Weekly Vulnerabilities Reports > June 7 to 13, 2010

Overview

133 new vulnerabilities reported during this period, including 56 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 48 vendors including Microsoft, Apple, RPM, HP, and Joomla. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 115 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 123 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 75 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 47 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

56 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-10 CVE-2010-2261 Linksys Code Injection vulnerability in Linksys Wap54Gv3 3.05.03

Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.

10.0
2010-06-10 CVE-2010-2193 CA Improper Input Validation vulnerability in CA Psformx Active X Control and Webscan Active X Control

Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.

10.0
2010-06-10 CVE-2010-1961 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.

10.0
2010-06-10 CVE-2010-1960 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.

10.0
2010-06-10 CVE-2010-1573 Linksys Credentials Management vulnerability in Linksys Wap54Gv3 3.05.03

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.

10.0
2010-06-07 CVE-2010-1962 HP Unauthorized Access vulnerability in HP StorageWorks Storage Mirroring

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.2.1.870.0 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2010-06-11 CVE-2010-1774 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

9.3
2010-06-11 CVE-2010-1771 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.

9.3
2010-06-11 CVE-2010-1770 Apple
Microsoft
Google
Canonical
Opensuse
Suse
Code Injection vulnerability in multiple products

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

9.3
2010-06-11 CVE-2010-1761 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.

9.3
2010-06-11 CVE-2010-1759 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.

9.3
2010-06-11 CVE-2010-1758 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.

9.3
2010-06-11 CVE-2010-1419 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.

9.3
2010-06-11 CVE-2010-1750 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.

9.3
2010-06-11 CVE-2010-1749 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.

9.3
2010-06-11 CVE-2010-1417 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.

9.3
2010-06-11 CVE-2010-1415 Apple
Microsoft
Code Injection vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

9.3
2010-06-11 CVE-2010-1414 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.

9.3
2010-06-11 CVE-2010-1412 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.

9.3
2010-06-11 CVE-2010-1410 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.

9.3
2010-06-11 CVE-2010-1405 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.

9.3
2010-06-11 CVE-2010-1404 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.

9.3
2010-06-11 CVE-2010-1403 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.

9.3
2010-06-11 CVE-2010-1402 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.

9.3
2010-06-11 CVE-2010-1401 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.

9.3
2010-06-11 CVE-2010-1400 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.

9.3
2010-06-11 CVE-2010-1399 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

9.3
2010-06-11 CVE-2010-1398 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.

9.3
2010-06-11 CVE-2010-1397 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.

9.3
2010-06-11 CVE-2010-1396 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.

9.3
2010-06-11 CVE-2010-1392 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.

9.3
2010-06-11 CVE-2010-1385 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

9.3
2010-06-10 CVE-2010-0395 Canonical
Debian
Fedoraproject
Opensuse
Suse
Apache
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
9.3
2010-06-08 CVE-2010-1880 Microsoft Code Injection vulnerability in Microsoft Directx

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."

9.3
2010-06-08 CVE-2010-1879 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."

9.3
2010-06-08 CVE-2010-1262 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-1261 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-1260 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-1259 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-0811 Microsoft Code Injection vulnerability in Microsoft products

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."

9.3
2010-06-08 CVE-2010-1263 Microsoft Code Injection vulnerability in Microsoft Office 2003/2007/Xp

Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability."

9.3
2010-06-08 CVE-2010-1253 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability."

9.3
2010-06-08 CVE-2010-1252 Microsoft Code Injection vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."

9.3
2010-06-08 CVE-2010-1251 Microsoft Code Injection vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-1250 Microsoft Code Injection vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-1249 Microsoft Code Injection vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.

9.3
2010-06-08 CVE-2010-1248 Microsoft Code Injection vulnerability in Microsoft Excel and Office

Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-1247 Microsoft Code Injection vulnerability in Microsoft Excel 2002

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.

9.3
2010-06-08 CVE-2010-1246 Microsoft Code Injection vulnerability in Microsoft Excel 2002

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."

9.3
2010-06-08 CVE-2010-1245 Microsoft Code Injection vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.

9.3
2010-06-08 CVE-2010-0824 Microsoft Code Injection vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.

9.3
2010-06-08 CVE-2010-0823 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.

9.3
2010-06-08 CVE-2010-0822 Microsoft Code Injection vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."

9.3
2010-06-08 CVE-2010-0821 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245.

9.3
2010-06-08 CVE-2010-1297 Adobe Unspecified vulnerability in Adobe Acrobat, Acrobat Reader and Flash Player

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.

9.3
2010-06-10 CVE-2010-1572 Cisco Remote Privilege Escalation vulnerability in Cisco Application Extension Framework 1.1/1.1.5

Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls.

9.0

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-08 CVE-2010-1256 Microsoft Code Injection vulnerability in Microsoft Internet Information Server 6.0

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx 'Mitigating Factors for IIS Authentication Memory Corruption Vulnerability - CVE-2010-1256 Without the installation of KB973917 on Windows Server 2003, Windows Vista, and Windows Server 2008, systems will not have the Extended Protection for Authentication feature and will not be vulnerable. Extended Protection for Authentication is not enabled by default on any affected platform, even when a system has installed KB973917.

8.5
2010-06-10 CVE-2010-1571 Cisco Path Traversal vulnerability in Cisco products

Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.

7.8
2010-06-10 CVE-2010-1570 Cisco Denial of Service vulnerability in Cisco products

The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message.

7.8
2010-06-11 CVE-2009-4892 Webjump SQL Injection vulnerability in Webjump Webjump!

SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php.

7.5
2010-06-11 CVE-2009-4891 CS Cart SQL Injection vulnerability in Cs-Cart 2.0

SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.

7.5
2010-06-11 CVE-2009-4889 Basti2Web
PHP Fusion
SQL Injection vulnerability in Basti2Web Book Panel

SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.

7.5
2010-06-11 CVE-2009-4883 Todd Rogers SQL Injection vulnerability in Todd Rogers PHPrecipebook 2.24/2.39

SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.

7.5
2010-06-10 CVE-2010-1931 Cubecart SQL Injection vulnerability in Cubecart

SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.

7.5
2010-06-09 CVE-2010-2259 Tamlyncreative
Joomla
Path Traversal vulnerability in Tamlyncreative products

Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-06-09 CVE-2010-2257 Payperviewvideosoftware SQL Injection vulnerability in Payperviewvideosoftware PAY PER Minute Video Chat Script 2.0/2.1

SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2010-06-09 CVE-2010-2255 Tamlyncreative
Joomla
SQL Injection vulnerability in Tamlyncreative products

SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2010-06-09 CVE-2010-2254 Shape5
Joomla
SQL Injection vulnerability in Shape5 Bridge of Hope Template

SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.

7.5
2010-06-08 CVE-2010-2060 Wildbit Remote Command Execution vulnerability in Beanstalk Job Data

The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.

7.5
2010-06-08 CVE-2010-0819 Microsoft Improper Input Validation vulnerability in Microsoft products

Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."

7.2
2010-06-08 CVE-2010-2199 RPM Permissions, Privileges, and Access Controls vulnerability in RPM

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

7.2
2010-06-08 CVE-2010-2198 RPM Permissions, Privileges, and Access Controls vulnerability in RPM

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

7.2
2010-06-08 CVE-2010-2059 RPM Permissions, Privileges, and Access Controls vulnerability in RPM

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

7.2
2010-06-08 CVE-2005-4889 RPM Permissions, Privileges, and Access Controls vulnerability in RPM

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

7.2
2010-06-08 CVE-2004-2768 Debian Permissions, Privileges, and Access Controls vulnerability in Debian Dpkg 1.9.21

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.

7.2

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-08 CVE-2010-1254 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Open XML File Format Converter

The installation for Microsoft Open XML File Format Converter for Mac sets insecure ACLs for the /Applications folder, which allows local users to execute arbitrary code by replacing the executable with a Trojan Horse, aka "Mac Office Open XML Permissions Vulnerability."

6.9
2010-06-11 CVE-2009-4887 Sbuilder Code Injection vulnerability in Sbuilder CMS S.Builder

PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie.

6.8
2010-06-11 CVE-2009-4884 Bernhard Frohlich SQL Injection vulnerability in Bernhard Frohlich PHPcom 2.1.8

Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.

6.8
2010-06-08 CVE-2010-1255 Microsoft Code Injection vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."

6.8
2010-06-08 CVE-2010-0485 Microsoft Improper Input Validation vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."

6.8
2010-06-08 CVE-2010-0484 Microsoft Improper Input Validation vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."

6.8
2010-06-08 CVE-2010-1648 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

6.8
2010-06-07 CVE-2010-1904 EMC SQL Injection vulnerability in EMC RSA KEY Manager Client 1.5.0

SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data.

6.8
2010-06-08 CVE-2010-2159 Dameng Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dameng DM Database Server

Dameng DM Database Server allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to the SP_DEL_BAK_EXPIRED procedure in wdm_dll.dll, which triggers memory corruption.

6.5
2010-06-08 CVE-2010-1848 Mysql
Oracle
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a ..

6.5
2010-06-08 CVE-2010-2191 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.

6.4
2010-06-07 CVE-2010-1646 Todd Miller Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

6.2
2010-06-08 CVE-2010-1850 Mysql
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

6.0
2010-06-11 CVE-2010-1409 Apple
Microsoft
Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

5.8
2010-06-08 CVE-2010-2197 RPM Permissions, Privileges, and Access Controls vulnerability in RPM

rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.

5.8
2010-06-11 CVE-2010-1413 Apple
Microsoft
Cryptographic Issues vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

5.0
2010-06-11 CVE-2009-4886 Bernhard Frohlich Path Traversal vulnerability in Bernhard Frohlich PHPcom 2.1.8

Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a ..

5.0
2010-06-10 CVE-2010-2262 Galileo Students Improper Input Validation vulnerability in Galileo Students Team Weborf

Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header.

5.0
2010-06-08 CVE-2010-2190 PHP Information Exposure vulnerability in PHP

The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

5.0
2010-06-08 CVE-2010-1849 Mysql
Oracle
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
5.0
2010-06-07 CVE-2010-2156 ISC Numeric Errors vulnerability in ISC Dhcp

ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.

5.0
2010-06-07 CVE-2010-2024 Exim Race Condition vulnerability in Exim

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

4.4
2010-06-07 CVE-2010-2023 Exim Race Condition vulnerability in Exim

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

4.4
2010-06-11 CVE-2010-2264 Apple
Microsoft
Information Exposure vulnerability in Apple Safari and Webkit

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.

4.3
2010-06-11 CVE-2010-1764 Apple
Microsoft
Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

4.3
2010-06-11 CVE-2010-1762 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.

4.3
2010-06-11 CVE-2010-1421 Apple
Microsoft
Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1

The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.

4.3
2010-06-11 CVE-2010-1418 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.

4.3
2010-06-11 CVE-2010-0544 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.

4.3
2010-06-11 CVE-2010-1422 Apple
Microsoft
Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.

4.3
2010-06-11 CVE-2010-1416 Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."

4.3
2010-06-11 CVE-2010-1408 Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.

4.3
2010-06-11 CVE-2010-1406 Apple
Microsoft
Information Exposure vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

4.3
2010-06-11 CVE-2010-1395 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."

4.3
2010-06-11 CVE-2010-1394 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.

4.3
2010-06-11 CVE-2010-1393 Apple
Microsoft
Information Exposure vulnerability in Apple Safari and Webkit

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.

4.3
2010-06-11 CVE-2010-1391 Apple
Microsoft
Path Traversal vulnerability in Apple Safari and Webkit

Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and ..

4.3
2010-06-11 CVE-2010-1390 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.

4.3
2010-06-11 CVE-2010-1389 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.

4.3
2010-06-11 CVE-2010-1388 Apple
Microsoft
Information Exposure vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.

4.3
2010-06-11 CVE-2010-1384 Apple
Microsoft
Information Exposure vulnerability in Apple Safari

Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

4.3
2010-06-11 CVE-2009-4890 Retrieve Cross-Site Scripting vulnerability in Retrieve Vbook 4.2.17

Multiple cross-site scripting (XSS) vulnerabilities in the login application in vBook 4.2.17 allow remote attackers to inject arbitrary web script or HTML via the (1) title and (2) message parameters.

4.3
2010-06-11 CVE-2009-4888 Nskate Cross-Site Scripting vulnerability in Nskate Phortail 1.2.1

Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters.

4.3
2010-06-11 CVE-2009-4885 Bernhard Frohlich Cross-Site Scripting vulnerability in Bernhard Frohlich PHPcom 2.1.8

Cross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2010-06-09 CVE-2010-2260 Gambitdesign Cross-Site Scripting vulnerability in Gambitdesign Bandwidth Meter 0.72/1.2

Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/.

4.3
2010-06-09 CVE-2010-2258 Phpbannerexchange Project Cross-Site Scripting vulnerability in PHPbannerexchange Project PHPbannerexchange 1.2

Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter.

4.3
2010-06-09 CVE-2010-2256 Payperviewvideosoftware Cross-Site Scripting vulnerability in Payperviewvideosoftware PAY PER Minute Video Chat Script 2.0/2.1

Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php.

4.3
2010-06-08 CVE-2010-1257 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

4.3
2010-06-08 CVE-2010-1649 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

4.3
2010-06-08 CVE-2010-1647 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.

4.3
2010-06-07 CVE-2010-1963 HP Cross-Site Scripting vulnerability in HP Servicecenter

Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-06-08 CVE-2010-1264 Microsoft Remote Denial of Service vulnerability in Microsoft Sharepoint Services 3.0

Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability."

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-07 CVE-2010-1439 Redhat
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in Redhat Yum-Rhn-Plugin

yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.

3.6
2010-06-07 CVE-2010-2053 Emesene Link Following vulnerability in Emesene

emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.

3.3
2010-06-08 CVE-2010-1636 Linux Information Exposure vulnerability in Linux Kernel

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor.

2.1
2010-06-07 CVE-2010-2058 Prelude Technologies Permissions, Privileges, and Access Controls vulnerability in Prelude-Technologies Prewikka 0.9.14

setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password.

2.1
2010-06-07 CVE-2010-2158 Speedtech
Drupal
Cross-Site Scripting vulnerability in Speedtech Storm

Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php.

2.1
2010-06-07 CVE-2010-2157 Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.
2.1