Weekly Vulnerabilities Reports > June 21 to 27, 2010

Overview

96 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 58 vendors including Apple, Mozilla, Linearcorp, Dootzky, and IBM. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 91 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities have public exploit available.
  • 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 90 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-25 CVE-2010-2468 S2Sys
Linearcorp
Sonitrol
Cryptographic Issues vulnerability in multiple products

The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password.

10.0
2010-06-22 CVE-2010-2421 Opera Multiple Security vulnerability in Opera Web Browser prior to 10.54

Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.

10.0
2010-06-21 CVE-2010-2351 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Netware

Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.

10.0
2010-06-25 CVE-2010-2434 Ponsoftware Classic Buffer Overflow vulnerability in Ponsoftware Explzh

Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.

9.3
2010-06-24 CVE-2010-2440 Upredsun Buffer Errors vulnerability in Upredsun Subtitle Translation Wizard 3.0

Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range.

9.3
2010-06-24 CVE-2010-2439 Moreforge Buffer Errors vulnerability in Moreforge Moreamp 0.1.23/0.1.25

Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).

9.3
2010-06-24 CVE-2010-1203 Mozilla Remote vulnerability in RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-26/27/28/29/30/32

The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.

9.3
2010-06-24 CVE-2010-1202 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-06-24 CVE-2010-1201 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-06-24 CVE-2010-1200 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-06-24 CVE-2010-1199 Mozilla Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.

9.3
2010-06-24 CVE-2010-1198 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.

9.3
2010-06-24 CVE-2010-1196 Mozilla Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.

9.3
2010-06-24 CVE-2010-0183 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus.

9.3
2010-06-21 CVE-2010-2348 Freesoftwaretoolbox Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freesoftwaretoolbox Batch Audio Converter

Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file.

9.3
2010-06-21 CVE-2010-2343 Dennisre Buffer Errors vulnerability in Dennisre Audio Converter 2007/8.05/8.1

Stack-based buffer overflow in D.R.

9.3

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-25 CVE-2010-2462 Tomacero SQL Injection vulnerability in Tomacero Orohyip

SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.

7.5
2010-06-25 CVE-2010-2461 JCE Tech SQL Injection vulnerability in Jce-Tech Overstock Script 1.0

SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.

7.5
2010-06-25 CVE-2010-2460 JCE Tech SQL Injection vulnerability in Jce-Tech Shareasale Script 1.0

SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.

7.5
2010-06-25 CVE-2010-2459 2Daybiz SQL Injection vulnerability in 2Daybiz Video Community Portal Script 1.0

SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.

7.5
2010-06-24 CVE-2010-2438 Laubrotel SQL Injection vulnerability in Laubrotel G.Cms Generator

SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php.

7.5
2010-06-24 CVE-2010-2436 Anecms SQL Injection vulnerability in Anecms Blog 1.0

SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

7.5
2010-06-24 CVE-2010-2225 PHP Resource Management Errors vulnerability in PHP

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

7.5
2010-06-22 CVE-2010-1632 IBM
Apache
Improper Input Validation vulnerability in Apache Axis2

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

7.5
2010-06-21 CVE-2010-2359 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Ewebquiz 8.0

SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.

7.5
2010-06-21 CVE-2010-2357 Eicrasoft SQL Injection vulnerability in Eicrasoft Eicra Realestate Script 1.0/1.6.0

SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter.

7.5
2010-06-21 CVE-2010-2354 Pilotgroup SQL Injection vulnerability in Pilotgroup Elms PRO

SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.

7.5
2010-06-21 CVE-2010-1168 Rafael Garcia Suarez
Perl
Permissions, Privileges, and Access Controls vulnerability in Rafael Garcia-Suarez Safe

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

7.5
2010-06-21 CVE-2010-2342 Dmxready SQL Injection vulnerability in Dmxready Online Notebook Manager 1.0

SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

7.5

62 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-22 CVE-2010-1754 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.

6.9
2010-06-25 CVE-2010-2456 Codelib Path Traversal vulnerability in Codelib Linker IMG

Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter.

6.8
2010-06-25 CVE-2009-4909 Dootzky Improper Authentication vulnerability in Dootzky Oblog

admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests.

6.8
2010-06-25 CVE-2009-4907 Dootzky Cross-Site Request Forgery (CSRF) vulnerability in Dootzky Oblog

Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.

6.8
2010-06-25 CVE-2009-4906 Accscripts Cross-Site Request Forgery (CSRF) vulnerability in Accscripts ACC PHP Email 1.1

Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

6.8
2010-06-25 CVE-2009-4905 Accscripts Cross-Site Request Forgery (CSRF) vulnerability in Accscripts ACC Statistics 1.1

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses.

6.8
2010-06-24 CVE-2010-2067 Libtiff
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

6.8
2010-06-24 CVE-2010-2065 Libtiff Numeric Errors vulnerability in Libtiff

Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.

6.8
2010-06-22 CVE-2010-1753 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.

6.8
2010-06-22 CVE-2010-1752 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.

6.8
2010-06-22 CVE-2010-2420 Fenrir INC Unspecified vulnerability in Fenrir-Inc Activegeckobrowser 1.0.0/1.0.5

Multiple unspecified vulnerabilities in Fenrir Inc.

6.8
2010-06-21 CVE-2010-2350 Daniel Mealha Cabrita Buffer Errors vulnerability in Daniel Mealha Cabrita Ziproxy 3.1.0

Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file.

6.8
2010-06-21 CVE-2010-0542 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Cups

The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.

6.8
2010-06-21 CVE-2010-2345 Odcms Cross-Site Request Forgery (CSRF) vulnerability in Odcms 1.06

Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests.

6.8
2010-06-24 CVE-2010-2425 Southrivertech Path Traversal vulnerability in Southrivertech Titan FTP Server

Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.

6.5
2010-06-22 CVE-2010-1757 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.

6.4
2010-06-21 CVE-2010-1622 Oracle
Springsource
Code Injection vulnerability in multiple products

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

6.0
2010-06-22 CVE-2010-1756 Apple Multiple vulnerability in RETIRED: Apple iPhone/iPod touch Prior to iOS 4

The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.

5.8
2010-06-21 CVE-2010-2358 Jeffkilroy Code Injection vulnerability in Jeffkilroy Nakid CMS 0.5.2

PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter.

5.1
2010-06-25 CVE-2010-2469 Linearcorp Credentials Management vulnerability in Linearcorp Emerge 50 and Emerge 5000

The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device.

5.0
2010-06-25 CVE-2010-2467 S2Sys
Linearcorp
Sonitrol
Credentials Management vulnerability in multiple products

The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.

5.0
2010-06-25 CVE-2010-2466 S2Sys
Linearcorp
Sonitrol
Permissions, Privileges, and Access Controls vulnerability in multiple products

The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames.

5.0
2010-06-25 CVE-2010-2465 S2Sys
Linearcorp
Sonitrol
Permissions, Privileges, and Access Controls vulnerability in multiple products

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.

5.0
2010-06-25 CVE-2009-4904 Dootzky Permissions, Privileges, and Access Controls vulnerability in Dootzky Oblog

article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action.

5.0
2010-06-24 CVE-2010-2443 Libtiff Unspecified vulnerability in Libtiff

The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.

5.0
2010-06-24 CVE-2010-2435 Salvo Tomaselli Improper Input Validation vulnerability in Salvo Tomaselli Weborf Http Server 0.10/0.11/0.12

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.

5.0
2010-06-22 CVE-2010-2432 Apple Resource Management Errors vulnerability in Apple Cups

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

5.0
2010-06-22 CVE-2010-1751 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.

5.0
2010-06-22 CVE-2010-1638 Horde Permissions, Privileges, and Access Controls vulnerability in Horde

The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script.

5.0
2010-06-21 CVE-2010-2353 Drupal
Yves Chedemois
Permissions, Privileges, and Access Controls vulnerability in Yves Chedemois CCK

The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.

5.0
2010-06-21 CVE-2010-2352 Karen Stevenson
Yves Chedemois
Drupal
Improper Input Validation vulnerability in multiple products

The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.

5.0
2010-06-21 CVE-2010-2349 Timhillone Resource Management Errors vulnerability in Timhillone H264Webcam 3.7

H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference.

5.0
2010-06-21 CVE-2010-2347 SAP Permissions, Privileges, and Access Controls vulnerability in SAP J2Ee Engine Core and Server Core

The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.

4.9
2010-06-25 CVE-2010-2464 Rsjoomla
Joomla
Cross-Site Scripting vulnerability in Rsjoomla COM Rscomments 1.0.0

Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.

4.3
2010-06-25 CVE-2010-2463 Jamroom Cross-Site Scripting vulnerability in Jamroom

Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.

4.3
2010-06-25 CVE-2010-2458 2Daybiz Cross-Site Scripting vulnerability in 2Daybiz Video Community Portal Script 1.0

Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.

4.3
2010-06-25 CVE-2010-2457 Qsoft INC Cross-Site Scripting vulnerability in Qsoft-Inc K-Search

Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter.

4.3
2010-06-25 CVE-2010-2455 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.

4.3
2010-06-25 CVE-2010-2454 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.

4.3
2010-06-25 CVE-2010-1206 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.

4.3
2010-06-25 CVE-2009-4908 Dootzky Cross-Site Scripting vulnerability in Dootzky Oblog

Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php.

4.3
2010-06-25 CVE-2009-4903 Dootzky Cross-Site Scripting vulnerability in Dootzky Oblog

Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2010-06-25 CVE-2010-2444 Maradns Denial-Of-Service vulnerability in MaraDNS

parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.

4.3
2010-06-24 CVE-2010-2442 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft IE

Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."

4.3
2010-06-24 CVE-2010-2441 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Webkit

WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295.

4.3
2010-06-24 CVE-2010-2437 Anecms Cross-Site Scripting vulnerability in Anecms Blog 1.0

Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.

4.3
2010-06-24 CVE-2010-0779 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-06-24 CVE-2010-0778 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-06-24 CVE-2010-1625 Malcom BOX Cross-Site Scripting vulnerability in Malcom BOX LXR Cross Referencer

Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.

4.3
2010-06-24 CVE-2010-1448 Malcom BOX Cross-Site Scripting vulnerability in Malcom BOX LXR Cross Referencer

Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625.

4.3
2010-06-24 CVE-2010-1197 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.

4.3
2010-06-24 CVE-2010-2433 IBM Cross-Site Scripting vulnerability in IBM Websphere Ilog Jrules 6.7

Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/.

4.3
2010-06-24 CVE-2010-2429 Splunk
Microsoft
Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.

4.3
2010-06-24 CVE-2010-2428 Wftpserver
Microsoft
Cross-Site Scripting vulnerability in Wftpserver Wing FTP Server

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.

4.3
2010-06-24 CVE-2010-2422 Plone Cross-Site Scripting vulnerability in Plone

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.

4.3
2010-06-22 CVE-2010-1755 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.

4.3
2010-06-22 CVE-2010-1407 Apple Information Exposure vulnerability in Apple Iphone OS

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.

4.3
2010-06-21 CVE-2010-2356 Pilotgroup Cross-Site Scripting vulnerability in Pilotgroup Elms PRO

Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.

4.3
2010-06-21 CVE-2010-2355 Pilotgroup Cross-Site Scripting vulnerability in Pilotgroup Elms PRO

Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2010-06-21 CVE-2010-2344 Odcms Cross-Site Scripting vulnerability in Odcms 1.06

Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php.

4.3
2010-06-24 CVE-2010-2426 Southrivertech Path Traversal vulnerability in Southrivertech Titan FTP Server

Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.

4.0
2010-06-22 CVE-2010-1637 Squirrelmail Permissions, Privileges, and Access Controls vulnerability in Squirrelmail

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-22 CVE-2010-2431 Apple Link Following vulnerability in Apple Cups

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

2.6
2010-06-24 CVE-2010-2224 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager 2.1

The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.

2.1
2010-06-24 CVE-2010-2223 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Hypervisor

Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.

2.1
2010-06-21 CVE-2010-1958 Drupal
Quicksketch
Cross-Site Scripting vulnerability in Quicksketch Filefield

Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).

2.1
2010-06-22 CVE-2010-1775 Apple Race Condition vulnerability in Apple Iphone OS

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.

1.9