Weekly Vulnerabilities Reports > May 24 to 30, 2010

Overview

101 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 64 vendors including Cisco, Joomla, Microsoft, Google, and Python. Vulnerabilities are notably categorized as "Cross-site Scripting", "Path Traversal", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".

  • 97 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 94 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-28 CVE-2010-2107 Google Unspecified vulnerability in Google Chrome

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.

10.0
2010-05-28 CVE-2010-2105 Google Unspecified vulnerability in Google Chrome

Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.

10.0
2010-05-27 CVE-2010-2102 Timo Gaik Buffer Errors vulnerability in Timo Gaik Webby Webserver 1.01

Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.

10.0
2010-05-27 CVE-2010-0600 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Mediator Framework 1.5.1/2.2/3.0.8

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.

10.0
2010-05-27 CVE-2010-0595 Cisco Credentials Management vulnerability in Cisco Mediator Framework 1.5.1/2.2/3.0.8

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495.

10.0
2010-05-26 CVE-2009-4873 Rhinosoft Buffer Errors vulnerability in Rhinosoft Serv-U 9.0.0.5

Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.

10.0
2010-05-24 CVE-2010-2028 Mgenti Buffer Errors vulnerability in Mgenti Tftputil GUI 1.4.5

Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode.

10.0
2010-05-28 CVE-2010-1938 Freebsd
NRL
Numeric Errors vulnerability in multiple products

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

9.3
2010-05-27 CVE-2010-1296 Adobe Buffer Errors vulnerability in Adobe Photoshop CS4 11.0

Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.

9.3
2010-05-27 CVE-2010-0599 Cisco Credentials Management vulnerability in Cisco Mediator Framework 1.5.1/2.2/3.0.8

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.

9.3
2010-05-27 CVE-2010-0598 Cisco Credentials Management vulnerability in Cisco Mediator Framework 1.5.1/2.2/3.0.8

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631.

9.3
2010-05-24 CVE-2010-1688 2Brightsparks Buffer Errors vulnerability in 2Brightsparks Syncback 3.2.20.0

Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile.

9.3
2010-05-27 CVE-2010-0597 Cisco Remote Privilege Escalation vulnerability in Cisco Network Building Mediator

Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618.

9.0
2010-05-27 CVE-2010-0596 Cisco Remote Privilege Escalation vulnerability in Cisco Network Building Mediator

Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607.

9.0

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-28 CVE-2010-2112 Intervations Path Traversal vulnerability in Intervations Filecopa

Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors.

8.8
2010-05-28 CVE-2010-2110 Google Unspecified vulnerability in Google Chrome

Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.

7.5
2010-05-28 CVE-2010-2109 Google Unspecified vulnerability in Google Chrome

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.

7.5
2010-05-28 CVE-2010-2108 Google Unspecified vulnerability in Google Chrome

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.

7.5
2010-05-27 CVE-2010-2099 E107 Permissions, Privileges, and Access Controls vulnerability in E107

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.

7.5
2010-05-27 CVE-2010-2098 E107 SQL-Injection vulnerability in E107

Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.

7.5
2010-05-27 CVE-2010-2096 Cmsqlite Path Traversal vulnerability in Cmsqlite 1.0/1.1

Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-05-27 CVE-2010-2095 Cmsqlite SQL Injection vulnerability in Cmsqlite 1.0/1.1

SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.

7.5
2010-05-27 CVE-2010-2092 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.

7.5
2010-05-27 CVE-2010-1450 Python Classic Buffer Overflow vulnerability in Python 2.5.0

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

7.5
2010-05-27 CVE-2010-1449 Python Integer Overflow OR Wraparound vulnerability in Python 2.5.0

Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow.

7.5
2010-05-25 CVE-2010-2051 Debliteck SQL Injection vulnerability in Debliteck Dbcart

SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-05-25 CVE-2010-2050 M0R0N
Joomla
Path Traversal vulnerability in M0R0N COM Mscomment 0.8.0

Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2010-05-25 CVE-2010-2047 Joenasejes SQL Injection vulnerability in Joenasejes JE CMS 1.0.0/1.1

SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action.

7.5
2010-05-25 CVE-2010-2045 Dionesoft
Joomla
Path Traversal vulnerability in Dionesoft COM Dioneformwizard 1.0.2

Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

7.5
2010-05-25 CVE-2010-2044 Adhie Utomo
Joomla
SQL Injection vulnerability in Adhie Utomo COM Konsultasi 1.0.0

SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php.

7.5
2010-05-25 CVE-2010-2042 Shopex SQL Injection vulnerability in Shopex Ecshop 2.7.2

SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter.

7.5
2010-05-25 CVE-2010-2037 Percha
Joomla
Path Traversal vulnerability in Percha COM Perchadownloadsattach 1.1

Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-05-25 CVE-2010-2036 Percha
Joomla
Path Traversal vulnerability in Percha COM Perchafieldsattach 1.0

Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-05-25 CVE-2010-2035 Percha
Joomla
Path Traversal vulnerability in Percha COM Perchagallery 1.6

Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-05-25 CVE-2010-2034 Percha
Joomla
Path Traversal vulnerability in Percha COM Perchaimageattach 1.1

Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-05-25 CVE-2010-2033 Percha
Joomla
Path Traversal vulnerability in Percha COM Perchacategoriestree 0.6

Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-05-24 CVE-2010-2016 Imagetraders SQL Injection vulnerability in Imagetraders Iceberg CMS

SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the p_id parameter.

7.5
2010-05-24 CVE-2010-2031 Kingsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Kingsoft Webshield

KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device.

7.2
2010-05-28 CVE-2010-1919 EMC Denial of Service vulnerability in EMC Avamar 4.0/4.1/5.0

Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.

7.1

56 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-28 CVE-2010-2020 Freebsd Improper Input Validation vulnerability in Freebsd 7.2/8.0/8.1Prerelease

sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.

6.9
2010-05-27 CVE-2010-2094 PHP USE of Externally-Controlled Format String vulnerability in PHP 5.3.0/5.3.1

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.

6.8
2010-05-26 CVE-2010-2025 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.

6.8
2010-05-26 CVE-2010-1513 Daniel Mealha Cabrita Numeric Errors vulnerability in Daniel Mealha Cabrita Ziproxy

Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.

6.8
2010-05-26 CVE-2009-4877 Plainblack Cross-Site Request Forgery (CSRF) vulnerability in Plainblack Webgui

Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

6.8
2010-05-25 CVE-2010-2039 Gpeasy Cross-Site Request Forgery (CSRF) vulnerability in Gpeasy CMS

Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php.

6.8
2010-05-24 CVE-2010-2019 Bukulokomedia SQL Injection vulnerability in Bukulokomedia Lokomedia CMS 1.4.1

SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter.

6.8
2010-05-24 CVE-2010-2015 Createch Group SQL Injection vulnerability in Createch-Group Lisk CMS 4.4

Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id parameter to cp/edit_email.php.

6.8
2010-05-24 CVE-2010-2012 Sebrac Webcindario SQL Injection vulnerability in Sebrac.Webcindario Migascms 1.1

SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action.

6.8
2010-05-28 CVE-2010-2116 Mcafee Incorrect Permission Assignment FOR Critical Resource vulnerability in Mcafee Email Gateway and Secure Mail

The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.

6.5
2010-05-26 CVE-2010-2026 Cisco Improper Authentication vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303

The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page.

6.4
2010-05-26 CVE-2009-4874 Scripts Oldguy Permissions, Privileges, and Access Controls vulnerability in Scripts.Oldguy Talkback 2.3.14

TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.

6.4
2010-05-24 CVE-2010-2029 Cybozu Permissions, Privileges, and Access Controls vulnerability in Cybozu Dotsales and Cybozu Office

Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.

5.8
2010-05-28 CVE-2010-2115 Solarwinds Improper Input Validation vulnerability in Solarwinds Tftp Server 10.4.0.10

SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.

5.0
2010-05-27 CVE-2010-2101 PHP Information Exposure vulnerability in PHP

The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

5.0
2010-05-27 CVE-2010-2100 PHP Information Exposure vulnerability in PHP

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

5.0
2010-05-27 CVE-2010-2097 PHP Information Exposure vulnerability in PHP

The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

5.0
2010-05-27 CVE-2010-2093 PHP Resource Management Errors vulnerability in PHP

Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs.

5.0
2010-05-27 CVE-2010-2090 Microsoft
IBM
Improper Input Validation vulnerability in IBM Communications Server 6.1.3/6.3.1.0

The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.

5.0
2010-05-27 CVE-2010-2089 Python Buffer Errors vulnerability in Python 3.2

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

5.0
2010-05-27 CVE-2010-1959 HP Unspecified vulnerability in HP Mercury Testdirector FOR Quality Center

Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors.

5.0
2010-05-27 CVE-2010-1634 Python Numeric Errors vulnerability in Python 3.1/3.2

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow.

5.0
2010-05-27 CVE-2009-4134 Python Out-Of-Bounds Write vulnerability in Python 2.5.0

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

5.0
2010-05-26 CVE-2010-2082 Cisco Credentials Management vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303

The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access.

5.0
2010-05-26 CVE-2009-4876 Netrix Permissions, Privileges, and Access Controls vulnerability in Netrix CMS 1.0

admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter.

5.0
2010-05-26 CVE-2009-4875 Frederico Caldeira Knabben Resource Management Errors vulnerability in Frederico Caldeira Knabben Fckeditor.Java 2.4

FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters.

5.0
2010-05-25 CVE-2010-2079 Magnoware Improper Input Validation vulnerability in Magnoware Datatrack System 3.5

DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\ and (2) .ascx\ files.

5.0
2010-05-25 CVE-2010-2078 Magnoware Improper Input Validation vulnerability in Magnoware Datatrack System 3.5

DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI.

5.0
2010-05-24 CVE-2006-7239 GNU Cryptographic Issues vulnerability in GNU Gnutls

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.

5.0
2010-05-24 CVE-2010-2018 Bukulokomedia Path Traversal vulnerability in Bukulokomedia Lokomedia CMS 1.4.1/2.0

Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a ..

5.0
2010-05-28 CVE-2010-2111 Pacifictimesheet Cross-Site Request Forgery (CSRF) vulnerability in Pacifictimesheet Pacific Timesheet 6.74

Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action.

4.3
2010-05-28 CVE-2010-2106 Google Unspecified vulnerability in Google Chrome

Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.

4.3
2010-05-27 CVE-2010-2104 Orbitdownloader Path Traversal vulnerability in Orbitdownloader Orbit Downloader 3.0.0.4/3.0.0.5

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.

4.3
2010-05-27 CVE-2010-2103 Apache
3Com
SAP
Cross-Site Scripting vulnerability in Apache Axis2 1.4.1/1.5.1

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter.

4.3
2010-05-27 CVE-2010-2091 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server 2007

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.

4.3
2010-05-27 CVE-2010-2088 Microsoft Cross-Site Scripting vulnerability in Microsoft Asp.Net 3.5

ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.

4.3
2010-05-27 CVE-2010-2087 Caucho
IBM
Oracle
Cross-Site Scripting vulnerability in Oracle Mojarra 1.214/2.0.2

Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

4.3
2010-05-27 CVE-2010-2085 Microsoft Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0

The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.

4.3
2010-05-27 CVE-2010-2084 Microsoft Cross-Site Scripting vulnerability in Microsoft Asp.Net 2.0

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.

4.3
2010-05-27 CVE-2010-1459 Mono Cross-Site Scripting vulnerability in Mono

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.

4.3
2010-05-26 CVE-2010-1640 Clamav Numeric Errors vulnerability in Clamav 0.96

Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

4.3
2010-05-26 CVE-2010-1639 Clamav Denial Of Service vulnerability in ClamAV 'cli_pdf()' PDF File Processing

The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

4.3
2010-05-26 CVE-2009-4879 Novell Improper Authentication vulnerability in Novell Access Manager 3

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

4.3
2010-05-26 CVE-2009-4878 Novell Information Disclosure vulnerability in Novell Access Manager 3

Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.

4.3
2010-05-25 CVE-2010-2049 Manageengine Cross-Site Scripting vulnerability in Manageengine Adaudit Plus 4.0.0

Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter.

4.3
2010-05-25 CVE-2010-2046 Activehelper
Joomla
Cross-Site Scripting vulnerability in Activehelper COM Activehelper Livehelp 2.0.3

Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php.

4.3
2010-05-25 CVE-2010-2043 Magnoware Cross-Site Scripting vulnerability in Magnoware Datatrack System 3.5/3.5.8019.4

Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary).

4.3
2010-05-25 CVE-2010-2041 PHP Calendar Cross-Site Scripting vulnerability in PHP-Calendar

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters.

4.3
2010-05-25 CVE-2010-2040 V EVA Cross-Site Scripting vulnerability in V-Eva Shopzilla Affiliate Script PHP

Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3
2010-05-24 CVE-2010-2032 Caucho Cross-Site Scripting vulnerability in Caucho Resin 3.1.10/3.1.5/4.0.6

Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters.

4.3
2010-05-24 CVE-2010-2030 Alan Palazzolo
Drupal
Cross-Site Scripting vulnerability in Alan Palazzolo External Link Page 5.X0.8/6.X1.0/6.X1.1

Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages.

4.3
2010-05-24 CVE-2010-2017 Bukulokomedia Cross-Site Scripting vulnerability in Bukulokomedia Lokomedia CMS 1.4.1/2.0

Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter.

4.3
2010-05-24 CVE-2010-2014 Createch Group Cross-Site Scripting vulnerability in Createch-Group Lisk CMS 4.4

Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter.

4.3
2010-05-24 CVE-2010-2013 Createch Group Cross-Site Scripting vulnerability in Createch-Group Lisk CMS 4.4

Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2010-05-27 CVE-2010-2086 Apache Cross-Site Scripting vulnerability in Apache Myfaces 1.1.7/1.2.8

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

4.0
2010-05-26 CVE-2010-2083 Microsoft Credentials Management vulnerability in Microsoft Dynamics GP

Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-28 CVE-2010-2113 Uniformserver Cross-Site Request Forgery (CSRF) vulnerability in Uniformserver 5.6.5

Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php.

3.5
2010-05-25 CVE-2010-2048 Menhir
Drupal
Cross-Site Scripting vulnerability in Menhir Heartbeat

Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2010-05-28 CVE-2010-2022 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 8.0/8.1Prerelease

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.

3.3
2010-05-28 CVE-2010-2114 Brekeke Cross-Site Request Forgery (CSRF) vulnerability in Brekeke PBX 2.4.4.8

Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.

2.6
2010-05-25 CVE-2010-2038 Gpeasy Cross-Site Scripting vulnerability in Gpeasy CMS 1.6.2

Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php.

2.1
2010-05-24 CVE-2010-2027 Linux
Wolfram Research
Link Following vulnerability in Wolfram Research Mathematica 7

Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.

1.9