Weekly Vulnerabilities Reports > May 10 to 16, 2010
Overview
104 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 44 vendors including Adobe, Cisco, HP, Consona, and Openmairie. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Improper Input Validation", and "Out-of-bounds Write".
- 99 reported vulnerabilities are remotely exploitables.
- 24 reported vulnerabilities have public exploit available.
- 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 103 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 21 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
26 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-05-13 | CVE-2010-1555 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter. | 10.0 |
| 2010-05-13 | CVE-2010-1554 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter. | 10.0 |
| 2010-05-13 | CVE-2010-1553 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter. | 10.0 |
| 2010-05-13 | CVE-2010-1552 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters. | 10.0 |
| 2010-05-13 | CVE-2010-1551 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter. | 10.0 |
| 2010-05-13 | CVE-2010-1550 | HP | USE of Externally-Controlled Format String vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter. | 10.0 |
| 2010-05-14 | CVE-2009-3678 | Microsoft | Numeric Errors vulnerability in Microsoft Windows 7 and Windows Server 2008 Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." | 9.3 |
| 2010-05-13 | CVE-2010-1291 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290. | 9.3 |
| 2010-05-13 | CVE-2010-1290 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291. | 9.3 |
| 2010-05-13 | CVE-2010-1289 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. | 9.3 |
| 2010-05-13 | CVE-2010-1288 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2010-05-13 | CVE-2010-1287 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | 9.3 |
| 2010-05-13 | CVE-2010-1286 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | 9.3 |
| 2010-05-13 | CVE-2010-1284 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | 9.3 |
| 2010-05-13 | CVE-2010-1292 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | 9.3 |
| 2010-05-13 | CVE-2010-1283 | Adobe | Out-of-bounds Write vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. | 9.3 |
| 2010-05-13 | CVE-2010-1280 | Adobe | Out-of-bounds Write vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. | 9.3 |
| 2010-05-13 | CVE-2010-0129 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Shockwave Player Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. | 9.3 |
| 2010-05-13 | CVE-2010-0128 | Adobe | Out-of-bounds Write vulnerability in Adobe Director and Shockwave Player Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. | 9.3 |
| 2010-05-12 | CVE-2010-1913 | Consona | Configuration vulnerability in Consona products The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server. | 9.3 |
| 2010-05-12 | CVE-2010-1912 | Consona | Permissions, Privileges, and Access Controls vulnerability in Consona products The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks." | 9.3 |
| 2010-05-12 | CVE-2010-1911 | Consona | Cryptographic Issues vulnerability in Consona products The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack. | 9.3 |
| 2010-05-12 | CVE-2010-1908 | Consona | Permissions, Privileges, and Access Controls vulnerability in Consona products The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile. | 9.3 |
| 2010-05-12 | CVE-2010-1869 | Artifex | Buffer Errors vulnerability in Artifex GPL Ghostscript 8.64/8.70 Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. | 9.3 |
| 2010-05-12 | CVE-2010-0815 | Microsoft | Code Injection vulnerability in Microsoft products VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." | 9.3 |
| 2010-05-11 | CVE-2009-4863 | Ultraplayer | Buffer Errors vulnerability in Ultraplayer Media Player 2.112 Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file. | 9.3 |
34 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-05-13 | CVE-2010-1281 | Adobe | Out-of-bounds Write vulnerability in Adobe Shockwave Player iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | 8.8 |
| 2010-05-13 | CVE-2010-0987 | Adobe | Out-of-bounds Write vulnerability in Adobe Shockwave Player Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. | 8.8 |
| 2010-05-13 | CVE-2010-0986 | Adobe | Out-of-bounds Write vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. | 8.8 |
| 2010-05-13 | CVE-2010-0130 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Shockwave Player Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. | 8.8 |
| 2010-05-13 | CVE-2010-0127 | Adobe | Out-of-bounds Write vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. | 8.8 |
| 2010-05-14 | CVE-2010-1567 | Cisco | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.6(1)/9.7(3) The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590. | 7.8 |
| 2010-05-14 | CVE-2010-1565 | Cisco | Resource Management Errors vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561. | 7.8 |
| 2010-05-14 | CVE-2010-1563 | Cisco | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588. | 7.8 |
| 2010-05-14 | CVE-2010-1562 | Cisco | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521. | 7.8 |
| 2010-05-14 | CVE-2010-1561 | Cisco | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115. | 7.8 |
| 2010-05-14 | CVE-2010-0604 | Cisco | Denial of Service vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165. | 7.8 |
| 2010-05-14 | CVE-2010-0603 | Cisco | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030. | 7.8 |
| 2010-05-14 | CVE-2010-0602 | Cisco | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606. | 7.8 |
| 2010-05-14 | CVE-2010-0601 | Cisco | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126. | 7.8 |
| 2010-05-13 | CVE-2010-1939 | Apple Microsoft | Resource Management Errors vulnerability in Apple Safari 4.0.5 Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | 7.6 |
| 2010-05-12 | CVE-2010-1909 | Consona | Buffer Errors vulnerability in Consona products Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information. | 7.6 |
| 2010-05-12 | CVE-2010-1925 | Rifat Kurban | SQL Injection vulnerability in Rifat Kurban Tekno.Portal 0.1B SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. | 7.5 |
| 2010-05-12 | CVE-2010-1924 | Phpscripte24 | SQL Injection vulnerability in PHPscripte24 Live Shopping Multi Portal System SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter. | 7.5 |
| 2010-05-12 | CVE-2010-1923 | Phpscripte24 | SQL Injection vulnerability in PHPscripte24 web Social Network Freunde Community 2.0 SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action. | 7.5 |
| 2010-05-12 | CVE-2010-1922 | 29O3 CMS | Code Injection vulnerability in 29O3 CMS 29O3 CMS 0.1 Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/. | 7.5 |
| 2010-05-12 | CVE-2010-1918 | Efrontlearning | SQL Injection vulnerability in Efrontlearning Efront SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. | 7.5 |
| 2010-05-12 | CVE-2010-1916 | Xinha S9Y | Permissions, Privileges, and Access Controls vulnerability in multiple products The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. | 7.5 |
| 2010-05-12 | CVE-2010-1878 | Blueflyingfish NO IP Joomla | Path Traversal vulnerability in Blueflyingfish.No-Ip COM Orgchart 1.0.0 Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2010-05-12 | CVE-2010-1877 | Jtmreseller Joomla | SQL Injection vulnerability in Jtmreseller COM JTM 1.9 SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php. | 7.5 |
| 2010-05-12 | CVE-2010-1876 | Ajsquare | SQL Injection vulnerability in Ajsquare AJ Shopping Cart 1.0 SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | 7.5 |
| 2010-05-12 | CVE-2010-1875 | COM Property Joomla | Path Traversal vulnerability in Com-Property COM Properties 3.1.2203 Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
| 2010-05-12 | CVE-2010-1874 | COM Property Joomla | SQL Injection vulnerability in Com-Property COM Properties 3.1.2203 SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. | 7.5 |
| 2010-05-11 | CVE-2009-4872 | Logoshows | SQL Injection vulnerability in Logoshows BBS 2.0 Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
| 2010-05-11 | CVE-2009-4871 | Logoshows | SQL Injection vulnerability in Logoshows BBS 2.0 SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
| 2010-05-11 | CVE-2009-4870 | Phpcityportal | SQL Injection vulnerability in PHPcityportal Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. | 7.5 |
| 2010-05-11 | CVE-2009-4862 | Abushhab | SQL Injection vulnerability in Abushhab Alwasel 1.5 Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php. | 7.5 |
| 2010-05-11 | CVE-2009-4860 | Demarque | SQL Injection vulnerability in Demarque Typing PAL 1.0 SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. | 7.5 |
| 2010-05-12 | CVE-2010-1906 | Consona Microsoft | Cryptographic Issues vulnerability in Consona products tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service. | 7.2 |
| 2010-05-12 | CVE-2010-1620 | Gnustep | Numeric Errors vulnerability in Gnustep Base Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow. | 7.2 |
41 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-05-12 | CVE-2010-1936 | Openmairie | Path Traversal vulnerability in Openmairie Opencominterne 1.01 Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 6.8 |
| 2010-05-12 | CVE-2010-1935 | Openmairie | Path Traversal vulnerability in Openmairie Openpresse 1.01 Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 6.8 |
| 2010-05-12 | CVE-2010-1934 | Openmairie | Code Injection vulnerability in Openmairie Openplanning 1.00 Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/. | 6.8 |
| 2010-05-12 | CVE-2010-1928 | Openmairie | Path Traversal vulnerability in Openmairie Openplanning 1.00 Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 6.8 |
| 2010-05-12 | CVE-2010-1927 | Openmairie | Code Injection vulnerability in Openmairie Opencourrier 2.02/2.03 Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. | 6.8 |
| 2010-05-12 | CVE-2010-1926 | Openmairie | Path Traversal vulnerability in Openmairie Opencourrier 2.02/2.03 Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 6.8 |
| 2010-05-12 | CVE-2010-1921 | Openmairie | Code Injection vulnerability in Openmairie Openannuaire 2.00 Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/. | 6.8 |
| 2010-05-12 | CVE-2010-1920 | Openmairie | Path Traversal vulnerability in Openmairie Openannuaire 2.00 Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | 6.8 |
| 2010-05-11 | CVE-2009-4865 | I Escorts | SQL Injection vulnerability in I-Escorts products Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. | 6.8 |
| 2010-05-14 | CVE-2010-1556 | HP Linux Microsoft | Unauthorized Access vulnerability in HP Systems Insight Manager 5.3/6.0 Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors. | 6.4 |
| 2010-05-12 | CVE-2010-1910 | Consona | Improper Authentication vulnerability in Consona products The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields. | 5.1 |
| 2010-05-14 | CVE-2010-1568 | Cisco | Cryptographic Issues vulnerability in Cisco Ironport Desktop Flag Plugin for Outlook 6.2.4.3 The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623. | 5.0 |
| 2010-05-14 | CVE-2010-1621 | Mysql | Permissions, Privileges, and Access Controls vulnerability in Mysql The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. | 5.0 |
| 2010-05-14 | CVE-2010-1510 | Irfanview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. | 5.0 |
| 2010-05-14 | CVE-2010-1509 | Irfanview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error." | 5.0 |
| 2010-05-12 | CVE-2010-1917 | PHP | Resource Management Errors vulnerability in PHP Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. | 5.0 |
| 2010-05-12 | CVE-2010-1915 | PHP | Information Exposure vulnerability in PHP The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. | 5.0 |
| 2010-05-12 | CVE-2010-1914 | PHP | Information Exposure vulnerability in PHP The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | 5.0 |
| 2010-05-12 | CVE-2010-1457 | Gnustep | Information Exposure vulnerability in Gnustep Base Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. | 4.9 |
| 2010-05-14 | CVE-2010-1558 | HP Microsoft | Local Unauthorized Access vulnerability in HP MFP Digital Sending Software Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors. | 4.7 |
| 2010-05-14 | CVE-2010-1940 | Apple Microsoft | Credentials Management vulnerability in Apple Safari 4.0.5 Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. | 4.3 |
| 2010-05-14 | CVE-2010-1557 | HP | Cross-Site Scripting vulnerability in HP Insight Control Server Migration FOR Windows Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-05-14 | CVE-2010-0475 | Palo Alto Networks | Cross-Site Scripting vulnerability in Palo Alto Networks Firewall Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. | 4.3 |
| 2010-05-13 | CVE-2010-1293 | Adobe | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-05-13 | CVE-2010-1282 | Adobe | Infinite Loop vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | 4.3 |
| 2010-05-13 | CVE-2009-3467 | Adobe | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2010-05-12 | CVE-2010-1482 | Cmsmadesimple | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter. | 4.3 |
| 2010-05-12 | CVE-2010-1907 | Consona | Information Exposure vulnerability in Consona products The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method. | 4.3 |
| 2010-05-12 | CVE-2010-1905 | Consona | Cross-Site Scripting vulnerability in Consona products Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp. | 4.3 |
| 2010-05-12 | CVE-2010-1872 | Tufat | Cross-Site Scripting vulnerability in Tufat Flashcard 2.6.5/3.0.1 Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2010-05-12 | CVE-2010-1455 | Ethereal Group Wireshark | Improper Input Validation vulnerability in multiple products The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. | 4.3 |
| 2010-05-11 | CVE-2009-4869 | Hitronsoft | Cross-Site Scripting vulnerability in Hitronsoft Nasim Guest Book 1.2 Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
| 2010-05-11 | CVE-2009-4868 | Hitronsoft | Cross-Site Scripting vulnerability in Hitronsoft Answer ME 1.0 Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). | 4.3 |
| 2010-05-11 | CVE-2009-4867 | Tony Million | Buffer Errors vulnerability in Tony Million Tuniac 090517C Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file. | 4.3 |
| 2010-05-11 | CVE-2009-4866 | Matt Wright | Cross-Site Scripting vulnerability in Matt Wright Simple Search 1.0 Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. | 4.3 |
| 2010-05-11 | CVE-2009-4864 | I Escorts | Cross-Site Scripting vulnerability in I-Escorts products Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. | 4.3 |
| 2010-05-11 | CVE-2009-4861 | Supportpro | Cross-Site Scripting vulnerability in Supportpro Supportdesk 3.0 Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2010-05-11 | CVE-2009-4859 | Onlinetechtools COM | Cross-Site Scripting vulnerability in Onlinetechtools.Com Owos Lite 3.10 Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. | 4.3 |
| 2010-05-11 | CVE-2009-4858 | Turnkeyforms | Cross-Site Scripting vulnerability in Turnkeyforms Yahoo-Answers-Clone Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | 4.3 |
| 2010-05-11 | CVE-2009-4857 | Ecomstudio | Cross-Site Scripting vulnerability in Ecomstudio PHP Photo Vote1.3F Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
| 2010-05-11 | CVE-2009-4856 | Ecomstudio | Cross-Site Scripting vulnerability in Ecomstudio PHP Easy Shopping Cart 3.1R Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-05-12 | CVE-2010-1481 | Pmwiki | Cross-Site Scripting vulnerability in Pmwiki 2.2.15 Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute. | 3.5 |
| 2010-05-12 | CVE-2010-0730 | Redhat Linux | Improper Input Validation vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. | 2.6 |
| 2010-05-13 | CVE-2010-1294 | Adobe | Information Exposure vulnerability in Adobe Coldfusion Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. | 2.1 |