Weekly Vulnerabilities Reports > May 17 to 23, 2010

Overview

84 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 83 products from 59 vendors including Joomla, Drupal, Openmairie, IBM, and Microsoft. Vulnerabilities are notably categorized as "Path Traversal", "Cross-site Scripting", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 81 reported vulnerabilities are remotely exploitables.
  • 25 reported vulnerabilities have public exploit available.
  • 40 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 66 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Bsplayer has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-20 CVE-2010-1988 Mozilla
Microsoft
Unspecified vulnerability in Mozilla Firefox 3.6.3

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571.

10.0
2010-05-20 CVE-2010-1039 HP
IBM
SGI
USE of Externally-Controlled Format String vulnerability in multiple products

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

10.0
2010-05-17 CVE-2010-0998 Freedownloadmanager Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freedownloadmanager Free Download Manager

Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect.

10.0
2010-05-21 CVE-2010-2009 Bsplayer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bsplayer Bs.Player 2.41/2.51

Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long ID3 tag in a .MP3 file.

9.3
2010-05-20 CVE-2010-2004 Bsplayer Buffer Errors vulnerability in Bsplayer Bs.Player 2.51

Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068.

9.3
2010-05-19 CVE-2010-1628 Artifex Buffer Errors vulnerability in Artifex GPL Ghostscript 8.64/8.70

Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.

9.3

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-19 CVE-2010-1447 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

8.5
2010-05-19 CVE-2010-1169 Postgresql Code Injection vulnerability in Postgresql

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl.

8.5
2010-05-19 CVE-2010-1943 NEC Remote Denial of Service vulnerability in NEC Capsuite Patchmeister 2.0

Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.

7.8
2010-05-19 CVE-2010-1941 NEC Denial of Service vulnerability in WebSAM DeploymentManager

Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010.

7.8
2010-05-20 CVE-2010-2005 Datalifecms Code Injection vulnerability in Datalifecms Datalife Engine 8.3

Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.

7.5
2010-05-20 CVE-2010-1994 Tomatocms SQL Injection vulnerability in Tomatocms

SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.

7.5
2010-05-19 CVE-2010-1630 Phpbb Unspecified vulnerability in PHPbb

Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."

7.5
2010-05-19 CVE-2010-1983 Redcomponent
Joomla
Path Traversal vulnerability in Redcomponent COM Redtwitter

Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-1980 Roberto Aloi
Joomla
Path Traversal vulnerability in Roberto Aloi COM Joomlaflickr 1.0.3

Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-05-19 CVE-2010-1977 Gohigheris
Joomla
Path Traversal vulnerability in Gohigheris COM Jwhmcs 1.5.0

Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-0404 Phpgroupware SQL Injection vulnerability in PHPgroupware

Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.

7.5
2010-05-19 CVE-2010-1957 Thefactory
Joomla
Path Traversal vulnerability in Thefactory COM Lovefactory 1.3.4

Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-1956 Thefactory
Joomla
Path Traversal vulnerability in Thefactory COM Gadgetfactory 1.0.0/1.5.0

Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-1955 Thefactory
Joomla
Path Traversal vulnerability in Thefactory COM Blogfactory 1.1.2

Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-1954 Joomlacomponent Inetlanka
Joomla
Path Traversal vulnerability in Joomlacomponent.Inetlanka COM Multiroot 1.0/1.1

Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-1953 Joomlacomponent Inetlanka
Joomla
Path Traversal vulnerability in Joomlacomponent.Inetlanka COM Multimap 1.0

Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-1952 Cmstactics
Joomla
Path Traversal vulnerability in Cmstactics COM Beeheard and COM Beeheardlite

Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-19 CVE-2010-1949 Emultisoft
Joomla
SQL Injection vulnerability in Emultisoft COM Jnewspaper 1.0

SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

7.5
2010-05-17 CVE-2010-0999 Freedownloadmanager Path Traversal vulnerability in Freedownloadmanager Free Download Manager

Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

7.1

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-21 CVE-2010-1547 Chaos Tool Suite Project Cross-Site Request Forgery (CSRF) vulnerability in Chaos Tool Suite Project Ctools

Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.

6.8
2010-05-21 CVE-2010-0539 Apple Numeric Errors vulnerability in Apple Java 1.5 and Java 1.6

Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.

6.8
2010-05-21 CVE-2010-0538 Apple Resource Management Errors vulnerability in Apple Java

Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.

6.8
2010-05-20 CVE-2010-2007 Letodms Cross-Site Request Forgery (CSRF) vulnerability in Letodms

Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms.

6.8
2010-05-20 CVE-2010-1999 Openmairie Path Traversal vulnerability in Openmairie Opencatalogue 1.024

Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.

6.8
2010-05-19 CVE-2010-1981 Fabrikar
Joomla
Path Traversal vulnerability in Fabrikar COM Fabrikar 2.0

Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a ..

6.8
2010-05-19 CVE-2010-1979 Affiliatefeeds
Joomla
Path Traversal vulnerability in Affiliatefeeds COM Datafeeds Build880

Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a ..

6.8
2010-05-19 CVE-2010-1978 Freephpblogsoftware Code Injection vulnerability in Freephpblogsoftware 1.0

PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter.

6.8
2010-05-19 CVE-2010-1454 Vmware Improper Authentication vulnerability in VMWare TC Server

com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.

6.8
2010-05-19 CVE-2010-1321 MIT
Debian
Canonical
Oracle
Opensuse
Suse
Fedoraproject
Null Pointer Dereference vulnerability in multiple products

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

6.8
2010-05-19 CVE-2010-0403 Phpgroupware Path Traversal vulnerability in PHPgroupware

Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-05-19 CVE-2010-1951 60Cyclecms Project Path Traversal vulnerability in 60Cyclecms Project 60Cyclecms 2.5.2

Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php.

6.8
2010-05-19 CVE-2010-1950 Emultisoft
Joomla
SQL Injection vulnerability in Emultisoft COM Jnewspaper 1.0

SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php.

6.8
2010-05-19 CVE-2010-1948 Openmairie Path Traversal vulnerability in Openmairie Openfoncier 2.00

Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.

6.8
2010-05-19 CVE-2010-1947 Openmairie Path Traversal vulnerability in Openmairie Openregistrecil 1.02

Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter.

6.8
2010-05-19 CVE-2010-1946 Openmairie Code Injection vulnerability in Openmairie Openregistrecil 1.02

Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.

6.8
2010-05-19 CVE-2010-1945 Openmairie Code Injection vulnerability in Openmairie Openfoncier 2.00

Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/.

6.8
2010-05-19 CVE-2010-1944 Openmairie Code Injection vulnerability in Openmairie Opencimetiere 2.01

Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/.

6.8
2010-05-20 CVE-2010-2006 Letodms Path Traversal vulnerability in Letodms

Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a ..

6.5
2010-05-19 CVE-2010-1942 Fujitsu Unspecified vulnerability in Fujitsu Interstage Application Server

Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device.

6.4
2010-05-17 CVE-2010-1511 KDE Permissions, Privileges, and Access Controls vulnerability in KDE SC and Kget

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

6.4
2010-05-21 CVE-2010-1546 Chaos Tool Suite Project Code Injection vulnerability in Chaos Tool Suite Project Ctools

Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.

6.0
2010-05-19 CVE-2010-1170 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

6.0
2010-05-17 CVE-2010-1000 KDE Path Traversal vulnerability in KDE SC

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

5.8
2010-05-19 CVE-2010-1975 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

5.5
2010-05-20 CVE-2010-1993 Opera Resource Management Errors vulnerability in Opera Browser 9.52

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.

5.0
2010-05-20 CVE-2010-1992 Google Resource Management Errors vulnerability in Google Chrome 1.0.154.48

Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

5.0
2010-05-20 CVE-2010-1991 Microsoft Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

5.0
2010-05-20 CVE-2010-1990 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

5.0
2010-05-20 CVE-2010-1989 Opera Resource Management Errors vulnerability in Opera Browser 9.52

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181.

5.0
2010-05-20 CVE-2010-1987 Mozilla
Microsoft
Resource Management Errors vulnerability in Mozilla Firefox 3.6.3

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.

5.0
2010-05-20 CVE-2010-1986 Mozilla
Microsoft
Resource Management Errors vulnerability in Mozilla Firefox 3.6.3

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571.

5.0
2010-05-20 CVE-2010-0745 Dovecot Resource Management Errors vulnerability in Dovecot

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

5.0
2010-05-19 CVE-2010-1982 Joomlart
Joomla
Path Traversal vulnerability in Joomlart COM Javoice 2.0

Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-05-17 CVE-2010-0776 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.

5.0
2010-05-17 CVE-2010-0775 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components.

5.0
2010-05-21 CVE-2010-1436 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.18

gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system.

4.9
2010-05-21 CVE-2010-2010 Chaos Tool Suite Project Cross-Site Scripting vulnerability in Chaos Tool Suite Project Ctools

Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.

4.3
2010-05-20 CVE-2010-2003 Proxy2 Cross-Site Scripting vulnerability in Proxy2 Advanced Poll 2.08

Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter.

4.3
2010-05-19 CVE-2010-1985 Sixapart Cross-Site Scripting vulnerability in Sixapart Movable Type 5.0/5.01

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2010-05-19 CVE-2010-1629 Phorum Cross-Site Scripting vulnerability in Phorum

Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.

4.3
2010-05-19 CVE-2010-1627 Phpbb Permissions, Privileges, and Access Controls vulnerability in PHPbb 3.0.7

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.

4.3
2010-05-17 CVE-2010-0774 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

4.3
2010-05-17 CVE-2010-1512 Tatsuhiro Tsujikawa Path Traversal vulnerability in Tatsuhiro Tsujikawa Aria2

Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

4.3
2010-05-21 CVE-2010-2011 Microsoft Cryptographic Issues vulnerability in Microsoft Dynamics GP

Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents.

4.0

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-21 CVE-2010-1626 Mysql
Oracle
Permissions, Privileges, and Access Controls vulnerability in multiple products

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

3.6
2010-05-21 CVE-2010-1548 Chaos Tool Suite Project Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools

The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title.

3.5
2010-05-20 CVE-2010-2001 Ninjitsuweb
Drupal
Cross-Site Scripting vulnerability in Ninjitsuweb Civiregister 6.X1.0

Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.

2.6
2010-05-17 CVE-2010-0777 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

2.6
2010-05-20 CVE-2010-2002 Addison Berry
Jeff Warrington
Drupal
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.

2.1
2010-05-20 CVE-2010-2000 RON Jerome
Drupal
Cross-Site Scripting vulnerability in RON Jerome Bibliography

Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.

2.1
2010-05-20 CVE-2010-1998 Kevinhankens
Drupal
Cross-Site Scripting vulnerability in Kevinhankens Tablefield 6.X1.0/6.X1.1

Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers.

2.1
2010-05-20 CVE-2010-1997 Saurus Cross-Site Scripting vulnerability in Saurus CMS 4.7.0

Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.

2.1
2010-05-20 CVE-2010-1996 Tomatocms Cross-Site Scripting vulnerability in Tomatocms

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO.

2.1
2010-05-20 CVE-2010-1995 Tomatocms Cross-Site Scripting vulnerability in Tomatocms

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO.

2.1
2010-05-19 CVE-2010-1984 Michael Nichols
Drupal
Cross-Site Scripting vulnerability in Michael Nichols Taxonomy Breadcrumb

Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display.

2.1
2010-05-19 CVE-2010-1976 Michael Nichols
Drupal
Cross-Site Scripting vulnerability in Michael Nichols Taxonomy Breadcrumb 6.X0.1/6.X1.0/6.X1.X

Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display.

2.1
2010-05-19 CVE-2010-1584 Steven Jones
Drupal
Cross-Site Scripting vulnerability in Steven Jones Context 6.X2.0

Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.

2.1
2010-05-21 CVE-2010-1446 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke.

1.9