Weekly Vulnerabilities Reports > May 31 to June 6, 2010
Overview
41 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 39 products from 36 vendors including Joomla, Fujitsu, Microsoft, Drupal, and Harmistechnology. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Code Injection", and "Resource Management Errors".
- 41 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities have public exploit available.
- 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 39 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Justsystems has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-06-03 | CVE-2010-2152 | Justsystems | Remote Code Execution vulnerability in Justsystems Ichitaro and Just School Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document. | 9.3 |
19 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-06-03 | CVE-2010-2148 | Unisoft Joomla | SQL Injection vulnerability in Unisoft COM Mycar 1.0 SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. | 7.5 |
| 2010-06-03 | CVE-2010-2146 | Graviton Mediatech | Code Injection vulnerability in Graviton-Mediatech Visitor Logger PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. | 7.5 |
| 2010-06-03 | CVE-2010-2145 | Richrumble | Code Injection vulnerability in Richrumble Clearsite 4.50 Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. | 7.5 |
| 2010-06-03 | CVE-2010-2143 | Getsymphony | Path Traversal vulnerability in Getsymphony Symphony 2.0.7 Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
| 2010-06-03 | CVE-2010-0742 | Openssl | Cryptographic Issues vulnerability in Openssl The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. | 7.5 |
| 2010-06-02 | CVE-2010-2142 | Murat Ersoy | SQL Injection vulnerability in Murat Ersoy Cyberhost SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-06-02 | CVE-2010-2141 | Nitropowered | SQL Injection vulnerability in Nitropowered Nitro web Gallery SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. | 7.5 |
| 2010-06-02 | CVE-2010-2140 | Multishopcms | SQL Injection vulnerability in Multishopcms Multishop CMS SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | 7.5 |
| 2010-06-02 | CVE-2010-2139 | Multishopcms | SQL Injection vulnerability in Multishopcms Multishop CMS SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-06-02 | CVE-2010-2137 | Giaard | Code Injection vulnerability in Giaard Proman 0.1.0 PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
| 2010-06-02 | CVE-2010-2135 | Hazelpress | SQL Injection vulnerability in Hazelpress 0.0.4 Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields. | 7.5 |
| 2010-06-02 | CVE-2010-2134 | Http Solution | SQL Injection vulnerability in Http-Solution Project MAN 1.0 Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | 7.5 |
| 2010-06-02 | CVE-2010-2133 | Mylittleforum | SQL Injection vulnerability in Mylittleforum MY Little Forum SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942. | 7.5 |
| 2010-06-02 | CVE-2010-2132 | Danny HO | Code Injection vulnerability in Danny HO OES 0.1 Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. | 7.5 |
| 2010-06-02 | CVE-2010-2131 | Mario Matzulla Typo3 | SQL Injection vulnerability in Mario Matzulla CAL SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. | 7.5 |
| 2010-06-01 | CVE-2010-2128 | Harmistechnology Joomla | Path Traversal vulnerability in Harmistechnology COM Jequoteform 1.0 Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
| 2010-06-01 | CVE-2010-2127 | Jv2Design | Code Injection vulnerability in Jv2Design JV2 Folder Gallery 3.1 PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | 7.5 |
| 2010-06-01 | CVE-2010-2126 | Snipegallery | Code Injection vulnerability in Snipegallery Snipe Gallery 3.1.5 Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php. | 7.5 |
| 2010-06-01 | CVE-2010-2124 | Bartels Schoene | SQL Injection vulnerability in Bartels-Schoene Conpresso 4.0.7 SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
18 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-06-03 | CVE-2010-2153 | Tecnick | Unspecified vulnerability in Tecnick Tcexam 10.1.006/10.1.007 Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | 6.8 |
| 2010-06-02 | CVE-2010-2138 | Giaard | Path Traversal vulnerability in Giaard Proman 0.1.0 Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php. | 6.8 |
| 2010-06-02 | CVE-2010-2136 | Articlefriendly | Path Traversal vulnerability in Articlefriendly Article Friendly 5.14 Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 6.8 |
| 2010-06-01 | CVE-2010-2129 | Harmistechnology Joomla | Path Traversal vulnerability in Harmistechnology COM Jeajaxeventcalendar 1.0.1/1.0.3 Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. | 6.8 |
| 2010-06-01 | CVE-2010-2122 | Joelrowley Joomla | Path Traversal vulnerability in Joelrowley COM Simpledownload 0.9.5 Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2010-06-03 | CVE-2010-2155 | Zonecheck | Cross-Site Scripting vulnerability in Zonecheck 2.1.0 Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882. | 4.3 |
| 2010-06-03 | CVE-2010-2154 | Cmscout | Cross-Site Scripting vulnerability in Cmscout 2.09 Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2010-06-03 | CVE-2010-2150 | Fujitsu | Cross-Site Scripting vulnerability in Fujitsu E-Pares L01/V01 Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-06-03 | CVE-2010-2147 | Unisoft Joomla | Cross-Site Scripting vulnerability in Unisoft COM Mycar 1.0 Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. | 4.3 |
| 2010-06-03 | CVE-2010-2144 | Zeeways | Cross-Site Scripting vulnerability in Zeeways Ebay Clone Auction Script Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
| 2010-06-02 | CVE-2009-4882 | Zonecheck | Cross-Site Scripting vulnerability in Zonecheck 2.0.413/2.1.0 Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi. | 4.3 |
| 2010-06-02 | CVE-2010-2130 | Arisglobal | Cross-Site Scripting vulnerability in Arisglobal Arisg 5.0 Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. | 4.3 |
| 2010-06-01 | CVE-2010-2121 | Opera | Resource Management Errors vulnerability in Opera Browser 9.52 Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | 4.3 |
| 2010-06-01 | CVE-2010-2120 | Resource Management Errors vulnerability in Google Chrome 1.0.154.48 Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. | 4.3 | |
| 2010-06-01 | CVE-2010-2119 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900.2180 Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. | 4.3 |
| 2010-06-01 | CVE-2010-2118 | Microsoft | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. | 4.3 |
| 2010-06-01 | CVE-2010-2117 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | 4.3 |
| 2010-06-03 | CVE-2010-2149 | Fujitsu | Improper Authentication vulnerability in Fujitsu E-Pares Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. | 4.0 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-06-03 | CVE-2010-2151 | Fujitsu | Cross-Site Request Forgery (CSRF) vulnerability in Fujitsu E-Pares Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. | 2.6 |
| 2010-06-01 | CVE-2010-2125 | Systemseed Drupal | Cross-Site Scripting vulnerability in Systemseed Rotor Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. | 2.1 |
| 2010-06-01 | CVE-2010-2123 | Speedtech Drupal | Cross-Site Scripting vulnerability in Speedtech Storm Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. | 2.1 |