Weekly Vulnerabilities Reports > May 10 to 16, 2010

Overview

103 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 44 vendors including Adobe, Cisco, Consona, HP, and Openmairie. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Improper Input Validation", and "Out-of-bounds Write".

  • 98 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 102 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

26 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-13 CVE-2010-1555 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.

10.0
2010-05-13 CVE-2010-1554 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.

10.0
2010-05-13 CVE-2010-1553 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.

10.0
2010-05-13 CVE-2010-1552 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.

10.0
2010-05-13 CVE-2010-1551 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter.

10.0
2010-05-13 CVE-2010-1550 HP USE of Externally-Controlled Format String vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.

10.0
2010-05-14 CVE-2009-3678 Microsoft Numeric Errors vulnerability in Microsoft Windows 7 and Windows Server 2008

Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."

9.3
2010-05-13 CVE-2010-1291 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.

9.3
2010-05-13 CVE-2010-1290 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.

9.3
2010-05-13 CVE-2010-1289 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.

9.3
2010-05-13 CVE-2010-1288 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.

9.3
2010-05-13 CVE-2010-1287 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

9.3
2010-05-13 CVE-2010-1286 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

9.3
2010-05-13 CVE-2010-1284 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

9.3
2010-05-13 CVE-2010-1292 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.

9.3
2010-05-13 CVE-2010-1283 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.

9.3
2010-05-13 CVE-2010-1280 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

9.3
2010-05-13 CVE-2010-0129 Adobe Integer Overflow or Wraparound vulnerability in Adobe Shockwave Player

Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.

9.3
2010-05-13 CVE-2010-0128 Adobe Out-of-bounds Write vulnerability in Adobe Director and Shockwave Player

Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.

9.3
2010-05-12 CVE-2010-1913 Consona Configuration vulnerability in Consona products

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.

9.3
2010-05-12 CVE-2010-1912 Consona Permissions, Privileges, and Access Controls vulnerability in Consona products

The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."

9.3
2010-05-12 CVE-2010-1911 Consona Cryptographic Issues vulnerability in Consona products

The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack.

9.3
2010-05-12 CVE-2010-1908 Consona Permissions, Privileges, and Access Controls vulnerability in Consona products

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile.

9.3
2010-05-12 CVE-2010-1869 Artifex Buffer Errors vulnerability in Artifex GPL Ghostscript 8.64/8.70

Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.

9.3
2010-05-12 CVE-2010-0815 Microsoft Code Injection vulnerability in Microsoft products

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

9.3
2010-05-11 CVE-2009-4863 Ultraplayer Buffer Errors vulnerability in Ultraplayer Media Player 2.112

Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.

9.3

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-13 CVE-2010-1281 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.

8.8
2010-05-13 CVE-2010-0987 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

8.8
2010-05-13 CVE-2010-0986 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

8.8
2010-05-13 CVE-2010-0130 Adobe Integer Overflow or Wraparound vulnerability in Adobe Shockwave Player

Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.

8.8
2010-05-13 CVE-2010-0127 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.

8.8
2010-05-14 CVE-2010-1567 Cisco Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.6(1)/9.7(3)

The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.

7.8
2010-05-14 CVE-2010-1565 Cisco Resource Management Errors vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S

Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561.

7.8
2010-05-14 CVE-2010-1563 Cisco Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S

The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588.

7.8
2010-05-14 CVE-2010-1562 Cisco Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S

The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521.

7.8
2010-05-14 CVE-2010-1561 Cisco Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch

The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115.

7.8
2010-05-14 CVE-2010-0604 Cisco Denial of Service vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9

Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165.

7.8
2010-05-14 CVE-2010-0603 Cisco Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9

The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030.

7.8
2010-05-14 CVE-2010-0602 Cisco Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9

The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606.

7.8
2010-05-14 CVE-2010-0601 Cisco Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9

The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126.

7.8
2010-05-13 CVE-2010-1939 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari 4.0.5

Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.

7.6
2010-05-12 CVE-2010-1909 Consona Buffer Errors vulnerability in Consona products

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information.

7.6
2010-05-12 CVE-2010-1925 Rifat Kurban SQL Injection vulnerability in Rifat Kurban Tekno.Portal 0.1B

SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.

7.5
2010-05-12 CVE-2010-1924 Phpscripte24 SQL Injection vulnerability in PHPscripte24 Live Shopping Multi Portal System

SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.

7.5
2010-05-12 CVE-2010-1923 Phpscripte24 SQL Injection vulnerability in PHPscripte24 web Social Network Freunde Community 2.0

SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action.

7.5
2010-05-12 CVE-2010-1922 29O3 CMS Code Injection vulnerability in 29O3 CMS 29O3 CMS 0.1

Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/.

7.5
2010-05-12 CVE-2010-1918 Efrontlearning SQL Injection vulnerability in Efrontlearning Efront

SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter.

7.5
2010-05-12 CVE-2010-1916 Xinha
S9Y
Permissions, Privileges, and Access Controls vulnerability in multiple products

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function.

7.5
2010-05-12 CVE-2010-1878 Blueflyingfish NO IP
Joomla
Path Traversal vulnerability in Blueflyingfish.No-Ip COM Orgchart 1.0.0

Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-12 CVE-2010-1877 Jtmreseller
Joomla
SQL Injection vulnerability in Jtmreseller COM JTM 1.9

SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php.

7.5
2010-05-12 CVE-2010-1876 Ajsquare SQL Injection vulnerability in Ajsquare AJ Shopping Cart 1.0

SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

7.5
2010-05-12 CVE-2010-1875 COM Property
Joomla
Path Traversal vulnerability in Com-Property COM Properties 3.1.2203

Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-05-12 CVE-2010-1874 COM Property
Joomla
SQL Injection vulnerability in Com-Property COM Properties 3.1.2203

SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php.

7.5
2010-05-11 CVE-2009-4872 Logoshows SQL Injection vulnerability in Logoshows BBS 2.0

Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

7.5
2010-05-11 CVE-2009-4871 Logoshows SQL Injection vulnerability in Logoshows BBS 2.0

SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2010-05-11 CVE-2009-4870 Phpcityportal SQL Injection vulnerability in PHPcityportal

Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters.

7.5
2010-05-11 CVE-2009-4862 Abushhab SQL Injection vulnerability in Abushhab Alwasel 1.5

Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.

7.5
2010-05-11 CVE-2009-4860 Demarque SQL Injection vulnerability in Demarque Typing PAL 1.0

SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.

7.5
2010-05-12 CVE-2010-1906 Consona
Microsoft
Cryptographic Issues vulnerability in Consona products

tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.

7.2
2010-05-12 CVE-2010-1620 Gnustep Numeric Errors vulnerability in Gnustep Base

Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.

7.2

40 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-12 CVE-2010-1936 Openmairie Path Traversal vulnerability in Openmairie Opencominterne 1.01

Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.

6.8
2010-05-12 CVE-2010-1935 Openmairie Path Traversal vulnerability in Openmairie Openpresse 1.01

Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.

6.8
2010-05-12 CVE-2010-1934 Openmairie Code Injection vulnerability in Openmairie Openplanning 1.00

Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/.

6.8
2010-05-12 CVE-2010-1928 Openmairie Path Traversal vulnerability in Openmairie Openplanning 1.00

Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.

6.8
2010-05-12 CVE-2010-1927 Openmairie Code Injection vulnerability in Openmairie Opencourrier 2.02/2.03

Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/.

6.8
2010-05-12 CVE-2010-1926 Openmairie Path Traversal vulnerability in Openmairie Opencourrier 2.02/2.03

Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.

6.8
2010-05-12 CVE-2010-1921 Openmairie Code Injection vulnerability in Openmairie Openannuaire 2.00

Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.

6.8
2010-05-12 CVE-2010-1920 Openmairie Path Traversal vulnerability in Openmairie Openannuaire 2.00

Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.

6.8
2010-05-11 CVE-2009-4865 I Escorts SQL Injection vulnerability in I-Escorts products

Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters.

6.8
2010-05-12 CVE-2010-1910 Consona Improper Authentication vulnerability in Consona products

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.

5.1
2010-05-14 CVE-2010-1568 Cisco Cryptographic Issues vulnerability in Cisco Ironport Desktop Flag Plugin for Outlook 6.2.4.3

The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623.

5.0
2010-05-14 CVE-2010-1621 Mysql Permissions, Privileges, and Access Controls vulnerability in Mysql

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

5.0
2010-05-14 CVE-2010-1510 Irfanview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview

Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.

5.0
2010-05-14 CVE-2010-1509 Irfanview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview

IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."

5.0
2010-05-12 CVE-2010-1917 PHP Resource Management Errors vulnerability in PHP

Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.

5.0
2010-05-12 CVE-2010-1915 PHP Information Exposure vulnerability in PHP

The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.

5.0
2010-05-12 CVE-2010-1914 PHP Information Exposure vulnerability in PHP

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.

5.0
2010-05-12 CVE-2010-1457 Gnustep Information Exposure vulnerability in Gnustep Base

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message.

4.9
2010-05-14 CVE-2010-1558 HP
Microsoft
Local Unauthorized Access vulnerability in HP MFP Digital Sending Software

Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors.

4.7
2010-05-14 CVE-2010-1940 Apple
Microsoft
Credentials Management vulnerability in Apple Safari 4.0.5

Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests.

4.3
2010-05-14 CVE-2010-1557 HP Cross-Site Scripting vulnerability in HP Insight Control Server Migration FOR Windows

Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-05-14 CVE-2010-0475 Palo Alto Networks Cross-Site Scripting vulnerability in Palo Alto Networks Firewall

Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter.

4.3
2010-05-13 CVE-2010-1293 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-05-13 CVE-2010-1282 Adobe Infinite Loop vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

4.3
2010-05-13 CVE-2009-3467 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2010-05-12 CVE-2010-1482 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple

Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.

4.3
2010-05-12 CVE-2010-1907 Consona Information Exposure vulnerability in Consona products

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method.

4.3
2010-05-12 CVE-2010-1905 Consona Cross-Site Scripting vulnerability in Consona products

Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.

4.3
2010-05-12 CVE-2010-1872 Tufat Cross-Site Scripting vulnerability in Tufat Flashcard 2.6.5/3.0.1

Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2010-05-12 CVE-2010-1455 Ethereal Group
Wireshark
Improper Input Validation vulnerability in multiple products

The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.

4.3
2010-05-11 CVE-2009-4869 Hitronsoft Cross-Site Scripting vulnerability in Hitronsoft Nasim Guest Book 1.2

Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2010-05-11 CVE-2009-4868 Hitronsoft Cross-Site Scripting vulnerability in Hitronsoft Answer ME 1.0

Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php).

4.3
2010-05-11 CVE-2009-4867 Tony Million Buffer Errors vulnerability in Tony Million Tuniac 090517C

Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file.

4.3
2010-05-11 CVE-2009-4866 Matt Wright Cross-Site Scripting vulnerability in Matt Wright Simple Search 1.0

Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter.

4.3
2010-05-11 CVE-2009-4864 I Escorts Cross-Site Scripting vulnerability in I-Escorts products

Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters.

4.3
2010-05-11 CVE-2009-4861 Supportpro Cross-Site Scripting vulnerability in Supportpro Supportdesk 3.0

Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2010-05-11 CVE-2009-4859 Onlinetechtools COM Cross-Site Scripting vulnerability in Onlinetechtools.Com Owos Lite 3.10

Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp.

4.3
2010-05-11 CVE-2009-4858 Turnkeyforms Cross-Site Scripting vulnerability in Turnkeyforms Yahoo-Answers-Clone

Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.

4.3
2010-05-11 CVE-2009-4857 Ecomstudio Cross-Site Scripting vulnerability in Ecomstudio PHP Photo Vote1.3F

Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2010-05-11 CVE-2009-4856 Ecomstudio Cross-Site Scripting vulnerability in Ecomstudio PHP Easy Shopping Cart 3.1R

Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-12 CVE-2010-1481 Pmwiki Cross-Site Scripting vulnerability in Pmwiki 2.2.15

Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.

3.5
2010-05-12 CVE-2010-0730 Redhat
Linux
Improper Input Validation vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.

2.6
2010-05-13 CVE-2010-1294 Adobe Information Exposure vulnerability in Adobe Coldfusion

Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.

2.1