Weekly Vulnerabilities Reports > July 19 to 25, 2010

Overview

50 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 49 products from 38 vendors including Typo3, Joomla, Atutor, HP, and Gonzalo Maser. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Information Exposure", and "Credentials Management".

  • 45 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 48 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-22 CVE-2009-4952 Serge Gebhardt
Typo3
Path Traversal vulnerability in Serge Gebhardt DIR Listing

Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.

10.0
2010-07-22 CVE-2010-2771 IBM Code Injection vulnerability in IBM Soliddb

solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet.

10.0
2010-07-22 CVE-2010-2568 Microsoft Improper Input Validation vulnerability in Microsoft products

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

9.3
2010-07-22 CVE-2009-4897 Artifex Buffer Errors vulnerability in Artifex products

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

9.3
2010-07-22 CVE-2010-1972 HP Configuration vulnerability in HP Client Automation Enterprise Infrastructure

The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests.

9.0

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-25 CVE-2010-2853 Iscripts SQL Injection vulnerability in Iscripts Visualcaster

SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

7.5
2010-07-25 CVE-2010-2851 Ordasoft
Joomla
SQL Injection vulnerability in Ordasoft COM Booklibrary 1.5

SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

7.5
2010-07-25 CVE-2010-2847 Gonzalo Maser
Joomla
SQL Injection vulnerability in Gonzalo Maser COM Artforms 2.1B7.2

Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.

7.5
2010-07-25 CVE-2010-2845 Schlu NET
Joomla
SQL Injection vulnerability in Schlu.Net COM Quickfaq 1.0.3

SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.

7.5
2010-07-22 CVE-2009-4957 Interspire Path Traversal vulnerability in Interspire Activekb

Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter.

7.5
2010-07-22 CVE-2009-4955 Thomas Hempel
Typo3
SQL Injection vulnerability in Thomas Hempel TH Ultracards

SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-22 CVE-2009-4954 Websedit
Typo3
SQL Injection vulnerability in Websedit SK Calendar

SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-22 CVE-2009-4950 TIM Lochmueller Thomas Buss
Typo3
SQL Injection vulnerability in TIM Lochmueller & Thomas Buss A21Glossary Advanced Output

SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-22 CVE-2009-4949 Joachim Ruhs
Typo3
SQL Injection vulnerability in Joachim Ruhs Locator

SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-22 CVE-2009-4947 Q2Solutions SQL Injection vulnerability in Q2Solutions Connx 4.0.20080606

SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter.

7.5
2010-07-22 CVE-2010-1766 Digia
Webkit
Numeric Errors vulnerability in multiple products

Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.

7.5
2010-07-22 CVE-2009-4945 Atutor Credentials Management vulnerability in Atutor Acollab 1.2

AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php.

7.5
2010-07-22 CVE-2009-4940 Zeuscart SQL Injection vulnerability in Zeuscart 2.3

SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

7.5
2010-07-22 CVE-2009-4938 Joomla
Warphd
SQL Injection vulnerability in Warphd COM Jvideo

SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.

7.5
2010-07-22 CVE-2009-4936 Spirate SQL Injection vulnerability in Spirate Small Pirate 2.1

Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.

7.5
2010-07-22 CVE-2010-2055 Artifex Code vulnerability in Artifex products

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

7.2

26 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-22 CVE-2010-2772 Siemens Credentials Management vulnerability in Siemens Simatic PCS 7 and Simatic Wincc

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.

6.9
2010-07-25 CVE-2010-2857 Danieljamesscott Path Traversal vulnerability in Danieljamesscott COM Music

Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

6.8
2010-07-25 CVE-2010-2855 Jared Meeker SQL Injection vulnerability in Jared Meeker Event Horizon 1.1.10

Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters.

6.8
2010-07-25 CVE-2010-2850 Nusoftware Path Traversal vulnerability in Nusoftware Nubuilder

Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-07-22 CVE-2009-4946 Thetricky
Joomla
Path Traversal vulnerability in Thetricky COM Messaging

Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php.

6.8
2010-07-22 CVE-2010-1973 HP Information Disclosure vulnerability in Openvms

Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.

6.8
2010-07-22 CVE-2010-2667 Vmware Remote Arbitrary Command Execution vulnerability in VMWare Studio 2.0

Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance.

6.0
2010-07-25 CVE-2010-2859 Boesch IT Information Exposure vulnerability in Boesch-It Simpnews

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

5.0
2010-07-25 CVE-2010-2848 Gonzalo Maser
Joomla
Path Traversal vulnerability in Gonzalo Maser COM Artforms 2.1B7.2

Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-07-22 CVE-2009-4951 Hans Olthoff
Typo3
Information Exposure vulnerability in Hans Olthoff Alternet CSA OUT

Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2010-07-22 CVE-2009-4943 Impactsoftcompany Information Exposure vulnerability in Impactsoftcompany Adpeeps 8.5

index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number.

5.0
2010-07-22 CVE-2010-2427 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Studio 2.0

VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors.

4.4
2010-07-25 CVE-2010-2858 Boesch IT Cross-Site Scripting vulnerability in Boesch-It Simpnews

Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.

4.3
2010-07-25 CVE-2010-2856 Oscss Cross-Site Scripting vulnerability in Oscss

Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2010-07-25 CVE-2010-2849 Nusoftware Cross-Site Scripting vulnerability in Nusoftware Nubuilder

Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.

4.3
2010-07-25 CVE-2010-2846 Gonzalo Maser
Joomla
Cross-Site Scripting vulnerability in Gonzalo Maser COM Artforms 2.1B7.2

Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.

4.3
2010-07-25 CVE-2010-2844 Newanz Cross-Site Scripting vulnerability in Newanz Newsoffice 2.0.18

Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter.

4.3
2010-07-22 CVE-2009-4956 Wapplersystems
Typo3
Cross-Site Scripting vulnerability in Wapplersystems WS Stats 0.0.13/0.0.15/0.1.0

Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-07-22 CVE-2009-4953 Stefan Geith
Typo3
Cross-Site Scripting vulnerability in Stefan Geith SG Userdata

Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-07-22 CVE-2009-4948 Joachim Ruhs
Typo3
Cross-Site Scripting vulnerability in Joachim Ruhs Locator

Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-07-22 CVE-2010-1969 HP
Microsoft
Cross-Site Scripting vulnerability in HP Virtual Connect Enterprise Manager 6.10

Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2010-07-22 CVE-2009-4944 Atutor Cross-Site Scripting vulnerability in Atutor Acollab 1.2

Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php.

4.3
2010-07-22 CVE-2009-4942 Atutor Cross-Site Request Forgery (CSRF) vulnerability in Atutor Acollab 1.2

Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items.

4.3
2010-07-22 CVE-2009-4941 Atutor Cross-Site Scripting vulnerability in Atutor Acollab 1.2

Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.

4.3
2010-07-22 CVE-2009-4939 Impactsoftcompany Cross-Site Scripting vulnerability in Impactsoftcompany Adpeeps 8.5

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.

4.3
2010-07-22 CVE-2009-4937 Spirate Cross-Site Scripting vulnerability in Spirate Small Pirate 2.1

Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-22 CVE-2010-2056 GNU Link Following vulnerability in GNU GV

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

3.3
2010-07-25 CVE-2010-2854 Jared Meeker Cross-Site Scripting vulnerability in Jared Meeker Event Horizon 1.1.10

Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message.

2.6
2010-07-25 CVE-2010-2852 Runcms Cross-Site Scripting vulnerability in Runcms 2.1

Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

2.6