-1716 | Joomlanetprojects Joomla | SQL Injection vulnerability in Joomlanetprojects COM Agenda 1.0.1 SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
2010-05-04 | CVE-2010-1713 | Postnuke | SQL Injection vulnerability in Postnuke 0.764 SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action. | 7.5 |
2010-05-04 | CVE-2010-1708 | Freerealty Rwcinc | SQL Injection vulnerability in Freerealty.Rwcinc Free Realty Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter). | 7.5 |
2010-05-04 | CVE-2010-1706 | 2Daybiz | SQL Injection vulnerability in 2Daybiz Auction Script Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. | 7.5 |
2010-05-04 | CVE-2010-1705 | Rocky NU | SQL Injection vulnerability in Rocky.Nu Modelbook SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter. | 7.5 |
2010-05-04 | CVE-2010-1704 | 2Daybiz | SQL Injection vulnerability in 2Daybiz Polls Script Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. | 7.5 |
2010-05-04 | CVE-2010-1702 | Whmcs | SQL Injection vulnerability in Whmcs 4.2 SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. | 7.5 |
2010-05-04 | CVE-2010-1701 | Rocky NU | SQL Injection vulnerability in Rocky.Nu PHP Video Battle Script SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2010-05-04 | CVE-2010-1431 | Cacti | SQL Injection vulnerability in Cacti SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. | 7.5 |
2010-05-03 | CVE-2010-1665 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. | 7.5 | |
2010-05-03 | CVE-2010-1661 | Jcink | SQL Injection vulnerability in Jcink PHP-Quick-Arcade 3.0.21 Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php. | 7.5 |
2010-05-03 | CVE-2010-1660 | Clscript | SQL Injection vulnerability in Clscript Classifieds Script SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter. | 7.5 |
2010-05-03 | CVE-2010-1656 | Airiny | SQL Injection vulnerability in Airiny COM ABC 1.1.7 SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php. | 7.5 |
2010-05-03 | CVE-2010-1654 | Instantrankingseo | SQL Injection vulnerability in Instantrankingseo Infocus Real Estate Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. | 7.5 |
2010-05-03 | CVE-2010-1653 | Htmlcoderhelper Joomla | Path Traversal vulnerability in Htmlcoderhelper COM Graphics 1.0.6/1.5.0 Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2010-05-07 | CVE-2010-1437 | Linux Opensuse Suse Debian | Use After Free vulnerability in multiple products Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. | 7.0 |
69 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-05-07 | CVE-2010-1859 | Deluxebb | SQL Injection vulnerability in Deluxebb SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread. | 6.8 |
2010-05-07 | CVE-2010-1857 | Realitymedias | SQL Injection vulnerability in Realitymedias Repairshop2 1.9.023 SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. | 6.8 |
2010-05-07 | CVE-2010-1853 | Transmissionbt | Buffer Errors vulnerability in Transmissionbt Transmission 1.91 Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. | 6.8 |
2010-05-07 | CVE-2009-4849 | Toutvirtual | Cross-Site Request Forgery (CSRF) vulnerability in Toutvirtual Virtualiq 3.2/3.5 Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity. | 6.8 |
2010-05-07 | CVE-2009-4846 | Deliantra | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Deliantra Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation. | 6.8 |
2010-05-07 | CVE-2010-0827 | TUG | Numeric Errors vulnerability in TUG Tetex and TEX Live Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. | 6.8 |
2010-05-06 | CVE-2010-1737 | Carlos Eduardo Sotelo Pinto | Code Injection vulnerability in Carlos Eduardo Sotelo Pinto 0.1.0 PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter. | 6.8 |
2010-05-06 | CVE-2010-1733 | Ocsinventory NG | SQL Injection vulnerability in Ocsinventory-Ng OCS Inventory NG 1.0/1.01/1.02 Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. | 6.8 |
2010-05-06 | CVE-2010-1732 | Zikula | Cross-Site Request Forgery (CSRF) vulnerability in Zikula Application Framework Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | 6.8 |
2010-05-04 | CVE-2010-1723 | Joomlacomponent Inetlanka Joomla | Path Traversal vulnerability in Joomlacomponent.Inetlanka COM Drawroot 1.1 Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-05-04 | CVE-2010-1722 | DEV Pucit EDU PK Joomla | Path Traversal vulnerability in Dev.Pucit.Edu.Pk COM Market 2.0 Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-05-04 | CVE-2010-1719 | Moto Treks Joomla | Path Traversal vulnerability in Moto-Treks COM Mtfireeagle 1.2 Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
2010-05-04 | CVE-2010-1718 | Lispeltuut Joomla | Path Traversal vulnerability in Lispeltuut COM Archeryscores 1.0.6 Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2010-05-04 | CVE-2010-1715 | Pucit EDU Joomla | Path Traversal vulnerability in Pucit.Edu COM Onlineexam 1.5.0 Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 6.8 |
2010-05-04 | CVE-2010-1710 | Ramoncastro | Path Traversal vulnerability in Ramoncastro Siestta 2.0 Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2010-05-04 | CVE-2009-4834 | Xpressengine | Code Injection vulnerability in Xpressengine Zeroboard 4.1 lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php. | 6.8 |
2010-05-05 | CVE-2010-0402 | Openttd | Code Injection vulnerability in Openttd OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command. | 6.5 |
2010-05-05 | CVE-2010-0401 | Openttd | Permissions, Privileges, and Access Controls vulnerability in Openttd OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | 6.5 |
2010-05-07 | CVE-2010-1861 | PHP | Resource Management Errors vulnerability in PHP The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. | 6.4 |
2010-05-07 | CVE-2010-1690 | Microsoft | Improper Input Validation vulnerability in Microsoft products The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | 6.4 |
2010-05-07 | CVE-2010-1689 | Microsoft | Cryptographic Issues vulnerability in Microsoft products The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | 6.4 |
2010-05-07 | CVE-2010-1864 | PHP | Information Exposure vulnerability in PHP The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | 5.0 |
2010-05-07 | CVE-2010-1862 | PHP | Information Exposure vulnerability in PHP The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | 5.0 |
2010-05-07 | CVE-2010-1860 | PHP | Information Exposure vulnerability in PHP The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. | 5.0 |
2010-05-07 | CVE-2010-1858 | Gelembjuk Joomla | Path Traversal vulnerability in Gelembjuk COM Smestorage Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | 5.0 |
2010-05-07 | CVE-2009-4851 | Xoops | Permissions, Privileges, and Access Controls vulnerability in Xoops The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. | 5.0 |
2010-05-07 | CVE-2009-4845 | Toutvirtual | Cryptographic Issues vulnerability in Toutvirtual Virtualiq 3.2 The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields. | 5.0 |
2010-05-07 | CVE-2009-4844 | Toutvirtual | Information Exposure vulnerability in Toutvirtual Virtualiq 3.2Build7882 ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request. | 5.0 |
2010-05-06 | CVE-2010-1736 | Aspindir | Permissions, Privileges, and Access Controls vulnerability in Aspindir KRM Haber 1.0 KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | 5.0 |
2010-05-06 | CVE-2010-1730 | Dolphin HTC | Buffer Errors vulnerability in Dolphin Browser 2.5.0 Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 5.0 |
2010-05-04 | CVE-2010-1714 | DEV Pucit EDU PK Joomla | Path Traversal vulnerability in Dev.Pucit.Edu.Pk COM Arcadegames 1.0 Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-05-04 | CVE-2010-1687 | Mochasoft | Buffer Errors vulnerability in Mochasoft Mocha W32 LPD 1.9 Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. | 5.0 |
2010-05-03 | CVE-2010-1664 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. | 5.0 | |
2010-05-03 | CVE-2010-1659 | Webkul Joomla | Path Traversal vulnerability in Webkul COM Ultimateportfolio 1.0 Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-05-03 | CVE-2010-1658 | Code Garage | Path Traversal vulnerability in Code-Garage COM Noticeboard 1.3 Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 5.0 |
2010-05-03 | CVE-2010-1657 | Recly | Path Traversal vulnerability in Recly COM Smartsite 1.0.0 Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-05-03 | CVE-2010-1652 | Helpcenterlive | Path Traversal vulnerability in Helpcenterlive HCL 2.0.6/2.1.7 Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 5.0 |
2010-05-06 | CVE-2010-1735 | Microsoft | Improper Input Validation vulnerability in Microsoft products The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. | 4.9 |
2010-05-06 | CVE-2010-1734 | Microsoft | Improper Input Validation vulnerability in Microsoft products The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. | 4.9 |
2010-05-06 | CVE-2010-1438 | Mytty | Unspecified vulnerability in Mytty Webapplication Finger Printer 0.0126C3 Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. | 4.4 |
2010-05-07 | CVE-2010-1854 | Phpscripte24 | Cross-Site Scripting vulnerability in PHPscripte24 PAY PER Watch & BID Auktions System Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. | 4.3 |
2010-05-07 | CVE-2009-4853 | Jumpbox Foswiki | Cross-Site Scripting vulnerability in Jumpbox 1.1.0 Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-05-07 | CVE-2009-4852 | Festic | Cross-Site Scripting vulnerability in Festic Semanticscuttle Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. | 4.3 |
2010-05-07 | CVE-2009-4848 | Toutvirtual | Cross-Site Scripting vulnerability in Toutvirtual Virtualiq 3.2/3.5 Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do. | 4.3 |
2010-05-07 | CVE-2010-1852 | Microsoft | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. | 4.3 |
2010-05-07 | CVE-2010-1851 | Information Exposure vulnerability in Google Chrome Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. | 4.3 | |
2010-05-07 | CVE-2010-1453 | Matomo Piwik | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. | 4.3 |
2010-05-07 | CVE-2010-1167 | Fetchmail | Improper Input Validation vulnerability in Fetchmail fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list. | 4.3 |
2010-05-07 | CVE-2010-1143 | Vmware | Cross-Site Scripting vulnerability in VMWare View Manager 3.1.1/3.1.2/3.1.3 Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-05-07 | CVE-2010-0829 | JAN AKE Larsson TUG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file. | 4.3 |
2010-05-07 | CVE-2009-4842 | Toutvirtual | Cross-Site Scripting vulnerability in Toutvirtual Virtualiq 3.5 Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the (4) firstName, (5) lastName, or (6) email parameter in a save action to tvserver/user/user.do. | 4.3 |
2010-05-06 | CVE-2010-1746 | Toolsjx Joomla | Cross-Site Scripting vulnerability in Toolsjx COM Grid Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php. | 4.3 |
2010-05-06 | CVE-2010-1742 | Satyadeep | Cross-Site Scripting vulnerability in Satyadeep Scratcher Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter. | 4.3 |
2010-05-06 | CVE-2010-1731 | Unspecified vulnerability in Google Chrome Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 4.3 | |
2010-05-06 | CVE-2010-1729 | Apple Microsoft | Resource Management Errors vulnerability in Apple Safari and Webkit WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 4.3 |
2010-05-06 | CVE-2010-1724 | Zikula | Cross-Site Scripting vulnerability in Zikula Application Framework 1.2.2 Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php. | 4.3 |
2010-05-06 | CVE-2009-4839 | Secureideas | Cross-Site Scripting vulnerability in Secureideas Basic Analysis and Security Engine Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php. | 4.3 |
2010-05-06 | CVE-2009-4837 | Secureideas | Cross-Site Scripting vulnerability in Secureideas Basic Analysis and Security Engine Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. | 4.3 |
2010-05-06 | CVE-2009-4835 | Mega Nerd | Numeric Errors vulnerability in Mega-Nerd Libsndfile 1.0.20 The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. | 4.3 |
2010-05-04 | CVE-2010-1712 | Webmobo | Cross-Site Scripting vulnerability in Webmobo Wbnews 2.3.3 Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. | 4.3 |
2010-05-04 | CVE-2010-1711 | Ramoncastro | Cross-Site Scripting vulnerability in Ramoncastro Siestta 2.0 Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter. | 4.3 |
2010-05-04 | CVE-2010-1709 | G5 Scripts | Cross-Site Scripting vulnerability in G5-Scripts Auto-Img-Gallery 1.1 Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters. | 4.3 |
2010-05-04 | CVE-2010-1707 | Piwigo | Cross-Site Scripting vulnerability in Piwigo Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. | 4.3 |
2010-05-04 | CVE-2010-1703 | 2Daybiz | Cross-Site Scripting vulnerability in 2Daybiz Polls Script Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field. | 4.3 |
2010-05-04 | CVE-2010-0594 | Cisco | Cross-Site Scripting vulnerability in Cisco Router and Security Device Manager 2.5 Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. | 4.3 |
2010-05-03 | CVE-2010-1662 | Jcink | Cross-Site Scripting vulnerability in Jcink PHP-Quick-Arcade 3.0.21 Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter. | 4.3 |
2010-05-03 | CVE-2010-1655 | Powereasy | Cross-Site Scripting vulnerability in Powereasy Siteweaver 2006/6.8 Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in PowerEasy 2006 and PowerEasy SiteWeaver 6.8 allows remote attackers to inject arbitrary web script or HTML via the ComeUrl parameter. | 4.3 |
2010-05-07 | CVE-2009-4847 | Deliantra | Improper Input Validation vulnerability in Deliantra Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list. | 4.0 |
2010-05-05 | CVE-2010-0406 | Openttd | Resource Management Errors vulnerability in Openttd OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-05-07 | CVE-2010-1856 | Realitymedias | Cross-Site Scripting vulnerability in Realitymedias Repairshop2 1.9.023 Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. | 2.6 |
2010-05-07 | CVE-2010-1451 | Linux Debian | Out-Of-Bounds Write vulnerability in multiple products The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. | 2.1 |
2010-05-03 | CVE-2010-1651 | IBM | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. | 1.9 |
2010-05-03 | CVE-2010-1650 | IBM | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. | 1.9 |