Weekly Vulnerabilities Reports > August 16 to 22, 2010
Overview
90 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 63 products from 47 vendors including Apple, Freetype, Canonical, Autonomy, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Path Traversal", "Numeric Errors", and "SQL Injection".
- 80 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 84 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Autonomy has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
29 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-08-20 | CVE-2010-2710 | HP | Unspecified vulnerability in HP Openview Network Node Manager 7.51/7.53 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2010-08-19 | CVE-2010-1760 | Apple | Credentials Management vulnerability in Apple Webkit loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. | 10.0 |
2010-08-19 | CVE-2010-1386 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Webkit page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. | 10.0 |
2010-08-17 | CVE-2010-3032 | SAP | Numeric Errors vulnerability in SAP Crystal Reports 2008 Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. | 10.0 |
2010-08-17 | CVE-2010-3031 | Wyse | Buffer Errors vulnerability in Wyse Thinos HF 4.4.079I Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service. | 10.0 |
2010-08-19 | CVE-2010-2076 | Apache | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache CXF Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. | 9.8 |
2010-08-21 | CVE-2010-3104 | Deskshare | Path Traversal vulnerability in Deskshare Auto FTP Manager 4.31 Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
2010-08-21 | CVE-2010-3103 | Ftpgetter | Path Traversal vulnerability in Ftpgetter 3.51.0.05 Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
2010-08-21 | CVE-2010-3102 | 3Dftp | Path Traversal vulnerability in 3Dftp 3D-Ftp Client 9.02 Directory traversal vulnerability in SiteDesigner Technologies, Inc. | 9.3 |
2010-08-21 | CVE-2010-3101 | Ftpx | Path Traversal vulnerability in Ftpx FTP Explorer 10.5.19.1 Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
2010-08-20 | CVE-2010-3100 | Portaplus | Path Traversal vulnerability in Portaplus Porta+ FTP Client 4.1 Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename. | 9.3 |
2010-08-20 | CVE-2010-3099 | Smartftp | Path Traversal vulnerability in Smartftp Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
2010-08-20 | CVE-2010-3098 | Ftprush | Path Traversal vulnerability in Ftprush 1.1.3 Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
2010-08-20 | CVE-2010-3097 | Winfrigate | Path Traversal vulnerability in Winfrigate Frigate 3 Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
2010-08-20 | CVE-2010-3096 | Softx | Path Traversal vulnerability in Softx FTP Client 3.3 Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename. | 9.3 |
2010-08-20 | CVE-2010-1795 | Apple | DLL Loading Arbitrary Code Execution vulnerability in Apple iTunes Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. | 9.3 |
2010-08-17 | CVE-2010-1516 | Swftools | Numeric Errors vulnerability in Swftools 0.9.1 Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c. | 9.3 |
2010-08-17 | CVE-2010-1525 | Autonomy | Numeric Errors vulnerability in Autonomy products Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow. | 9.3 |
2010-08-17 | CVE-2010-1524 | Autonomy | Buffer Errors vulnerability in Autonomy products The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via unspecified vectors related to allocation of an array of pointers and "string indexing," which triggers memory corruption. | 9.3 |
2010-08-17 | CVE-2010-0135 | Autonomy | Buffer Errors vulnerability in Autonomy products Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to "data blocks." | 9.3 |
2010-08-17 | CVE-2010-0134 | Autonomy | Numeric Errors vulnerability in Autonomy products Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted \ls keyword in a list override table entry in an RTF file, which triggers a buffer overflow. | 9.3 |
2010-08-17 | CVE-2010-0133 | Autonomy | Buffer Errors vulnerability in Autonomy products Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allow remote attackers to execute arbitrary code via unspecified vectors related to "certain records." | 9.3 |
2010-08-17 | CVE-2010-0131 | Autonomy Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr.dll), as used in Autonomy KeyView 10.4 and 10.9, Symantec Mail Security, and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to floating point conversion in unknown record types. | 9.3 |
2010-08-17 | CVE-2010-0126 | Autonomy | Buffer Errors vulnerability in Autonomy products Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll). | 9.3 |
2010-08-17 | CVE-2009-3737 | Oracle Microsoft | Code Injection vulnerability in Oracle Siebel Option Pack IE Activex Control The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
2010-08-16 | CVE-2010-3019 | Opera | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations. | 9.3 |
2010-08-16 | CVE-2010-1799 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 9.3 |
2010-08-16 | CVE-2010-1797 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. | 9.3 |
2010-08-17 | CVE-2010-2826 | Cisco | SQL Injection vulnerability in Cisco Wireless Control System Software SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019. | 9.0 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-08-17 | CVE-2010-2825 | Cisco | Unspecified vulnerability in Cisco ACE 4710 and ACE Module Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569. | 7.8 |
2010-08-17 | CVE-2010-2824 | Cisco | Unspecified vulnerability in Cisco ACE Module Unspecified vulnerability on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of SSL packets, aka Bug ID CSCta20756. | 7.8 |
2010-08-17 | CVE-2010-2823 | Cisco | Unspecified vulnerability in Cisco ACE 4710 Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493. | 7.8 |
2010-08-17 | CVE-2010-2822 | Cisco | Unspecified vulnerability in Cisco ACE 4710 and ACE Module Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858. | 7.8 |
2010-08-16 | CVE-2010-2827 | Cisco | Improper Input Validation vulnerability in Cisco IOS 15.1(2)T Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193. | 7.8 |
2010-08-20 | CVE-2010-2944 | Jens Vagelpohl | Improper Authentication vulnerability in Jens Vagelpohl Zope-Ldapuserfolder 2.91 The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | 7.5 |
2010-08-20 | CVE-2010-3059 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command. | 7.5 |
2010-08-20 | CVE-2010-3058 | IBM | Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors. | 7.5 |
2010-08-20 | CVE-2010-2628 | Strongswan | Code Injection vulnerability in Strongswan The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. | 7.5 |
2010-08-16 | CVE-2010-3029 | Phpkick | SQL Injection vulnerability in PHPkick 0.8 SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action. | 7.5 |
2010-08-16 | CVE-2010-3027 | Tycoon | SQL Injection vulnerability in Tycoon Baseball Script 1.0.9 SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action. | 7.5 |
2010-08-16 | CVE-2010-3013 | Pligg | SQL Injection vulnerability in Pligg CMS SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577. | 7.5 |
2010-08-16 | CVE-2010-2577 | Pligg | SQL Injection vulnerability in Pligg CMS Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php. | 7.5 |
41 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-08-20 | CVE-2010-1768 | Apple | Local Privilege Escalation vulnerability in Apple iTunes Log File Insecure File Operation Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. | 6.9 |
2010-08-20 | CVE-2010-3064 | PHP | Buffer Errors vulnerability in PHP 5.3.0/5.3.1/5.3.2 Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function. | 6.8 |
2010-08-20 | CVE-2010-2810 | Lynx | Buffer Errors vulnerability in Lynx 2.8.8 Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name. | 6.8 |
2010-08-19 | CVE-2010-2809 | Uzbl | Code Injection vulnerability in Uzbl 2009.12.22/2010.01.04 The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | 6.8 |
2010-08-19 | CVE-2010-2234 | Apache | Cross-Site Request Forgery (CSRF) vulnerability in Apache Couchdb Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. | 6.8 |
2010-08-19 | CVE-2010-2807 | Freetype Canonical Apple | Incorrect Conversion Between Numeric Types vulnerability in multiple products FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-19 | CVE-2010-2805 | Freetype Canonical Apple | Improper Input Validation vulnerability in multiple products The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-19 | CVE-2010-2541 | Freetype Canonical | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-19 | CVE-2010-2527 | Freetype Debian Canonical | Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-19 | CVE-2010-2499 | Freetype Canonical Apple Debian | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. | 6.8 |
2010-08-19 | CVE-2010-2498 | Freetype Canonical Apple Debian | Out-Of-Bounds Write vulnerability in multiple products The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. | 6.8 |
2010-08-19 | CVE-2010-2497 | Freetype Apple Debian | Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-17 | CVE-2010-3030 | Tomaz Muraus | Cross-Site Request Forgery (CSRF) vulnerability in Tomaz-Muraus Open Blog 1.2.1 Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | 6.8 |
2010-08-16 | CVE-2010-3024 | Hulihanapplications | Cross-Site Request Forgery (CSRF) vulnerability in Hulihanapplications Diamondlist 0.1.6 Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. | 6.8 |
2010-08-16 | CVE-2010-2576 | Opera | Code Injection vulnerability in Opera Browser Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | 6.8 |
2010-08-16 | CVE-2010-1519 | Glpng | Numeric Errors vulnerability in Glpng 1.45 Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF function, leading to heap-based buffer overflows. | 6.8 |
2010-08-16 | CVE-2010-2757 | Mozilla | Cryptographic Issues vulnerability in Mozilla Bugzilla The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. | 6.5 |
2010-08-19 | CVE-2010-2520 | Freetype Canonical Apple Debian | Out-Of-Bounds Write vulnerability in multiple products Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 5.1 |
2010-08-20 | CVE-2010-2484 | PHP | Information Exposure vulnerability in PHP The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. | 5.0 |
2010-08-20 | CVE-2010-3065 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. | 5.0 |
2010-08-20 | CVE-2010-3063 | PHP | Buffer Errors vulnerability in PHP 5.3.0/5.3.1/5.3.2 The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used. | 5.0 |
2010-08-20 | CVE-2010-3062 | PHP | Information Exposure vulnerability in PHP 5.3.0/5.3.1/5.3.2 mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. | 5.0 |
2010-08-20 | CVE-2010-3061 | IBM | Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors. | 5.0 |
2010-08-20 | CVE-2010-3060 | IBM | Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors. | 5.0 |
2010-08-19 | CVE-2010-3054 | Freetype | Remote Denial of Service vulnerability in FreeType 'seac' Calls Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. | 5.0 |
2010-08-19 | CVE-2010-2813 | Squirrelmail | Resource Management Errors vulnerability in Squirrelmail functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. | 5.0 |
2010-08-17 | CVE-2010-2934 | ZNC | Denial Of Service vulnerability in ZNC 0.092 Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls." | 5.0 |
2010-08-17 | CVE-2010-2812 | ZNC | Improper Input Validation vulnerability in ZNC 0.092 Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument. | 5.0 |
2010-08-17 | CVE-2010-1870 | Apache | Unspecified vulnerability in Apache Struts The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. | 5.0 |
2010-08-16 | CVE-2010-3020 | Opera | Permissions, Privileges, and Access Controls vulnerability in Opera Browser The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content. | 5.0 |
2010-08-16 | CVE-2010-2758 | Mozilla | Information Exposure vulnerability in Mozilla Bugzilla Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. | 5.0 |
2010-08-16 | CVE-2010-2756 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. | 5.0 |
2010-08-19 | CVE-2010-2239 | Libvirt | Permissions, Privileges, and Access Controls vulnerability in Libvirt Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. | 4.4 |
2010-08-19 | CVE-2010-2238 | Libvirt | Permissions, Privileges, and Access Controls vulnerability in Libvirt Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | 4.4 |
2010-08-19 | CVE-2010-2237 | Libvirt | Permissions, Privileges, and Access Controls vulnerability in Libvirt Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | 4.4 |
2010-08-19 | CVE-2010-3053 | Freetype | Improper Input Validation vulnerability in Freetype bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. | 4.3 |
2010-08-16 | CVE-2010-3026 | Tomaz Muraus | Cross-Site Request Forgery (CSRF) vulnerability in Tomaz-Muraus Open Blog 1.2.1 Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges. | 4.3 |
2010-08-16 | CVE-2010-3025 | Tomaz Muraus | Cross-Site Scripting vulnerability in Tomaz-Muraus Open Blog 1.2.1 Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit. | 4.3 |
2010-08-16 | CVE-2010-3023 | Hulihanapplications | Cross-Site Scripting vulnerability in Hulihanapplications Diamondlist 0.1.6 Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml. | 4.3 |
2010-08-16 | CVE-2010-3021 | Opera | Resource Management Errors vulnerability in Opera Browser Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image. | 4.3 |
2010-08-16 | CVE-2010-2759 | Mozilla | Numeric Errors vulnerability in Mozilla Bugzilla Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-08-20 | CVE-2010-1172 | Freedesktop | Permissions, Privileges, and Access Controls vulnerability in Freedesktop Dbus-Glib 0.73 DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. | 3.6 |
2010-08-16 | CVE-2010-3028 | Simon Philips Joomla | Permissions, Privileges, and Access Controls vulnerability in Simon Philips Aardvertiser 2.2.1 The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | 3.6 |
2010-08-16 | CVE-2010-3022 | Drupal | Cross-Site Scripting vulnerability in Drupal Devel Module Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | 2.6 |
2010-08-19 | CVE-2010-2242 | Libvirt | Permissions, Privileges, and Access Controls vulnerability in Libvirt Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | 2.1 |
2010-08-17 | CVE-2010-2241 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Directory Server 8.0/8.1 The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. | 2.1 |
2010-08-16 | CVE-2009-4269 | Apache | Cryptographic Issues vulnerability in Apache Derby The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. | 2.1 |
2010-08-20 | CVE-2010-3014 | Freebsd Netbsd | Information Exposure vulnerability in multiple products The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read. | 1.2 |