Weekly Vulnerabilities Reports > June 7 to 13, 2010
Overview
2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 6 products from 4 vendors including Adobe, Opensuse, Suse, and Linksys. Vulnerabilities are notably categorized as "Use of Hard-coded Credentials", and "Out-of-bounds Write".
- 1 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Linksys has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-06-10 | CVE-2010-1573 | Linksys | Use of Hard-coded Credentials vulnerability in Linksys Wap54G Firmware Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | 9.8 |
1 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-06-08 | CVE-2010-1297 | Adobe Suse Opensuse | Out-of-bounds Write vulnerability in multiple products Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. | 7.8 |
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|