Weekly Vulnerabilities Reports > June 14 to 20, 2010

Overview

150 new vulnerabilities reported during this period, including 53 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 60 vendors including Adobe, Macromedia, Apple, IBM, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Path Traversal", and "SQL Injection".

  • 132 reported vulnerabilities are remotely exploitables.
  • 28 reported vulnerabilities have public exploit available.
  • 41 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 143 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 31 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 29 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

53 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-18 CVE-2010-1769 Apple
Microsoft
Multiple vulnerability in RETIRED: Apple iPhone/iPod touch Prior to iOS 4

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.

10.0
2010-06-18 CVE-2010-1763 Apple
Microsoft
Unspecified vulnerability in Apple Itunes

Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.

10.0
2010-06-18 CVE-2010-0284 Novell
Microsoft
Path Traversal vulnerability in Novell Access Manager 3.1

Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a ..

10.0
2010-06-15 CVE-2010-2302 Google
Opensuse
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953.

10.0
2010-06-15 CVE-2010-2300 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784.

10.0
2010-06-15 CVE-2010-2299 Google Type Confusion vulnerability in Google Chrome

The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.

10.0
2010-06-15 CVE-2010-2298 Google
Linux
Improper Input Validation vulnerability in Google Chrome

browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.

10.0
2010-06-15 CVE-2010-2276 Dojotoolkit Configuration vulnerability in Dojotoolkit Dojo

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

10.0
2010-06-15 CVE-2010-2272 Dojotoolkit Unspecified vulnerability in Dojotoolkit Dojo

Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.

10.0
2010-06-15 CVE-2010-2054 Standards Based Linux Instrumentation Numeric Errors vulnerability in Standards Based Linux Instrumentation Sblim-Sfcb

Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915.

10.0
2010-06-15 CVE-2010-1937 Standards Based Linux Instrumentation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Standards Based Linux Instrumentation Sblim-Sfcb 1.3.4/1.3.5/1.3.6

Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896.

10.0
2010-06-15 CVE-2010-0990 Creative Buffer Errors vulnerability in Creative Autoupdate and Autoupdate Engine Activex Control

Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.

10.0
2010-06-18 CVE-2010-2331 Upredsun Buffer Errors vulnerability in Upredsun Isharer File Sharing Wizard 1.5.0

Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request.

9.3
2010-06-18 CVE-2010-2330 Upredsun Buffer Errors vulnerability in Upredsun Isharer File Sharing Wizard 1.5.0

Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.

9.3
2010-06-18 CVE-2010-2329 Rosoftengineering Buffer Errors vulnerability in Rosoftengineering Rosoft Audio Converter 4.4.4

Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file.

9.3
2010-06-18 CVE-2010-2321 Adobe Buffer Errors vulnerability in Adobe Indesign CS3 10.0

Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file.

9.3
2010-06-18 CVE-2010-1387 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

9.3
2010-06-17 CVE-2010-1377 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.

9.3
2010-06-17 CVE-2008-4389 Symantec Improper Authentication vulnerability in Symantec Appstream and Workspace Streaming

Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.

9.3
2010-06-16 CVE-2010-2311 Power TAB Buffer Errors vulnerability in Power-Tab Power TAB Editor 1.7.0.80

Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows user-assisted remote attackers to execute arbitrary code via a .ptb file with a long font name.

9.3
2010-06-16 CVE-2010-2305 Symantec Buffer Errors vulnerability in Symantec Sygate Personal Firewall 5.6

Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method.

9.3
2010-06-16 CVE-2010-1932 Xnview Buffer Errors vulnerability in Xnview 1.97.4

Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.

9.3
2010-06-15 CVE-2010-2297 Google
Opensuse
Suse
Code Injection vulnerability in multiple products

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.

9.3
2010-06-15 CVE-2010-2296 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.

9.3
2010-06-15 CVE-2010-2189 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

9.3
2010-06-15 CVE-2010-2188 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.

9.3
2010-06-15 CVE-2010-2187 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2186 Adobe
Macromedia
Code Injection vulnerability in multiple products

Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-06-15 CVE-2010-2185 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.

9.3
2010-06-15 CVE-2010-2184 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2183 Adobe
Macromedia
Numeric Errors vulnerability in multiple products

Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.

9.3
2010-06-15 CVE-2010-2182 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2181 Adobe
Macromedia
Numeric Errors vulnerability in multiple products

Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.

9.3
2010-06-15 CVE-2010-2180 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2178 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2177 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2176 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2175 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2174 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.

9.3
2010-06-15 CVE-2010-2173 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.

9.3
2010-06-15 CVE-2010-2171 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2170 Adobe
Macromedia
Numeric Errors vulnerability in multiple products

Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.

9.3
2010-06-15 CVE-2010-2169 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.

9.3
2010-06-15 CVE-2010-2167 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.

9.3
2010-06-15 CVE-2010-2166 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2165 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2010-2164 Adobe
Macromedia
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function." Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html 'Affected software versions Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux'

9.3
2010-06-15 CVE-2010-2163 Adobe
Macromedia
Code Injection vulnerability in multiple products

Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.

9.3
2010-06-15 CVE-2010-2162 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.

9.3
2010-06-15 CVE-2010-2161 Adobe
Macromedia
Code Injection vulnerability in multiple products

Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html 'Affected software versions Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux'

9.3
2010-06-15 CVE-2010-2160 Adobe
Macromedia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

9.3
2010-06-15 CVE-2009-3793 Adobe
Macromedia
Resource Management Errors vulnerability in multiple products

Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.

9.3
2010-06-15 CVE-2010-1885 Microsoft OS Command Injection vulnerability in Microsoft products

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." Per: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx "customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack."

9.3

21 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-15 CVE-2010-2287 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

8.3
2010-06-15 CVE-2010-2284 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

8.3
2010-06-15 CVE-2010-2279 IBM Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.

7.6
2010-06-18 CVE-2010-2341 Ezpx Code Injection vulnerability in Ezpx Photoblog 1.2

PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.

7.5
2010-06-18 CVE-2010-2339 Subdreamer SQL Injection vulnerability in Subdreamer

SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action.

7.5
2010-06-18 CVE-2010-2338 Vunet SQL Injection vulnerability in Vunet VU web Visitor Analyst

Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

7.5
2010-06-18 CVE-2010-2335 Yamamah SQL Injection vulnerability in Yamamah 1.00

SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.

7.5
2010-06-18 CVE-2010-2324 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.

7.5
2010-06-17 CVE-2010-2319 Idevspot SQL Injection vulnerability in Idevspot Textads 2.08

SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2010-06-17 CVE-2010-2317 Wmsdesign SQL Injection vulnerability in Wmsdesign Wmscms

Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.

7.5
2010-06-17 CVE-2010-2315 Smartisoft Code Injection vulnerability in Smartisoft PHPbazar 2.1.1

PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.

7.5
2010-06-17 CVE-2010-2063 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

7.5
2010-06-17 CVE-2010-1964 HP Remote Buffer Overflow vulnerability in HP OpenView Network Node Manager 7.51/7.53

Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.

7.5
2010-06-17 CVE-2010-1380 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.

7.5
2010-06-16 CVE-2010-2312 Hauntmax SQL Injection vulnerability in Hauntmax Haunted House Directory Listing CMS

SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action.

7.5
2010-06-16 CVE-2010-2309 Evological Buffer Errors vulnerability in Evological Evocam 3.6.6/3.6.7

Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.

7.5
2010-06-15 CVE-2010-2271 Accoria USE of Externally-Controlled Format String vulnerability in Accoria Rock web Server 1.4.7

Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.

7.5
2010-06-15 CVE-2010-2270 Accoria Cryptographic Issues vulnerability in Accoria Rock web Server 1.4.7

Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

7.5
2010-06-15 CVE-2010-2075 Unrealircd Improper Input Validation vulnerability in Unrealircd 3.2.8.1

UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.

7.5
2010-06-17 CVE-2010-1375 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors.

7.2
2010-06-16 CVE-2010-2308 Sophos Local Security vulnerability in Anti-Virus Small Business Edition

Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.

7.2

64 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-18 CVE-2010-2340 Arabportal SQL Injection vulnerability in Arabportal Arab Portal 2.2

SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.

6.8
2010-06-18 CVE-2010-0407 Muscle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Muscle Pcsc-Lite

Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.

6.8
2010-06-18 CVE-2009-4902 Muscle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Muscle Pcsc-Lite

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled.

6.8
2010-06-17 CVE-2010-2314 Edmondhui Homeip
Nucleus Group
Code Injection vulnerability in Edmondhui.Homeip NP Twitter 0.8/0.9

PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter.

6.8
2010-06-17 CVE-2010-2313 Anodyne Productions Path Traversal vulnerability in Anodyne-Productions Simm Management System 2.6.10

Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

6.8
2010-06-17 CVE-2010-1411 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

6.8
2010-06-17 CVE-2010-1376 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server

Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.

6.8
2010-06-17 CVE-2010-0543 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.

6.8
2010-06-16 CVE-2010-2074 W3M Improper Input Validation vulnerability in W3M 0.5.2

istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

6.8
2010-06-15 CVE-2010-2268 Accoria Cross-Site Request Forgery (CSRF) vulnerability in Accoria Rock web Server 1.4.7

Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts.

6.8
2010-06-15 CVE-2010-2294 Pxsystem Cross-Site Request Forgery (CSRF) vulnerability in Pxsystem Plume-Cms

Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

6.8
2010-06-15 CVE-2010-2293 D Link Improper Input Validation vulnerability in D-Link Di-604

The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.

6.8
2010-06-15 CVE-2009-4893 Unrealircd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Unrealircd

Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

6.8
2010-06-17 CVE-2010-0540 Apple Cross-Site Request Forgery (CSRF) vulnerability in Apple mac OS X and mac OS X Server

Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.

6.0
2010-06-15 CVE-2010-1514 Tomatocms Multiple Security vulnerability in TomatoCMS

Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.

6.0
2010-06-18 CVE-2010-0831 Matthias Klose Path Traversal vulnerability in Matthias Klose Fastjar 0.98

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a ..

5.8
2010-06-15 CVE-2010-2282 Tomatocms Cross-Site Request Forgery (CSRF) vulnerability in Tomatocms 2.0.6

Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password.

5.1
2010-06-18 CVE-2010-2336 Yamamah Information Exposure vulnerability in Yamamah 1.00

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter.

5.0
2010-06-18 CVE-2010-2334 Yamamah Path Traversal vulnerability in Yamamah 1.00

Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a ..

5.0
2010-06-18 CVE-2010-2333 Litespeedtech Information Exposure vulnerability in Litespeedtech Litespeed web Server

LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.

5.0
2010-06-18 CVE-2010-2332 Impactfinancials
Apple
Improper Input Validation vulnerability in Impactfinancials Impact PDF Reader 1.2/2.0

Impact Financials, Inc.

5.0
2010-06-18 CVE-2010-2328 IBM Unspecified vulnerability in IBM Websphere Application Server

The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression.

5.0
2010-06-18 CVE-2010-2323 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.

5.0
2010-06-18 CVE-2010-2068 Apache Information Exposure vulnerability in Apache Http Server

mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.

5.0
2010-06-17 CVE-2010-1642 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

5.0
2010-06-17 CVE-2010-1635 Samba Unspecified vulnerability in Samba

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

5.0
2010-06-17 CVE-2010-1379 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.

5.0
2010-06-16 CVE-2010-2310 Solarwinds Improper Input Validation vulnerability in Solarwinds Tftp Server 10.4.0.13

SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request.

5.0
2010-06-16 CVE-2010-2307 Motorola Path Traversal vulnerability in Motorola Surfboard Sbv6120E Sbv6X2X1.0.0.5Scm02Shpc

Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.

5.0
2010-06-16 CVE-2010-2073 Radovan Garabik Credentials Management vulnerability in Radovan Garabik Pyftpd 0.8.4

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.

5.0
2010-06-15 CVE-2010-2269 Accoria Path Traversal vulnerability in Accoria Rock web Server 1.4.7

Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a ..

5.0
2010-06-15 CVE-2010-2266 Nginx Path Traversal vulnerability in Nginx

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

5.0
2010-06-15 CVE-2010-2263 Nginx Information Exposure vulnerability in Nginx

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

5.0
2010-06-16 CVE-2010-2070 Xensource Local Denial Of Service vulnerability in Xen 'arch/ia64/xen/faults.c'

arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742.

4.9
2010-06-16 CVE-2010-2071 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

4.6
2010-06-17 CVE-2010-0545 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.

4.4
2010-06-18 CVE-2010-2327 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload.

4.3
2010-06-18 CVE-2010-2326 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file.

4.3
2010-06-18 CVE-2010-2325 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."

4.3
2010-06-17 CVE-2010-2318 Phpcityportal Cross-Site Scripting vulnerability in PHPcityportal 1.3

Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2010-06-17 CVE-2010-2316 Wmsdesign Cross-Site Scripting vulnerability in Wmsdesign Wmscms

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.

4.3
2010-06-17 CVE-2010-1748 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Cups

The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.

4.3
2010-06-17 CVE-2010-1374 Apple
AOL
Path Traversal vulnerability in Apple mac OS X and mac OS X Server

Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.

4.3
2010-06-17 CVE-2010-1373 Apple Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server

Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."

4.3
2010-06-17 CVE-2010-0541 Apple Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.

4.3
2010-06-16 CVE-2010-2306 Sourcefire Configuration vulnerability in Sourcefire products

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.

4.3
2010-06-15 CVE-2010-2301 Google
Opensuse
Suse
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element.

4.3
2010-06-15 CVE-2010-2295 Google Improper Input Validation vulnerability in Google Chrome

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610.

4.3
2010-06-15 CVE-2010-2179 Adobe
Google
Mozilla
Macromedia
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

4.3
2010-06-15 CVE-2010-2172 Adobe Remote vulnerability in RETIRED: Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130

Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.

4.3
2010-06-15 CVE-2010-2281 Tomatocms Cross-Site Scripting vulnerability in Tomatocms 2.0.6

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO.

4.3
2010-06-15 CVE-2010-2280 IBM Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1

Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.

4.3
2010-06-15 CVE-2010-2277 IBM Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0/2.5.0.1

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.

4.3
2010-06-15 CVE-2010-2275 Dojotoolkit Cross-Site Scripting vulnerability in Dojotoolkit Dojo

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

4.3
2010-06-15 CVE-2010-2274 Dojotoolkit Unspecified vulnerability in Dojotoolkit Dojo

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

4.3
2010-06-15 CVE-2010-2273 Dojotoolkit Cross-Site Scripting vulnerability in Dojotoolkit Dojo

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.

4.3
2010-06-15 CVE-2010-2267 Accoria Cross-Site Scripting vulnerability in Accoria Rock web Server 1.4.7

Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.

4.3
2010-06-15 CVE-2010-2292 D Link Cross-Site Scripting vulnerability in D-Link Di-604

Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.

4.3
2010-06-15 CVE-2010-2290 Mcafee Cross-Site Scripting vulnerability in Mcafee Unified Threat Management Firewall Firmware 3.0.0/3.1.5/4.0.6

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2010-06-15 CVE-2010-2289 Juniper Improper Input Validation vulnerability in Juniper Secure Access 6.5

Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter.

4.3
2010-06-15 CVE-2010-2288 Juniper Cross-Site Scripting vulnerability in Juniper Secure Access 6.5

Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie.

4.3
2010-06-15 CVE-2010-2265 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm.

4.3
2010-06-15 CVE-2009-4894 Punbb Cross-Site Scripting vulnerability in Punbb

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.

4.3
2010-06-15 CVE-2010-2278 IBM Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-16 CVE-2010-2072 Radovan Garabik Cryptographic Issues vulnerability in Radovan Garabik Pyftpd 0.8.4

Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information.

3.6
2010-06-17 CVE-2010-1382 Apple Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

3.5
2010-06-17 CVE-2010-1381 Apple Configuration vulnerability in Apple mac OS X and mac OS X Server

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links.

3.5
2010-06-17 CVE-2010-0546 Apple Link Following vulnerability in Apple mac OS X and mac OS X Server

Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.

3.3
2010-06-15 CVE-2010-2291 Snom Permissions, Privileges, and Access Controls vulnerability in Snom Voip Phone Firmware

Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors.

3.3
2010-06-15 CVE-2010-2286 Wireshark Resource Management Errors vulnerability in Wireshark

The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

3.3
2010-06-15 CVE-2010-2285 Wireshark Multiple vulnerability in Wireshark 0.8.20 through 1.2.8

The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.

3.3
2010-06-15 CVE-2010-2283 Wireshark Multiple vulnerability in Wireshark 0.8.20 through 1.2.8

The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.

3.3
2010-06-18 CVE-2010-2322 Matthias Klose Path Traversal vulnerability in Matthias Klose Fastjar 0.98

Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831.

2.6
2010-06-15 CVE-2010-1515 Tomatocms Cross-Site Scripting vulnerability in Tomatocms

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO.

2.6
2010-06-18 CVE-2009-4901 Muscle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Muscle Pcsc-Lite

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

2.1
2010-06-18 CVE-2010-2192 Vincent Fourmond Link Following vulnerability in Vincent Fourmond Pmount 0.9.18

The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.

1.9