Weekly Vulnerabilities Reports > July 5 to 11, 2010
Overview
52 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 35 products from 29 vendors including Opera, Google, Microsoft, Apple, and Mahara. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 52 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities have public exploit available.
- 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 51 reported vulnerabilities are exploitable by an anonymous user.
- Opera has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-07-08 | CVE-2010-1574 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Industrial Ethernet 3000 and IOS IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. | 10.0 |
2010-07-08 | CVE-2010-2445 | Freeciv | OS Command Injection vulnerability in Freeciv 2.2.0/2.3.0 freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions. | 10.0 |
2010-07-08 | CVE-2010-2666 | Opera Microsoft Apple | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. | 9.3 |
2010-07-08 | CVE-2010-2657 | Opera | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. | 9.3 |
2010-07-06 | CVE-2010-2651 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 9.3 | |
2010-07-06 | CVE-2010-2650 | Unspecified vulnerability in Google Chrome Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." | 9.3 | |
2010-07-06 | CVE-2010-2648 | Google Opensuse Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 9.3 |
2010-07-06 | CVE-2010-2647 | Google Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. | 9.3 |
2010-07-06 | CVE-2010-2646 | Unspecified vulnerability in Google Chrome Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. | 9.3 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-07-08 | CVE-2010-2679 | Joomla | SQL Injection vulnerability in Joomla COM Weblinks and Joomla! SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | 7.5 |
2010-07-08 | CVE-2010-2678 | Guillermo Vargas Joomla | SQL Injection vulnerability in Guillermo Vargas COM Xmap SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
2010-07-08 | CVE-2010-2674 | Alanzard | SQL Injection vulnerability in Alanzard Tsoka:Cms 1.1/1.9/2.0 SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action. | 7.5 |
2010-07-08 | CVE-2010-2673 | Devana | SQL Injection vulnerability in Devana SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-07-08 | CVE-2010-2672 | EZ | SQL Injection vulnerability in EZ Publish Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. | 7.5 |
2010-07-08 | CVE-2010-2670 | Brotherscripts | SQL Injection vulnerability in Brotherscripts Recipe Website SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-07-06 | CVE-2010-2629 | Cisco | Improper Input Validation vulnerability in Cisco ACE 4710 and Content Services Switch 11500 The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. | 7.5 |
2010-07-06 | CVE-2010-2251 | Alexander V Lukyanov | Improper Input Validation vulnerability in Alexander V. Lukyanov Lftp The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | 7.5 |
2010-07-06 | CVE-2010-1670 | Mahara | Improper Authentication vulnerability in Mahara Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. | 7.5 |
2010-07-06 | CVE-2010-1669 | Mahara | SQL Injection vulnerability in Mahara SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-07-06 | CVE-2010-1576 | Cisco | Improper Input Validation vulnerability in Cisco ACE 4710 and Content Services Switch 11500 The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. | 7.5 |
2010-07-06 | CVE-2010-1575 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Content Services Switch 11500 08.20.1.01 The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. | 7.5 |
2010-07-06 | CVE-2010-1327 | Tornadostore | SQL Injection vulnerability in Tornadostore Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3. | 7.5 |
30 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-07-06 | CVE-2010-2645 | Unspecified vulnerability in Google Chrome Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. | 6.8 | |
2010-07-06 | CVE-2010-2253 | Gisle AAS Search Cpan | Improper Input Validation vulnerability in multiple products lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . | 6.8 |
2010-07-06 | CVE-2010-2252 | GNU | Improper Input Validation vulnerability in GNU Wget GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | 6.8 |
2010-07-06 | CVE-2010-1668 | Mahara | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2010-07-08 | CVE-2010-2668 | Adaptivedisplays | Improper Authentication vulnerability in Adaptivedisplays products Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | 6.4 |
2010-07-08 | CVE-2010-2677 | Openwebanalytics | Code Injection vulnerability in Openwebanalytics Open web Analytics 1.2.3 PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | 5.1 |
2010-07-08 | CVE-2010-2676 | Openwebanalytics | Path Traversal vulnerability in Openwebanalytics Open web Analytics 1.2.3 Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. | 5.0 |
2010-07-08 | CVE-2010-2494 | Bogofilter | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bogofilter Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. | 5.0 |
2010-07-08 | CVE-2010-2656 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Advanced Management Module The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz. | 5.0 |
2010-07-06 | CVE-2010-2652 | Unspecified vulnerability in Google Chrome Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 | |
2010-07-08 | CVE-2010-2675 | Alanzard | Cross-Site Scripting vulnerability in Alanzard Tsoka:Cms 1.1/1.9/2.0 Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action. | 4.3 |
2010-07-08 | CVE-2010-2671 | EZ | Cross-Site Scripting vulnerability in EZ Publish Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. | 4.3 |
2010-07-08 | CVE-2010-2669 | Novo WS | Cross-Site Scripting vulnerability in Novo-Ws Orbis CMS 1.0.2 Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
2010-07-08 | CVE-2010-2665 | Opera Microsoft Apple Unix | Cross-Site Scripting vulnerability in Opera Browser Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." | 4.3 |
2010-07-08 | CVE-2010-2664 | Opera | Unspecified vulnerability in Opera Browser Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning. | 4.3 |
2010-07-08 | CVE-2010-2663 | Opera | Unspecified vulnerability in Opera Browser Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element. | 4.3 |
2010-07-08 | CVE-2010-2662 | Opera | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click." | 4.3 |
2010-07-08 | CVE-2010-2661 | Opera Microsoft Apple Unix | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. | 4.3 |
2010-07-08 | CVE-2010-2660 | Opera Microsoft Apple Unix | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. | 4.3 |
2010-07-08 | CVE-2010-2659 | Opera Microsoft Apple Unix | Information Exposure vulnerability in Opera Browser Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. | 4.3 |
2010-07-08 | CVE-2010-2658 | Opera | Improper Input Validation vulnerability in Opera Browser Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. | 4.3 |
2010-07-08 | CVE-2010-2654 | IBM | Cross-Site Scripting vulnerability in IBM Advanced Management Module Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php. | 4.3 |
2010-07-08 | CVE-2010-2244 | Avahi | Unspecified vulnerability in Avahi 0.6.16/0.6.25 The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. | 4.3 |
2010-07-06 | CVE-2010-2649 | Unspecified vulnerability in Google Chrome Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image. | 4.3 | |
2010-07-06 | CVE-2010-2631 | Libtiff | Improper Input Validation vulnerability in Libtiff 3.9.0 LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | 4.3 |
2010-07-06 | CVE-2010-2630 | Libtiff | Improper Input Validation vulnerability in Libtiff 3.9.0 The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | 4.3 |
2010-07-06 | CVE-2010-2479 | Htmlpurifier Mahara | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-07-06 | CVE-2010-1667 | Mahara | Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-07-06 | CVE-2010-1328 | Tornadostore | Cross-Site Scripting vulnerability in Tornadostore Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section. | 4.3 |
2010-07-08 | CVE-2010-2655 | IBM | Path Traversal vulnerability in IBM Advanced Management Module Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. | 4.0 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|