Weekly Vulnerabilities Reports > July 12 to 18, 2010
Overview
115 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 78 products from 42 vendors including Oracle, Microsoft, HP, Joomla, and Esoftpro. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", and "Permissions, Privileges, and Access Controls".
- 92 reported vulnerabilities are remotely exploitables.
- 33 reported vulnerabilities have public exploit available.
- 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 84 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 56 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-13 | CVE-2010-0907 | Oracle | Remote vulnerability in Oracle Secure Backup 10.3.0.1 Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906. | 10.0 |
| 2010-07-13 | CVE-2010-0898 | Oracle | Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
| 2010-07-13 | CVE-2010-0873 | Oracle | Remote Data Server vulnerability in Oracle Timesten In-Memory Database 7.0.6.0 Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
| 2010-07-13 | CVE-2010-2523 | Linux Ipv6 | Buffer Errors vulnerability in Linux-Ipv6 Umip 0.4 Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet. | 10.0 |
| 2010-07-15 | CVE-2010-1881 | Microsoft | Code Injection vulnerability in Microsoft Access 2003 The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." | 9.3 |
| 2010-07-15 | CVE-2010-0814 | Microsoft | Code Injection vulnerability in Microsoft Access 2003/2007 The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." | 9.3 |
| 2010-07-15 | CVE-2010-0266 | Microsoft | Code Injection vulnerability in Microsoft Outlook 2002/2003/2007 Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." | 9.3 |
| 2010-07-12 | CVE-2010-2702 | Epicgames | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Epicgames products Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request. | 9.3 |
| 2010-07-12 | CVE-2010-2701 | Fathsoft | Buffer Errors vulnerability in Fathsoft Fathftp 1.7 Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method. | 9.3 |
| 2010-07-13 | CVE-2010-0906 | Oracle | Remote vulnerability in Oracle Secure Backup 10.3.0.1 Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |
| 2010-07-13 | CVE-2010-0899 | Oracle Microsoft | Remote Secure Backup vulnerability in Oracle Secure Backup 10.3.0.1 Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906. | 9.0 |
31 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-13 | CVE-2010-0911 | Oracle | Remote Listener vulnerability in Oracle Unspecified vulnerability in the Listener component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors. | 7.8 |
| 2010-07-13 | CVE-2010-0903 | Oracle Microsoft | Remote Net Foundation Layer vulnerability in Oracle Database Server Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. | 7.8 |
| 2010-07-13 | CVE-2010-0083 | Oracle | Unspecified vulnerability in Oracle Opensolaris 10/8/9 Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.6 |
| 2010-07-15 | CVE-2010-1965 | HP Microsoft | Unspecified vulnerability in HP Insight Orchestration Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors. | 7.5 |
| 2010-07-13 | CVE-2010-0908 | Oracle | Remote Oracle Applications Framework vulnerability in Oracle E-Business Suite 12.1.2 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.5 |
| 2010-07-13 | CVE-2010-2721 | Rightinpoint | SQL Injection vulnerability in Rightinpoint Lyrics Engine 3.0 SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action. | 7.5 |
| 2010-07-13 | CVE-2010-2720 | Phpaa | SQL Injection vulnerability in PHPaa PHPaacms 0.3.1 SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-07-13 | CVE-2010-2719 | Phpaa | SQL Injection vulnerability in PHPaa PHPaacms 0.3.1 SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-07-13 | CVE-2010-2716 | Rich Kavanagh | SQL Injection vulnerability in Rich Kavanagh Psnews 1.3 Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php. | 7.5 |
| 2010-07-13 | CVE-2010-2714 | Tcwonline | SQL Injection vulnerability in Tcwonline TCW PHP Album 1.0 SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2699 | Edgephp | SQL Injection vulnerability in Edgephp Clickbank Affiliate Marketplace Script SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2696 | Sijio | SQL Injection vulnerability in Sijio Community Software SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2694 | Redcomponent Joomla | SQL Injection vulnerability in Redcomponent COM Redshop 1.0 SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. | 7.5 |
| 2010-07-12 | CVE-2010-2691 | 2Daybiz | SQL Injection vulnerability in 2Daybiz Custom T-Shirt Design Script Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php. | 7.5 |
| 2010-07-12 | CVE-2010-2690 | Jooforge Joomla | SQL Injection vulnerability in Jooforge COM Gamesbox 1.0.2 SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. | 7.5 |
| 2010-07-12 | CVE-2010-2689 | Internetdm | SQL Injection vulnerability in Internetdm Webdm CMS SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2688 | Site2Nite | SQL Injection vulnerability in Site2Nite Boat Classifieds SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2687 | Site2Nite | SQL Injection vulnerability in Site2Nite Boat Classifieds SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2686 | Topmanage | SQL Injection vulnerability in Topmanage OLK Module 1.91.30 Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. | 7.5 |
| 2010-07-12 | CVE-2010-2685 | Customerparadigm | Permissions, Privileges, and Access Controls vulnerability in Customerparadigm Pagedirector CMS siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request. | 7.5 |
| 2010-07-12 | CVE-2010-2684 | Customerparadigm | SQL Injection vulnerability in Customerparadigm Pagedirector CMS SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2683 | Customerparadigm | SQL Injection vulnerability in Customerparadigm Pagedirector CMS SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter. | 7.5 |
| 2010-07-12 | CVE-2010-2682 | Realtyna Joomla | Path Traversal vulnerability in Realtyna COM Realtyna 1.0.15 Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
| 2010-07-12 | CVE-2010-2681 | Joomla | Code Injection vulnerability in Joomla COM SEF PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. | 7.5 |
| 2010-07-12 | CVE-2009-4935 | Esoftpro | SQL Injection vulnerability in Esoftpro Online Guestbook PRO SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. | 7.5 |
| 2010-07-12 | CVE-2009-4933 | Winterwebs | SQL Injection vulnerability in Winterwebs Ezwebitor Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. | 7.5 |
| 2010-07-12 | CVE-2009-4929 | Sweetphp | Improper Authentication vulnerability in Sweetphp Totalcalender 2.4 admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | 7.5 |
| 2010-07-12 | CVE-2009-4928 | Sweetphp | Code Injection vulnerability in Sweetphp Totalcalendar 2.4 PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055. | 7.5 |
| 2010-07-12 | CVE-2009-4927 | Webmobo | Improper Authentication vulnerability in Webmobo Wbnews 2.1.2 WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | 7.5 |
| 2010-07-13 | CVE-2010-2693 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. | 7.2 |
| 2010-07-12 | CVE-2010-2489 | Ruby Lang Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruby-Lang Ruby Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. | 7.2 |
50 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-12 | CVE-2010-0832 | Canonical | Link Following vulnerability in Canonical Ubuntu Linux 10.04/9.10 pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | 6.9 |
| 2010-07-15 | CVE-2010-1971 | HP Microsoft | Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Software Installer 3.00/3.10 Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968. | 6.8 |
| 2010-07-15 | CVE-2010-1968 | HP Microsoft | Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Software Installer 3.00/3.10 Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971. | 6.8 |
| 2010-07-12 | CVE-2010-2680 | Harmistechnology Joomla | Path Traversal vulnerability in Harmistechnology COM Jesectionfinder Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. | 6.8 |
| 2010-07-12 | CVE-2009-4932 | Mpesch3 DE1 | Buffer Errors vulnerability in Mpesch3.De1 1By1 1.67 Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | 6.8 |
| 2010-07-12 | CVE-2009-4931 | Bestwebsharing | Buffer Errors vulnerability in Bestwebsharing Groovy Media Player 1.1.0 Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | 6.8 |
| 2010-07-12 | CVE-2009-4925 | Creasito | SQL Injection vulnerability in Creasito E-Commerce Content Manager 1.3.16 Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. | 6.8 |
| 2010-07-12 | CVE-2010-2695 | Xlightftpd | Path Traversal vulnerability in Xlightftpd Xlight FTP Server 3.5/3.5.5 Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. | 6.5 |
| 2010-07-13 | CVE-2010-2375 | BEA BEA Systems Oracle | Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. | 6.4 |
| 2010-07-13 | CVE-2010-0916 | Oracle | Unspecified vulnerability in Oracle Opensolaris 10 Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rdist. | 6.2 |
| 2010-07-13 | CVE-2010-0902 | Oracle | Remote Oracle OLAP vulnerability in Oracle Database Server Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.0 |
| 2010-07-13 | CVE-2010-2385 | Oracle | Administration Server Remote vulnerability in Oracle SUN Java System web Proxy Server 4.0.13 Unspecified vulnerability in Oracle Sun Java System Web Proxy Server 4.0.13 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration Server. | 5.8 |
| 2010-07-13 | CVE-2010-2392 | Oracle | Local ZFS vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect integrity and availability, related to ZFS. | 5.6 |
| 2010-07-13 | CVE-2010-2402 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.49.27 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.27 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-07-13 | CVE-2010-2401 | Oracle | Remote eProfile Manager vulnerability in Oracle Peoplesoft and Jdedwards Suite HCM 9.0 Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile Mgr component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #9 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-07-13 | CVE-2010-0915 | Oracle | Remote Oracle Advanced Product Catalog vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle Advanced Product Catalog component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-07-13 | CVE-2010-0914 | Oracle | Remote vulnerability in Oracle SUN Convergence 1.0 Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail, Calendar, Address Book, and Instant Messaging. | 5.0 |
| 2010-07-13 | CVE-2010-0910 | Oracle | Remote Data Server vulnerability in Oracle TimesTen In-Memory Database 11.2.1.4.1/7.0.6.0 Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors. | 5.0 |
| 2010-07-13 | CVE-2010-0904 | Oracle | Remote Authentication Bypass vulnerability in Oracle Secure Backup 10.3.0.1 Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors. | 5.0 |
| 2010-07-13 | CVE-2010-2386 | Oracle | GigaSwift Ethernet Driver Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet Driver. | 4.9 |
| 2010-07-13 | CVE-2010-2394 | Oracle | TCP/IP Local vulnerability in Oracle Solaris 10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to TCP/IP. | 4.7 |
| 2010-07-15 | CVE-2010-1970 | HP Microsoft | Unspecified vulnerability in HP Insight Software Installer 3.00/3.10 Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors. | 4.6 |
| 2010-07-15 | CVE-2010-1966 | HP Microsoft | Unspecified vulnerability in HP Insight Control 3.00/3.10 Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors. | 4.6 |
| 2010-07-13 | CVE-2010-2400 | Oracle | Kernel/Filesystem Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem. | 4.6 |
| 2010-07-13 | CVE-2010-2399 | Oracle | Kernel/VM Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/VM. | 4.6 |
| 2010-07-13 | CVE-2010-2380 | Oracle | Local vulnerability in Oracle Peoplesoft and Jdedwards Suite SCM 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft and JDEdwards Suite SCM 8.9 Bundle #37, SCM 9.0 Bundle #30, and SCM 9.1 Bundle #4 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2010-2373 | Oracle | Remote Console vulnerability in Oracle Enterprise Manager Grid Control 10g Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2010-2372 | Oracle | Remote vulnerability in Oracle Supply Chain products Suite 6.1.1 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371. | 4.3 |
| 2010-07-13 | CVE-2010-2370 | Oracle | Cross-Site Scripting vulnerability in Oracle Fusion Middleware 10.3/5.7/6.0 Unspecified vulnerability in the Oracle Business Process Management component in Oracle Fusion Middleware 5.7 MP3, 6.0 MP5, and 10.3 MP2 allows remote attackers to affect integrity, related to BPM. | 4.3 |
| 2010-07-13 | CVE-2010-0913 | Oracle | Remote Oracle Applications Manager vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2010-0912 | Oracle | Remote Oracle Applications Framework vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2010-0905 | Oracle | Remote Oracle Applications Manager vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.4 Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2010-0892 | Oracle | Remote vulnerability in Oracle Database Server 3.2.0.00.27 Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2010-0835 | Oracle | Remote Wireless vulnerability in Oracle Fusion Middleware 10.1.2.3 Unspecified vulnerability in the Wireless component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2009-3762 | Oracle | Remote vulnerability in Oracle Opensso Enterprise 8.0 Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2009-3764 | Oracle | Remote vulnerability in Oracle Opensso Enterprise 8.0 Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2009-3763 | Oracle | Authentication Remote vulnerability in Oracle Opensso Enterprise 7.0/7.1/8.0 Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-07-13 | CVE-2010-2723 | Lsoft | Cross-Site Scripting vulnerability in Lsoft Listserv 15.0/16.0 Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. | 4.3 |
| 2010-07-13 | CVE-2010-2722 | Rightinpoint | Cross-Site Scripting vulnerability in Rightinpoint Lyrics Engine 3.0 Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. | 4.3 |
| 2010-07-13 | CVE-2010-2718 | Cruxsoftware | Cross-Site Scripting vulnerability in Cruxsoftware Cruxpa 2.00 Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php. | 4.3 |
| 2010-07-13 | CVE-2010-2717 | Cruxsoftware | Cross-Site Scripting vulnerability in Cruxsoftware Cruxcms 3.0 Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. | 4.3 |
| 2010-07-13 | CVE-2010-2715 | Tcwonline | Cross-Site Scripting vulnerability in Tcwonline TCW PHP Album 1.0 Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | 4.3 |
| 2010-07-12 | CVE-2010-2700 | Edgephp | Cross-Site Scripting vulnerability in Edgephp Clickbank Affiliate Marketplace Script Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2010-07-12 | CVE-2010-2692 | 2Daybiz | Cross-Site Scripting vulnerability in 2Daybiz Custom T-Shirt Design Script Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment. | 4.3 |
| 2010-07-12 | CVE-2009-4934 | Esoftpro | Cross-Site Scripting vulnerability in Esoftpro Online Photo PRO 2.0 Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | 4.3 |
| 2010-07-12 | CVE-2009-4930 | Sungard | Cross-Site Scripting vulnerability in Sungard Banner Student 7.4 Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field. | 4.3 |
| 2010-07-12 | CVE-2009-4926 | Esoftpro | Cross-Site Scripting vulnerability in Esoftpro Online Contact Manager 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php. | 4.3 |
| 2010-07-13 | CVE-2010-2398 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Suite HCM 9.0 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #12 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2010-07-13 | CVE-2010-2379 | Oracle | Time & Labor Remote vulnerability in Oracle PeopleSoft Enterprise HCM 9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time & Labor component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #13 and HCM 9.1 Bundle #2 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2010-07-13 | CVE-2010-2377 | Oracle | Remote vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.27 and 8.50.10 allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
23 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-13 | CVE-2010-2393 | Oracle | Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC. | 3.8 |
| 2010-07-15 | CVE-2010-1967 | HP Microsoft | Unspecified vulnerability in HP Insight Software Installer 3.00/3.10 Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors. | 3.6 |
| 2010-07-13 | CVE-2010-2381 | Oracle | Remote vulnerability in Oracle Application Server Control Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0081. | 3.5 |
| 2010-07-13 | CVE-2010-0909 | Oracle | Remote Oracle Applications Framework vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors. | 3.5 |
| 2010-07-13 | CVE-2010-0081 | Oracle | Remote Application Server Control vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.4.0.1 Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381. | 3.5 |
| 2010-07-13 | CVE-2010-2008 | Oracle Canonical Fedoraproject | Command Injection vulnerability in multiple products MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . | 3.5 |
| 2010-07-12 | CVE-2010-2698 | Sijio | Cross-Site Scripting vulnerability in Sijio Community Software Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. | 3.5 |
| 2010-07-12 | CVE-2010-2697 | Sijio | Cross-Site Scripting vulnerability in Sijio Community Software Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. | 3.5 |
| 2010-07-12 | CVE-2010-2448 | ZNC | Denial Of Service vulnerability in ZNC NULL Pointer Dereference znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell. | 3.5 |
| 2010-07-13 | CVE-2010-2384 | Oracle | Unspecified vulnerability in Oracle Solaris 10/9 Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console. | 3.2 |
| 2010-07-13 | CVE-2010-2383 | Oracle | Unspecified vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS. | 3.2 |
| 2010-07-13 | CVE-2010-2382 | Oracle | Unspecified vulnerability in Oracle Solaris 10/8/9 Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors. | 3.2 |
| 2010-07-13 | CVE-2010-2376 | Oracle | Local vulnerability in Oracle Solaris 10/8/9 Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console. | 3.2 |
| 2010-07-13 | CVE-2010-2378 | Oracle | Local vulnerability in Oracle PeopleSoft Enterprise CRM 9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite CRM 9.0 Bundle #28 and CRM 9.1 Bundle #4 allows local users to affect confidentiality and integrity via unknown vectors. | 3.0 |
| 2010-07-13 | CVE-2010-2374 | Oracle | Local vulnerability in Oracle Solaris Studio 12 Unspecified vulnerability in Solaris Studio 12 update 1 allows local users to affect confidentiality and integrity via unknown vectors. | 3.0 |
| 2010-07-13 | CVE-2010-0900 | Oracle Microsoft | Remote vulnerability in Oracle Network Layer Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. | 2.6 |
| 2010-07-13 | CVE-2010-0836 | Oracle | Remote Oracle Knowledge Management vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors. | 2.6 |
| 2010-07-13 | CVE-2010-2397 | Oracle | Local vulnerability in Oracle Glassfish Server and Java System Application Server Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI. | 2.4 |
| 2010-07-13 | CVE-2010-2403 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Suite Campus Solutions 9.0 Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors. | 2.1 |
| 2010-07-13 | CVE-2010-0901 | Oracle | Remote Export vulnerability in Oracle Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary. | 2.1 |
| 2010-07-13 | CVE-2010-2724 | Wimleers Drupal | Cross-Site Scripting vulnerability in Wimleers Hierarchical Select Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form. | 2.1 |
| 2010-07-13 | CVE-2010-2522 | Linux Ipv6 | Permissions, Privileges, and Access Controls vulnerability in Linux-Ipv6 Umip 0.4 The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message. | 2.1 |
| 2010-07-13 | CVE-2010-2371 | Oracle | Local vulnerability in Oracle Supply Chain products Suite 6.1.1 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-2372. | 1.9 |