Weekly Vulnerabilities Reports > August 23 to 29, 2010
Overview
107 new vulnerabilities reported during this period, including 65 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 75 products from 42 vendors including Adobe, Google, Microsoft, Apple, and Novell. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Cross-site Scripting", "Numeric Errors", and "SQL Injection".
- 102 reported vulnerabilities are remotely exploitables.
- 42 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 101 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 28 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 27 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
65 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-08-26 | CVE-2010-2863 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 10.0 |
| 2010-08-25 | CVE-2010-2362 | Winny | Improper Input Validation vulnerability in Winny Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | 10.0 |
| 2010-08-25 | CVE-2010-2361 | Winny | Improper Input Validation vulnerability in Winny Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | 10.0 |
| 2010-08-25 | CVE-2009-4988 | SAP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Business ONE 2005-A 6.80.123/6.80.320 Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. | 10.0 |
| 2010-08-24 | CVE-2010-3120 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
| 2010-08-24 | CVE-2010-3119 | Google Webkitgtk | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 10.0 |
| 2010-08-24 | CVE-2010-3117 | Denial-Of-Service vulnerability in Chrome Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors. | 10.0 | |
| 2010-08-24 | CVE-2010-3116 | Google Apple Webkitgtk Canonical | USE After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. | 10.0 |
| 2010-08-24 | CVE-2010-3114 | Google Webkitgtk Canonical | The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/. | 10.0 |
| 2010-08-24 | CVE-2010-3113 | Google Webkitgtk Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController. | 10.0 |
| 2010-08-24 | CVE-2010-3112 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
| 2010-08-24 | CVE-2010-3111 | Remote Security vulnerability in Chrome Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. | 10.0 | |
| 2010-08-27 | CVE-2010-3155 | Adobe | Unspecified vulnerability in Adobe Extendedscript Toolkit CS5 3.5.0.52 Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jsx file. | 9.3 |
| 2010-08-27 | CVE-2010-3154 | Adobe | Unspecified vulnerability in Adobe Extension Manager CS5 5.0.298 Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .mxi or .mxp file. | 9.3 |
| 2010-08-27 | CVE-2010-3153 | Adobe | Unspecified vulnerability in Adobe Indesign CS4 6.0 Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file. | 9.3 |
| 2010-08-27 | CVE-2010-3152 | Adobe | Unspecified vulnerability in Adobe Illustrator 14.0/15.0.1 Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file. | 9.3 |
| 2010-08-27 | CVE-2010-3151 | Adobe | Unspecified vulnerability in Adobe Onlocation CS4 4.0.1/4.0.2/4.0.3 Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an OLPROJ file. | 9.3 |
| 2010-08-27 | CVE-2010-3150 | Adobe | Unspecified vulnerability in Adobe Premier PRO CS4 4.0.0(314(Mc:160820)) Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (314 (MC: 160820)) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as a .pproj, .prfpset, .prexport, .prm, .prmp, .prpreset, .prproj, .prsl, .prtl, or .vpr file. | 9.3 |
| 2010-08-27 | CVE-2010-3149 | Adobe | Unspecified vulnerability in Adobe Device Central CS5 3.0.0(376) Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file. | 9.3 |
| 2010-08-27 | CVE-2010-3148 | Microsoft | Unspecified vulnerability in Microsoft Visio 2003 Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." | 9.3 |
| 2010-08-27 | CVE-2010-3146 | Microsoft | Unspecified vulnerability in Microsoft Groove 2007 Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-016 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
| 2010-08-27 | CVE-2010-3144 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." | 9.3 |
| 2010-08-27 | CVE-2010-3143 | Microsoft | Unspecified vulnerability in Microsoft Windows Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. | 9.3 |
| 2010-08-27 | CVE-2010-3142 | Microsoft | Unspecified vulnerability in Microsoft Powerpoint 2007 Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. | 9.3 |
| 2010-08-27 | CVE-2010-3141 | Microsoft | Unspecified vulnerability in Microsoft Powerpoint 2010 Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. | 9.3 |
| 2010-08-27 | CVE-2010-3140 | Microsoft | Unspecified vulnerability in Microsoft Windows XP Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. | 9.3 |
| 2010-08-27 | CVE-2010-3139 | Microsoft | Unspecified vulnerability in Microsoft Windows Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. | 9.3 |
| 2010-08-27 | CVE-2010-3138 | Microsoft Bsplayer | Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. | 9.3 |
| 2010-08-26 | CVE-2010-2882 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file. | 9.3 |
| 2010-08-26 | CVE-2010-2881 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file. | 9.3 |
| 2010-08-26 | CVE-2010-2880 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file. | 9.3 |
| 2010-08-26 | CVE-2010-2879 | Adobe | Numeric Errors vulnerability in Adobe Shockwave Player Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file. | 9.3 |
| 2010-08-26 | CVE-2010-2878 | Adobe | Improper Input Validation vulnerability in Adobe Shockwave Player DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 9.3 |
| 2010-08-26 | CVE-2010-2877 | Adobe | Improper Input Validation vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll. | 9.3 |
| 2010-08-26 | CVE-2010-2876 | Adobe | Improper Input Validation vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 9.3 |
| 2010-08-26 | CVE-2010-2875 | Adobe | Numeric Errors vulnerability in Adobe Shockwave Player Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie. | 9.3 |
| 2010-08-26 | CVE-2010-2873 | Adobe | Improper Input Validation vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 9.3 |
| 2010-08-26 | CVE-2010-2872 | Adobe | Improper Input Validation vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie. | 9.3 |
| 2010-08-26 | CVE-2010-2871 | Adobe | Numeric Errors vulnerability in Adobe Shockwave Player Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie. | 9.3 |
| 2010-08-26 | CVE-2010-2870 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | 9.3 |
| 2010-08-26 | CVE-2010-2869 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file. | 9.3 |
| 2010-08-26 | CVE-2010-2868 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file. | 9.3 |
| 2010-08-26 | CVE-2010-2867 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability." | 9.3 |
| 2010-08-26 | CVE-2010-2866 | Adobe | Numeric Errors vulnerability in Adobe Shockwave Player Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie. | 9.3 |
| 2010-08-26 | CVE-2010-2864 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file. | 9.3 |
| 2010-08-26 | CVE-2009-3743 | Artifex | Numeric Errors vulnerability in Artifex products Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. | 9.3 |
| 2010-08-26 | CVE-2010-3137 | Nullsoft | Unspecified vulnerability in Nullsoft Winamp 5.581 Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file. | 9.3 |
| 2010-08-26 | CVE-2010-3136 | Skype | Unspecified vulnerability in Skype Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. | 9.3 |
| 2010-08-26 | CVE-2010-3135 | Cisco | Unspecified vulnerability in Cisco Packet Tracer 5.2 Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file. | 9.3 |
| 2010-08-26 | CVE-2010-3134 | Unspecified vulnerability in Google Earth 5.1.3535.3218 Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file. | 9.3 | |
| 2010-08-26 | CVE-2010-3133 | Wireshark | Unspecified vulnerability in Wireshark Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. | 9.3 |
| 2010-08-26 | CVE-2010-3132 | Adobe | Unspecified vulnerability in Adobe Dreamweaver 11.0 Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver. | 9.3 |
| 2010-08-26 | CVE-2010-3131 | Mozilla | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. | 9.3 |
| 2010-08-26 | CVE-2010-3130 | Techsmith | Unspecified vulnerability in Techsmith Snagit 10.0.0 Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file. | 9.3 |
| 2010-08-26 | CVE-2010-3129 | Utorrent | Unspecified vulnerability in Utorrent Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file. | 9.3 |
| 2010-08-26 | CVE-2010-3128 | Teamviewer | Unspecified vulnerability in Teamviewer Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. | 9.3 |
| 2010-08-26 | CVE-2010-3127 | Adobe | Unspecified vulnerability in Adobe Photoshop Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. | 9.3 |
| 2010-08-26 | CVE-2010-3126 | Avast | Unspecified vulnerability in Avast Antivirus Free 5.0.594 Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file. | 9.3 |
| 2010-08-26 | CVE-2010-3125 | Wolterskluwer | Unspecified vulnerability in Wolterskluwer Teammate Audit Management Software Suite 8.0 Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx file. | 9.3 |
| 2010-08-25 | CVE-2010-2935 | Openoffice Microsoft | Numeric Errors vulnerability in Openoffice Openoffice.Org 3.2.1 simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." | 9.3 |
| 2010-08-23 | CVE-2010-3109 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter. | 9.3 |
| 2010-08-23 | CVE-2010-3108 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names. | 9.3 |
| 2010-08-23 | CVE-2010-3106 | Novell | Improper Input Validation vulnerability in Novell Iprint The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method. | 9.3 |
| 2010-08-23 | CVE-2010-3105 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2010-08-23 | CVE-2010-1527 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action. | 9.3 |
12 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-08-26 | CVE-2010-2840 | Cisco | Improper Input Validation vulnerability in Cisco Unified Presence Server The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629. | 7.8 |
| 2010-08-26 | CVE-2010-2839 | Cisco | Resource Management Errors vulnerability in Cisco Unified Presence Server SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474. | 7.8 |
| 2010-08-26 | CVE-2010-2838 | Cisco | Unspecified vulnerability in Cisco Unified Communications Manager The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305. | 7.8 |
| 2010-08-26 | CVE-2010-2837 | Cisco | Unspecified vulnerability in Cisco Unified Communications Manager The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310. | 7.8 |
| 2010-08-25 | CVE-2010-3121 | Devonit | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Devonit Thin-Client Management Tool Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2010-08-25 | CVE-2010-2360 | Isamu Kaneko | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Isamu Kaneko Winny 2.0B5.7/2.0B7.1 Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007. | 7.5 |
| 2010-08-25 | CVE-2009-4993 | Script Shop24 | Code Injection vulnerability in Script-Shop24 LM Starmail Paidmail 2.0 PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
| 2010-08-25 | CVE-2009-4992 | Script Shop24 | SQL Injection vulnerability in Script-Shop24 LM Starmail Paidmail 2.0 SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2010-08-25 | CVE-2009-4987 | Scripteen | Improper Authentication vulnerability in Scripteen Free Image Hosting Script 2.3 admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | 7.5 |
| 2010-08-25 | CVE-2009-4985 | Websitesrus | SQL Injection vulnerability in Websitesrus Accessories ME PHP Affiliate Script 1.4 SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter. | 7.5 |
| 2010-08-25 | CVE-2009-4979 | Keil Software | SQL Injection vulnerability in Keil-Software Photokorn Gallery 1.81 Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters. | 7.5 |
| 2010-08-23 | CVE-2010-3107 | Novell | Permissions, Privileges, and Access Controls vulnerability in Novell Iprint A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module. | 7.1 |
30 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-08-25 | CVE-2010-1808 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Type Services, mac OS X and mac OS X Server Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | 6.8 |
| 2010-08-25 | CVE-2010-1801 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Coregraphics, mac OS X and mac OS X Server Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. | 6.8 |
| 2010-08-25 | CVE-2009-4986 | IN Portal | Path Traversal vulnerability in In-Portal 4.3.1 Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 6.8 |
| 2010-08-25 | CVE-2009-4982 | Irokez | SQL Injection vulnerability in Irokez CMS 0.7.1 SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI. | 6.8 |
| 2010-08-25 | CVE-2009-4981 | Keil Software | Cross-Site Request Forgery (CSRF) vulnerability in Keil-Software Photokorn Gallery 1.81 Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators. | 6.8 |
| 2010-08-24 | CVE-2010-1526 | Mono Project | Numeric Errors vulnerability in Mono-Project Libgdiplus 2.6.7 Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. | 6.8 |
| 2010-08-24 | CVE-2010-2784 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization and KVM The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | 6.6 |
| 2010-08-24 | CVE-2010-0431 | Redhat | Improper Input Validation vulnerability in Redhat Enterprise Virtualization and KVM QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | 6.6 |
| 2010-08-24 | CVE-2010-0429 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization and Qspice libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | 6.6 |
| 2010-08-24 | CVE-2010-0428 | Redhat | Improper Input Validation vulnerability in Redhat Enterprise Virtualization and Qspice libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | 6.6 |
| 2010-08-25 | CVE-2009-4977 | Tufat | Code Injection vulnerability in Tufat Mybackup 1.4.0 PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter. | 6.5 |
| 2010-08-23 | CVE-2010-1645 | Cacti | Improper Input Validation vulnerability in Cacti Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template. | 6.5 |
| 2010-08-25 | CVE-2010-2711 | HP Apple | Unspecified vulnerability in HP Magcloud Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors. | 6.4 |
| 2010-08-25 | CVE-2010-1802 | Apple | Improper Authentication vulnerability in Apple Libsecurity, mac OS X and mac OS X Server libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. | 6.4 |
| 2010-08-24 | CVE-2010-2811 | Redhat | Denial of Service vulnerability in Redhat Enterprise Virtualization 2.2 Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic. | 5.7 |
| 2010-08-26 | CVE-2010-2865 | Adobe | Denial-Of-Service vulnerability in Shockwave Player Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors. | 5.0 |
| 2010-08-25 | CVE-2010-3122 | Devonit | Credentials Management vulnerability in Devonit Thin-Client Management Tool The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network. | 5.0 |
| 2010-08-25 | CVE-2010-1800 | Apple | Information Exposure vulnerability in Apple Cfnetwork, mac OS X and mac OS X Server CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses. | 5.0 |
| 2010-08-25 | CVE-2009-4978 | Tufat | Path Traversal vulnerability in Tufat Mybackup 1.4.0 Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-08-24 | CVE-2010-3118 | Information Exposure vulnerability in Google Chrome The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature. | 5.0 | |
| 2010-08-24 | CVE-2010-3115 | Google Webkitgtk Canonical | Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors. | 5.0 |
| 2010-08-25 | CVE-2009-4995 | Smartertools | Cross-Site Scripting vulnerability in Smartertools Smartertrack Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. | 4.3 |
| 2010-08-25 | CVE-2009-4994 | Smartertools | Cross-Site Scripting vulnerability in Smartertools Smartertrack Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2010-08-25 | CVE-2009-4991 | Omnistaretools | Cross-Site Scripting vulnerability in Omnistaretools Omnistar Recruiting Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter. | 4.3 |
| 2010-08-25 | CVE-2009-4990 | Jrbcs Drupal | Cross-Site Scripting vulnerability in Jrbcs Webform Report Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. | 4.3 |
| 2010-08-25 | CVE-2009-4989 | Ajsquare | Cross-Site Scripting vulnerability in Ajsquare AJ Auction Pro-Oopd 3.0 Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. | 4.3 |
| 2010-08-25 | CVE-2009-4984 | Websitesrus | Cross-Site Scripting vulnerability in Websitesrus Accessories ME PHP Affiliate Script 1.4 Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php. | 4.3 |
| 2010-08-25 | CVE-2009-4983 | Snowhall | Cross-Site Scripting vulnerability in Snowhall Silurus System 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php. | 4.3 |
| 2010-08-25 | CVE-2009-4980 | Keil Software | Cross-Site Scripting vulnerability in Keil-Software Photokorn Gallery 1.81 Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. | 4.3 |
| 2010-08-24 | CVE-2010-3056 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|