Weekly Vulnerabilities Reports > July 19 to 25, 2010
Overview
49 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 43 products from 38 vendors including Typo3, Joomla, Atutor, HP, and Gonzalo Maser. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Information Exposure", and "Use of Hard-coded Credentials".
- 44 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities have public exploit available.
- 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 46 reported vulnerabilities are exploitable by an anonymous user.
- Typo3 has the most reported vulnerabilities, with 9 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-22 | CVE-2009-4952 | Serge Gebhardt Typo3 | Path Traversal vulnerability in Serge Gebhardt DIR Listing Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |
| 2010-07-22 | CVE-2010-2771 | IBM | Code Injection vulnerability in IBM Soliddb solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. | 10.0 |
| 2010-07-22 | CVE-2009-4897 | Artifex | Buffer Errors vulnerability in Artifex products Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. | 9.3 |
| 2010-07-22 | CVE-2010-1972 | HP | Configuration vulnerability in HP Client Automation Enterprise Infrastructure The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests. | 9.0 |
17 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-22 | CVE-2010-2772 | Siemens | Use of Hard-coded Credentials vulnerability in Siemens Simatic PCS 7 and Simatic Wincc Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | 7.8 |
| 2010-07-25 | CVE-2010-2853 | Iscripts | SQL Injection vulnerability in Iscripts Visualcaster SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | 7.5 |
| 2010-07-25 | CVE-2010-2851 | Ordasoft Joomla | SQL Injection vulnerability in Ordasoft COM Booklibrary 1.5 SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | 7.5 |
| 2010-07-25 | CVE-2010-2847 | Gonzalo Maser Joomla | SQL Injection vulnerability in Gonzalo Maser COM Artforms 2.1B7.2 Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php. | 7.5 |
| 2010-07-25 | CVE-2010-2845 | Schlu NET Joomla | SQL Injection vulnerability in Schlu.Net COM Quickfaq 1.0.3 SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php. | 7.5 |
| 2010-07-22 | CVE-2009-4957 | Interspire | Path Traversal vulnerability in Interspire Activekb Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. | 7.5 |
| 2010-07-22 | CVE-2009-4955 | Thomas Hempel Typo3 | SQL Injection vulnerability in Thomas Hempel TH Ultracards SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-22 | CVE-2009-4954 | Websedit Typo3 | SQL Injection vulnerability in Websedit SK Calendar SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-22 | CVE-2009-4950 | TIM Lochmueller Thomas Buss Typo3 | SQL Injection vulnerability in TIM Lochmueller & Thomas Buss A21Glossary Advanced Output SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-22 | CVE-2009-4949 | Joachim Ruhs Typo3 | SQL Injection vulnerability in Joachim Ruhs Locator SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-22 | CVE-2009-4947 | Q2Solutions | SQL Injection vulnerability in Q2Solutions Connx 4.0.20080606 SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. | 7.5 |
| 2010-07-22 | CVE-2010-1766 | Digia Webkit | Numeric Errors vulnerability in multiple products Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. | 7.5 |
| 2010-07-22 | CVE-2009-4945 | Atutor | Credentials Management vulnerability in Atutor Acollab 1.2 AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. | 7.5 |
| 2010-07-22 | CVE-2009-4940 | Zeuscart | SQL Injection vulnerability in Zeuscart 2.3 SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | 7.5 |
| 2010-07-22 | CVE-2009-4938 | Joomla Warphd | SQL Injection vulnerability in Warphd COM Jvideo SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | 7.5 |
| 2010-07-22 | CVE-2009-4936 | Spirate | SQL Injection vulnerability in Spirate Small Pirate 2.1 Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | 7.5 |
| 2010-07-22 | CVE-2010-2055 | Artifex | Code vulnerability in Artifex products Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820. | 7.2 |
25 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-25 | CVE-2010-2857 | Danieljamesscott | Path Traversal vulnerability in Danieljamesscott COM Music Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 6.8 |
| 2010-07-25 | CVE-2010-2855 | Jared Meeker | SQL Injection vulnerability in Jared Meeker Event Horizon 1.1.10 Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. | 6.8 |
| 2010-07-25 | CVE-2010-2850 | Nusoftware | Path Traversal vulnerability in Nusoftware Nubuilder Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2010-07-22 | CVE-2009-4946 | Thetricky Joomla | Path Traversal vulnerability in Thetricky COM Messaging Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. | 6.8 |
| 2010-07-22 | CVE-2010-1973 | HP | Information Disclosure vulnerability in Openvms Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors. | 6.8 |
| 2010-07-22 | CVE-2010-2667 | Vmware | Remote Arbitrary Command Execution vulnerability in VMWare Studio 2.0 Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance. | 6.0 |
| 2010-07-25 | CVE-2010-2859 | Boesch IT | Information Exposure vulnerability in Boesch-It Simpnews news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. | 5.0 |
| 2010-07-25 | CVE-2010-2848 | Gonzalo Maser Joomla | Path Traversal vulnerability in Gonzalo Maser COM Artforms 2.1B7.2 Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-07-22 | CVE-2009-4951 | Hans Olthoff Typo3 | Information Exposure vulnerability in Hans Olthoff Alternet CSA OUT Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
| 2010-07-22 | CVE-2009-4943 | Impactsoftcompany | Information Exposure vulnerability in Impactsoftcompany Adpeeps 8.5 index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number. | 5.0 |
| 2010-07-22 | CVE-2010-2427 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare Studio 2.0 VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors. | 4.4 |
| 2010-07-25 | CVE-2010-2858 | Boesch IT | Cross-Site Scripting vulnerability in Boesch-It Simpnews Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters. | 4.3 |
| 2010-07-25 | CVE-2010-2856 | Oscss | Cross-Site Scripting vulnerability in Oscss Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
| 2010-07-25 | CVE-2010-2849 | Nusoftware | Cross-Site Scripting vulnerability in Nusoftware Nubuilder Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter. | 4.3 |
| 2010-07-25 | CVE-2010-2846 | Gonzalo Maser Joomla | Cross-Site Scripting vulnerability in Gonzalo Maser COM Artforms 2.1B7.2 Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. | 4.3 |
| 2010-07-25 | CVE-2010-2844 | Newanz | Cross-Site Scripting vulnerability in Newanz Newsoffice 2.0.18 Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter. | 4.3 |
| 2010-07-22 | CVE-2009-4956 | Wapplersystems Typo3 | Cross-Site Scripting vulnerability in Wapplersystems WS Stats 0.0.13/0.0.15/0.1.0 Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-07-22 | CVE-2009-4953 | Stefan Geith Typo3 | Cross-Site Scripting vulnerability in Stefan Geith SG Userdata Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-07-22 | CVE-2009-4948 | Joachim Ruhs Typo3 | Cross-Site Scripting vulnerability in Joachim Ruhs Locator Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-07-22 | CVE-2010-1969 | HP Microsoft | Cross-Site Scripting vulnerability in HP Virtual Connect Enterprise Manager 6.10 Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2010-07-22 | CVE-2009-4944 | Atutor | Cross-Site Scripting vulnerability in Atutor Acollab 1.2 Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. | 4.3 |
| 2010-07-22 | CVE-2009-4942 | Atutor | Cross-Site Request Forgery (CSRF) vulnerability in Atutor Acollab 1.2 Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items. | 4.3 |
| 2010-07-22 | CVE-2009-4941 | Atutor | Cross-Site Scripting vulnerability in Atutor Acollab 1.2 Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. | 4.3 |
| 2010-07-22 | CVE-2009-4939 | Impactsoftcompany | Cross-Site Scripting vulnerability in Impactsoftcompany Adpeeps 8.5 Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action. | 4.3 |
| 2010-07-22 | CVE-2009-4937 | Spirate | Cross-Site Scripting vulnerability in Spirate Small Pirate 2.1 Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. | 4.3 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-22 | CVE-2010-2056 | GNU | Link Following vulnerability in GNU GV GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 3.3 |
| 2010-07-25 | CVE-2010-2854 | Jared Meeker | Cross-Site Scripting vulnerability in Jared Meeker Event Horizon 1.1.10 Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. | 2.6 |
| 2010-07-25 | CVE-2010-2852 | Runcms | Cross-Site Scripting vulnerability in Runcms 2.1 Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2.6 |