Weekly Vulnerabilities Reports > May 31 to June 6, 2010

Overview

49 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 41 products from 38 vendors including Joomla, GNU, Linux, Fujitsu, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Code Injection", and "Resource Management Errors".

  • 45 reported vulnerabilities are remotely exploitables.
  • 17 reported vulnerabilities have public exploit available.
  • 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 47 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Justsystems has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-03 CVE-2010-2152 Justsystems Remote Code Execution vulnerability in Justsystems Ichitaro and Just School

Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-03 CVE-2010-2148 Unisoft
Joomla
SQL Injection vulnerability in Unisoft COM Mycar 1.0

SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.

7.5
2010-06-03 CVE-2010-2146 Graviton Mediatech Code Injection vulnerability in Graviton-Mediatech Visitor Logger

PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.

7.5
2010-06-03 CVE-2010-2145 Richrumble Code Injection vulnerability in Richrumble Clearsite 4.50

Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php.

7.5
2010-06-03 CVE-2010-2143 Getsymphony Path Traversal vulnerability in Getsymphony Symphony 2.0.7

Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-06-03 CVE-2010-0742 Openssl Cryptographic Issues vulnerability in Openssl

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

7.5
2010-06-02 CVE-2010-2142 Murat Ersoy SQL Injection vulnerability in Murat Ersoy Cyberhost

SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-06-02 CVE-2010-2141 Nitropowered SQL Injection vulnerability in Nitropowered Nitro web Gallery

SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.

7.5
2010-06-02 CVE-2010-2140 Multishopcms SQL Injection vulnerability in Multishopcms Multishop CMS

SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

7.5
2010-06-02 CVE-2010-2139 Multishopcms SQL Injection vulnerability in Multishopcms Multishop CMS

SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-06-02 CVE-2010-2137 Giaard Code Injection vulnerability in Giaard Proman 0.1.0

PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2010-06-02 CVE-2010-2135 Hazelpress SQL Injection vulnerability in Hazelpress 0.0.4

Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields.

7.5
2010-06-02 CVE-2010-2134 Http Solution SQL Injection vulnerability in Http-Solution Project MAN 1.0

Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

7.5
2010-06-02 CVE-2010-2133 Mylittleforum SQL Injection vulnerability in Mylittleforum MY Little Forum

SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.

7.5
2010-06-02 CVE-2010-2132 Danny HO Code Injection vulnerability in Danny HO OES 0.1

Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446.

7.5
2010-06-02 CVE-2010-2131 Mario Matzulla
Typo3
SQL Injection vulnerability in Mario Matzulla CAL

SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.

7.5
2010-06-01 CVE-2010-2128 Harmistechnology
Joomla
Path Traversal vulnerability in Harmistechnology COM Jequoteform 1.0

Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-06-01 CVE-2010-2127 Jv2Design Code Injection vulnerability in Jv2Design JV2 Folder Gallery 3.1

PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

7.5
2010-06-01 CVE-2010-2126 Snipegallery Code Injection vulnerability in Snipegallery Snipe Gallery 3.1.5

Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php.

7.5
2010-06-01 CVE-2010-2124 Bartels Schoene SQL Injection vulnerability in Bartels-Schoene Conpresso 4.0.7

SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-06-01 CVE-2010-0296 GNU Improper Input Validation vulnerability in GNU Glibc

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

7.2

24 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-03 CVE-2010-1643 Linux Local Denial of Service vulnerability in Linux Kernel 'knfsd' 'current->mm' Modifier

mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.

6.9
2010-06-03 CVE-2010-2153 Tecnick Unspecified vulnerability in Tecnick Tcexam 10.1.006/10.1.007

Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.

6.8
2010-06-02 CVE-2010-2138 Giaard Path Traversal vulnerability in Giaard Proman 0.1.0

Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php.

6.8
2010-06-02 CVE-2010-2136 Articlefriendly Path Traversal vulnerability in Articlefriendly Article Friendly 5.14

Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

6.8
2010-06-01 CVE-2010-2129 Harmistechnology
Joomla
Path Traversal vulnerability in Harmistechnology COM Jeajaxeventcalendar 1.0.1/1.0.3

Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a ..

6.8
2010-06-01 CVE-2010-2122 Joelrowley
Joomla
Path Traversal vulnerability in Joelrowley COM Simpledownload 0.9.5

Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-06-03 CVE-2010-1633 Openssl Permissions, Privileges, and Access Controls vulnerability in Openssl 1.0.0

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors.

6.4
2010-06-01 CVE-2010-0830 GNU Numeric Errors vulnerability in GNU Glibc

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

5.1
2010-06-01 CVE-2009-4881 GNU Numeric Errors vulnerability in GNU Glibc

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

5.0
2010-06-01 CVE-2009-4880 GNU Numeric Errors vulnerability in GNU Glibc

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

5.0
2010-06-01 CVE-2010-1641 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.

4.6
2010-06-03 CVE-2010-2155 Zonecheck Cross-Site Scripting vulnerability in Zonecheck 2.1.0

Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882.

4.3
2010-06-03 CVE-2010-2154 Cmscout Cross-Site Scripting vulnerability in Cmscout 2.09

Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2010-06-03 CVE-2010-2150 Fujitsu Cross-Site Scripting vulnerability in Fujitsu E-Pares L01/V01

Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-06-03 CVE-2010-2147 Unisoft
Joomla
Cross-Site Scripting vulnerability in Unisoft COM Mycar 1.0

Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.

4.3
2010-06-03 CVE-2010-2144 Zeeways Cross-Site Scripting vulnerability in Zeeways Ebay Clone Auction Script

Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2010-06-02 CVE-2009-4882 Zonecheck Cross-Site Scripting vulnerability in Zonecheck 2.0.413/2.1.0

Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.

4.3
2010-06-02 CVE-2010-2130 Arisglobal Cross-Site Scripting vulnerability in Arisglobal Arisg 5.0

Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.

4.3
2010-06-01 CVE-2010-2121 Opera Resource Management Errors vulnerability in Opera Browser 9.52

Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

4.3
2010-06-01 CVE-2010-2120 Google Resource Management Errors vulnerability in Google Chrome 1.0.154.48

Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.

4.3
2010-06-01 CVE-2010-2119 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900.2180

Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs.

4.3
2010-06-01 CVE-2010-2118 Microsoft Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.

4.3
2010-06-01 CVE-2010-2117 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

4.3
2010-06-03 CVE-2010-2149 Fujitsu Improper Authentication vulnerability in Fujitsu E-Pares

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-03 CVE-2010-2151 Fujitsu Cross-Site Request Forgery (CSRF) vulnerability in Fujitsu E-Pares

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.

2.6
2010-06-01 CVE-2010-2125 Systemseed
Drupal
Cross-Site Scripting vulnerability in Systemseed Rotor

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

2.1
2010-06-01 CVE-2010-2123 Speedtech
Drupal
Cross-Site Scripting vulnerability in Speedtech Storm

Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php.

2.1
2010-06-03 CVE-2008-7256 Linux Unspecified vulnerability in Linux Kernel

mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.

1.2