Weekly Vulnerabilities Reports > June 28 to July 4, 2010

Overview

93 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 51 vendors including Apple, Microsoft, Cisco, Adobe, and 2Daybiz. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".

  • 87 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 36 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 14 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-29 CVE-2010-2451 Kvirc USE of Externally-Controlled Format String vulnerability in Kvirc 3.4.0/4.0

Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.

10.0
2010-06-29 CVE-2009-4919 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco ASA 5580

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.

10.0
2010-06-29 CVE-2009-4912 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.

10.0
2010-07-02 CVE-2010-2620 Open Ftpd Improper Authentication vulnerability in Open-Ftpd 1.0

Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.

9.3
2010-06-30 CVE-2010-2212 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.

9.3
2010-06-30 CVE-2010-2211 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.

9.3
2010-06-30 CVE-2010-2210 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.

9.3
2010-06-30 CVE-2010-2209 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.

9.3
2010-06-30 CVE-2010-2208 Adobe
Apple
Microsoft
Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.

9.3
2010-06-30 CVE-2010-2207 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.

9.3
2010-06-30 CVE-2010-2206 Adobe
Apple
Microsoft
Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader

Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.

9.3
2010-06-30 CVE-2010-2205 Adobe
Apple
Microsoft
Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.

9.3
2010-06-30 CVE-2010-2204 Adobe
Apple
Microsoft
Remote Denial of Service vulnerability in Adobe Acrobat and Reader CoolType Typography Engine

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.

9.3
2010-06-30 CVE-2010-2202 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.

9.3
2010-06-30 CVE-2010-2201 Adobe
Apple
Microsoft
Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.

9.3
2010-06-30 CVE-2010-2168 Adobe
Apple
Microsoft
Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.

9.3
2010-06-30 CVE-2010-1295 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.

9.3
2010-06-30 CVE-2010-1285 Adobe
Apple
Microsoft
Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.

9.3
2010-06-29 CVE-2010-2452 Kvirc Path Traversal vulnerability in Kvirc 3.4.0/4.0

Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.

9.3
2010-06-28 CVE-2010-1929 Novell Buffer Errors vulnerability in Novell Imanager 2.7.0/2.7.3

Multiple stack-based buffer overflows in the [email protected] function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-02 CVE-2010-2625 Hitachi Denial-Of-Service vulnerability in Hitachi products

Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors.

7.8
2010-06-29 CVE-2009-4923 Cisco Unspecified vulnerability in Cisco ASA 5580

Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.

7.8
2010-06-29 CVE-2009-4921 Cisco Improper Input Validation vulnerability in Cisco ASA 5580

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.

7.8
2010-06-29 CVE-2009-4920 Cisco Unspecified vulnerability in Cisco ASA 5580

Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.

7.8
2010-06-29 CVE-2009-4918 Cisco Improper Input Validation vulnerability in Cisco ASA 5580

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.

7.8
2010-06-29 CVE-2009-4917 Cisco Unspecified vulnerability in Cisco ASA 5580

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901.

7.8
2010-06-29 CVE-2009-4915 Cisco Unspecified vulnerability in Cisco ASA 5580

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection stress test," aka Bug ID CSCsq68451.

7.8
2010-06-29 CVE-2009-4914 Cisco Resource Management Errors vulnerability in Cisco ASA 5580

Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879.

7.8
2010-06-29 CVE-2009-4911 Cisco Unspecified vulnerability in Cisco ASA 5580 8.1(1)

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958.

7.8
2010-07-02 CVE-2010-2626 Miyabi SEO Code Injection vulnerability in Miyabi-Seo CGI Tools SEO Links 1.02

index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command.

7.5
2010-07-02 CVE-2010-2624 Iscripts SQL Injection vulnerability in Iscripts Easysnaps 2.0

Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.

7.5
2010-07-02 CVE-2010-2623 Internetdm SQL Injection vulnerability in Internetdm BED and Breakfast

SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.

7.5
2010-07-02 CVE-2010-2622 Joomanager
Joomla
SQL Injection vulnerability in Joomanager 1.1.1

SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2010-07-02 CVE-2010-2616 Paul Mcenery SQL Injection vulnerability in Paul Mcenery PHP Bible Search 0.99

SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.

7.5
2010-07-02 CVE-2010-2614 Grafik Power SQL Injection vulnerability in Grafik-Power Grafik CMS 1.1.1

SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action.

7.5
2010-07-02 CVE-2010-2611 I Netsolution SQL Injection vulnerability in I-Netsolution JOB Search Engine Script

SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

7.5
2010-07-02 CVE-2010-2610 2Daybiz SQL Injection vulnerability in 2Daybiz JOB Site Script

Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.

7.5
2010-07-02 CVE-2010-2609 2Daybiz SQL Injection vulnerability in 2Daybiz JOB Search Engine Script

SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

7.5
2010-07-02 CVE-2010-2233 Libtiff Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

7.5
2010-07-02 CVE-2010-1522 Ordasoft
Joomla
SQL Injection vulnerability in Ordasoft COM Booklibrary 1.5.3

Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php.

7.5
2010-06-30 CVE-2010-2518 IBM Permissions, Privileges, and Access Controls vulnerability in IBM P8 Content Engine and P8 Content Search Engine

Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors.

7.5
2010-06-30 CVE-2010-2517 IBM Security vulnerability in IBM Rational ClearQuest

Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.

7.5
2010-06-30 CVE-2010-1521 Taskfreak SQL Injection vulnerability in Taskfreak Taskfreak!

SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php.

7.5
2010-06-30 CVE-2010-1205 Libpng
Google
Apple
Fedoraproject
Opensuse
Suse
Vmware
Canonical
Debian
Mozilla
Classic Buffer Overflow vulnerability in multiple products

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

7.5
2010-06-29 CVE-2010-2516 2Daybiz SQL Injection vulnerability in 2Daybiz Multi Level Marketing Software

Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php.

7.5
2010-06-28 CVE-2010-2513 Harmistechnology
Joomla
SQL Injection vulnerability in Harmistechnology COM Jeajaxeventcalendar 1.0.5

SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

7.5
2010-06-28 CVE-2010-2512 2Daybiz SQL Injection vulnerability in 2Daybiz Matrimonial Script

SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-06-28 CVE-2010-2511 2Daybiz SQL Injection vulnerability in 2Daybiz Multi Level Marketing Software

SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.

7.5
2010-06-28 CVE-2010-2510 2Daybiz SQL Injection vulnerability in 2Daybiz web Template Software

SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.

7.5
2010-06-28 CVE-2010-2508 2Daybiz SQL Injection vulnerability in 2Daybiz Video Community Portal Script 1.0

SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.

7.5
2010-06-28 CVE-2010-2502 Splunk Path Traversal vulnerability in Splunk

Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.

7.5
2010-07-02 CVE-2010-2549 Microsoft Resource Management Errors vulnerability in Microsoft Windows Server 2008 and Windows Vista

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."

7.2

36 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-02 CVE-2010-2627 EA Path Traversal vulnerability in EA Battlefield 2 and Battlefield 2142

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

6.8
2010-07-02 CVE-2010-1666 DAN Pascu Buffer Errors vulnerability in DAN Pascu Python-Cjson 1.0.5

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

6.8
2010-07-02 CVE-2010-2618 Insanevisions Code Injection vulnerability in Insanevisions Adapcms 2.0.0/2.0.1

PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

6.8
2010-07-02 CVE-2010-2594 Intersect Alliance
SUN
Microsoft
Linux
SGI
Unix
IBM
Cross-Site Request Forgery (CSRF) vulnerability in Intersect Alliance Snare Agent and Snare Epilog

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

6.8
2010-06-30 CVE-2010-2203 Adobe
Unix
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

6.8
2010-06-29 CVE-2009-4922 Cisco Unspecified vulnerability in Cisco ASA 5580

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583.

6.8
2010-06-28 CVE-2010-2515 Dacian Strain
Joomla
SQL Injection vulnerability in Dacian Strain COM Jfaq 1.2

Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field).

6.8
2010-06-28 CVE-2010-2507 Masselink
Joomla
Path Traversal vulnerability in Masselink COM Picasa2Gallery

Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-06-28 CVE-2010-2231 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

6.8
2010-06-28 CVE-2010-2504 Splunk Information Disclosure vulnerability in Splunk

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.

6.0
2010-07-02 CVE-2010-2621 QT
Digia
Improper Input Validation vulnerability in multiple products

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

5.0
2010-06-29 CVE-2009-4913 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580

The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622.

5.0
2010-06-28 CVE-2010-2505 Saschart Improper Input Validation vulnerability in Saschart Sascam Webcam Server 2.6.5

Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.

5.0
2010-06-28 CVE-2010-1930 Novell Numeric Errors vulnerability in Novell Imanager 2.7.0/2.7.3

Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.

5.0
2010-06-28 CVE-2010-1204 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."

5.0
2010-07-02 CVE-2009-4924 DAN Pascu Cross-Site Scripting vulnerability in DAN Pascu Python-Cjson 1.0.5

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

4.3
2010-07-02 CVE-2010-2480 Makotemplates Cross-Site Scripting vulnerability in Makotemplates Mako

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

4.3
2010-07-02 CVE-2010-2617 Paul Mcenery Cross-Site Scripting vulnerability in Paul Mcenery PHP Bible Search 0.99

Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.

4.3
2010-07-02 CVE-2010-2615 Grafik Power Cross-Site Scripting vulnerability in Grafik-Power Grafik CMS 1.1.1

Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.

4.3
2010-07-02 CVE-2010-2613 Harmistechnology
Joomla
Cross-Site Scripting vulnerability in Harmistechnology COM AWD Song

Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.

4.3
2010-07-02 CVE-2010-2598 Redhat Improper Input Validation vulnerability in Redhat Enterprise Linux 3/3.0

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

4.3
2010-07-02 CVE-2010-2597 Libtiff Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2

The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.

4.3
2010-07-02 CVE-2010-2596 Libtiff Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2

The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."

4.3
2010-07-02 CVE-2010-2595 Libtiff Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."

4.3
2010-06-30 CVE-2010-2249 Libpng
Apple
Fedoraproject
Opensuse
Suse
Vmware
Canonical
Debian
Memory Leak vulnerability in multiple products

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

4.3
2010-06-30 CVE-2010-1520 Taskfreak Cross-Site Scripting vulnerability in Taskfreak Taskfreak!

Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter.

4.3
2010-06-29 CVE-2009-4910 Cisco Cross-Site Scripting vulnerability in Cisco ASA 5580

Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418.

4.3
2010-06-29 CVE-2008-7257 Cisco Improper Input Validation vulnerability in Cisco ASA 5580 8.1(1)

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.

4.3
2010-06-28 CVE-2010-2514 Dacian Strain
Joomla
Cross-Site Scripting vulnerability in Dacian Strain COM Jfaq 1.2

Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.

4.3
2010-06-28 CVE-2010-2509 2Daybiz Cross-Site Scripting vulnerability in 2Daybiz web Template Software

Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.

4.3
2010-06-28 CVE-2010-2503 Splunk Cross-Site Scripting vulnerability in Splunk

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.

4.3
2010-06-28 CVE-2010-2229 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2010-06-28 CVE-2010-2228 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

4.3
2010-07-02 CVE-2004-2769 Cerberusftp Permissions, Privileges, and Access Controls vulnerability in Cerberusftp FTP Server

Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.

4.0
2010-06-29 CVE-2009-4916 Cisco Unspecified vulnerability in Cisco ASA 5580

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095.

4.0
2010-06-28 CVE-2010-2230 Moodle Cross-Site Scripting vulnerability in Moodle

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-06-28 CVE-2010-2506 Cisco Cross-Site Scripting vulnerability in Cisco Linksys Firmware and Linksys Wap54G

Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.

2.9
2010-07-02 CVE-2010-2612 HP Information Exposure vulnerability in HP Openvms and Openvms FOR Integrity Servers

Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.

2.1
2010-07-02 CVE-2010-2619 Citrix Denial-Of-Service vulnerability in XenServer

Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."

1.9
2010-06-28 CVE-2010-2470 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.

1.9
2010-06-28 CVE-2010-0180 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

1.9