Weekly Vulnerabilities Reports > August 23 to 29, 2010

Overview

118 new vulnerabilities reported during this period, including 70 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 82 products from 44 vendors including Adobe, Microsoft, Google, Redhat, and Apple. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Numeric Errors", and "Permissions, Privileges, and Access Controls".

  • 112 reported vulnerabilities are remotely exploitables.
  • 45 reported vulnerabilities have public exploit available.
  • 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 111 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 28 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 27 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

70 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-08-26 CVE-2010-2863 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

10.0
2010-08-25 CVE-2010-2362 Winny Improper Input Validation vulnerability in Winny

Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.

10.0
2010-08-25 CVE-2010-2361 Winny Improper Input Validation vulnerability in Winny

Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.

10.0
2010-08-25 CVE-2009-4988 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Business ONE 2005-A 6.80.123/6.80.320

Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.

10.0
2010-08-24 CVE-2010-3120 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2010-08-24 CVE-2010-3119 Google
Webkitgtk
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2010-08-24 CVE-2010-3117 Google Denial-Of-Service vulnerability in Chrome

Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.

10.0
2010-08-24 CVE-2010-3116 Google
Apple
Webkitgtk
Canonical
USE After Free vulnerability in multiple products

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

10.0
2010-08-24 CVE-2010-3114 Google
Webkitgtk
Canonical
The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/.
10.0
2010-08-24 CVE-2010-3113 Google
Webkitgtk
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.

10.0
2010-08-24 CVE-2010-3112 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2010-08-24 CVE-2010-3111 Google Remote Security vulnerability in Chrome

Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.

10.0
2010-08-24 CVE-2010-2947 JAN Engelhardt Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in JAN Engelhardt Libhx

Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.

10.0
2010-08-27 CVE-2010-3155 Adobe Unspecified vulnerability in Adobe Extendedscript Toolkit CS5 3.5.0.52

Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jsx file.

9.3
2010-08-27 CVE-2010-3154 Adobe Unspecified vulnerability in Adobe Extension Manager CS5 5.0.298

Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .mxi or .mxp file.

9.3
2010-08-27 CVE-2010-3153 Adobe Unspecified vulnerability in Adobe Indesign CS4 6.0

Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file.

9.3
2010-08-27 CVE-2010-3152 Adobe Unspecified vulnerability in Adobe Illustrator 14.0/15.0.1

Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.

9.3
2010-08-27 CVE-2010-3151 Adobe Unspecified vulnerability in Adobe Onlocation CS4 4.0.1/4.0.2/4.0.3

Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an OLPROJ file.

9.3
2010-08-27 CVE-2010-3150 Adobe Unspecified vulnerability in Adobe Premier PRO CS4 4.0.0(314(Mc:160820))

Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (314 (MC: 160820)) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as a .pproj, .prfpset, .prexport, .prm, .prmp, .prpreset, .prproj, .prsl, .prtl, or .vpr file.

9.3
2010-08-27 CVE-2010-3149 Adobe Unspecified vulnerability in Adobe Device Central CS5 3.0.0(376)

Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file.

9.3
2010-08-27 CVE-2010-3148 Microsoft Unspecified vulnerability in Microsoft Visio 2003

Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."

9.3
2010-08-27 CVE-2010-3147 Microsoft Unspecified vulnerability in Microsoft products

Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.

9.3
2010-08-27 CVE-2010-3146 Microsoft Unspecified vulnerability in Microsoft Groove 2007

Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-016 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

9.3
2010-08-27 CVE-2010-3145 Microsoft Unspecified vulnerability in Microsoft Windows Vista

Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."

9.3
2010-08-27 CVE-2010-3144 Microsoft Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP

Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."

9.3
2010-08-27 CVE-2010-3143 Microsoft Unspecified vulnerability in Microsoft Windows

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file.

9.3
2010-08-27 CVE-2010-3142 Microsoft Unspecified vulnerability in Microsoft Powerpoint 2007

Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.

9.3
2010-08-27 CVE-2010-3141 Microsoft Unspecified vulnerability in Microsoft Powerpoint 2010

Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.

9.3
2010-08-27 CVE-2010-3140 Microsoft Unspecified vulnerability in Microsoft Windows XP

Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file.

9.3
2010-08-27 CVE-2010-3139 Microsoft Unspecified vulnerability in Microsoft Windows

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

9.3
2010-08-27 CVE-2010-3138 Microsoft
Bsplayer
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
9.3
2010-08-26 CVE-2010-2882 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.

9.3
2010-08-26 CVE-2010-2881 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.

9.3
2010-08-26 CVE-2010-2880 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.

9.3
2010-08-26 CVE-2010-2879 Adobe Numeric Errors vulnerability in Adobe Shockwave Player

Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.

9.3
2010-08-26 CVE-2010-2878 Adobe Improper Input Validation vulnerability in Adobe Shockwave Player

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

9.3
2010-08-26 CVE-2010-2877 Adobe Improper Input Validation vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.

9.3
2010-08-26 CVE-2010-2876 Adobe Improper Input Validation vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

9.3
2010-08-26 CVE-2010-2875 Adobe Numeric Errors vulnerability in Adobe Shockwave Player

Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.

9.3
2010-08-26 CVE-2010-2873 Adobe Improper Input Validation vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

9.3
2010-08-26 CVE-2010-2872 Adobe Improper Input Validation vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.

9.3
2010-08-26 CVE-2010-2871 Adobe Numeric Errors vulnerability in Adobe Shockwave Player

Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.

9.3
2010-08-26 CVE-2010-2870 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

9.3
2010-08-26 CVE-2010-2869 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file.

9.3
2010-08-26 CVE-2010-2868 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file.

9.3
2010-08-26 CVE-2010-2867 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability."

9.3
2010-08-26 CVE-2010-2866 Adobe Numeric Errors vulnerability in Adobe Shockwave Player

Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.

9.3
2010-08-26 CVE-2010-2864 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file.

9.3
2010-08-26 CVE-2009-3743 Artifex Numeric Errors vulnerability in Artifex products

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

9.3
2010-08-26 CVE-2010-3137 Nullsoft Unspecified vulnerability in Nullsoft Winamp 5.581

Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.

9.3
2010-08-26 CVE-2010-3136 Skype Unspecified vulnerability in Skype

Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.

9.3
2010-08-26 CVE-2010-3135 Cisco Unspecified vulnerability in Cisco Packet Tracer 5.2

Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file.

9.3
2010-08-26 CVE-2010-3134 Google Unspecified vulnerability in Google Earth 5.1.3535.3218

Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file.

9.3
2010-08-26 CVE-2010-3133 Wireshark Unspecified vulnerability in Wireshark

Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.

9.3
2010-08-26 CVE-2010-3132 Adobe Unspecified vulnerability in Adobe Dreamweaver 11.0

Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.

9.3
2010-08-26 CVE-2010-3131 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.

9.3
2010-08-26 CVE-2010-3130 Techsmith Unspecified vulnerability in Techsmith Snagit 10.0.0

Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.

9.3
2010-08-26 CVE-2010-3129 Utorrent Unspecified vulnerability in Utorrent

Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.

9.3
2010-08-26 CVE-2010-3128 Teamviewer Unspecified vulnerability in Teamviewer

Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.

9.3
2010-08-26 CVE-2010-3127 Adobe Unspecified vulnerability in Adobe Photoshop

Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop.

9.3
2010-08-26 CVE-2010-3126 Avast Unspecified vulnerability in Avast Antivirus Free 5.0.594

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.

9.3
2010-08-26 CVE-2010-3125 Wolterskluwer Unspecified vulnerability in Wolterskluwer Teammate Audit Management Software Suite 8.0

Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx file.

9.3
2010-08-26 CVE-2010-3124 Videolan Unspecified vulnerability in Videolan VLC Media Player

Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.

9.3
2010-08-25 CVE-2010-2936 Openoffice
Microsoft
Numeric Errors vulnerability in Openoffice Openoffice.Org 3.2.1

Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.

9.3
2010-08-25 CVE-2010-2935 Openoffice
Microsoft
Numeric Errors vulnerability in Openoffice Openoffice.Org 3.2.1

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

9.3
2010-08-23 CVE-2010-3109 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint

Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.

9.3
2010-08-23 CVE-2010-3108 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint

Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.

9.3
2010-08-23 CVE-2010-3106 Novell Improper Input Validation vulnerability in Novell Iprint

The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.

9.3
2010-08-23 CVE-2010-3105 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint

The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2010-08-23 CVE-2010-1527 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint

Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.

9.3

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-08-26 CVE-2010-2840 Cisco Improper Input Validation vulnerability in Cisco Unified Presence Server

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

7.8
2010-08-26 CVE-2010-2839 Cisco Resource Management Errors vulnerability in Cisco Unified Presence Server

SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.

7.8
2010-08-26 CVE-2010-2838 Cisco Unspecified vulnerability in Cisco Unified Communications Manager

The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.

7.8
2010-08-26 CVE-2010-2837 Cisco Unspecified vulnerability in Cisco Unified Communications Manager

The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.

7.8
2010-08-25 CVE-2010-3121 Devonit Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Devonit Thin-Client Management Tool

Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2010-08-25 CVE-2010-2360 Isamu Kaneko Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Isamu Kaneko Winny 2.0B5.7/2.0B7.1

Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007.

7.5
2010-08-25 CVE-2009-4993 Script Shop24 Code Injection vulnerability in Script-Shop24 LM Starmail Paidmail 2.0

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2010-08-25 CVE-2009-4992 Script Shop24 SQL Injection vulnerability in Script-Shop24 LM Starmail Paidmail 2.0

SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2010-08-25 CVE-2009-4987 Scripteen Improper Authentication vulnerability in Scripteen Free Image Hosting Script 2.3

admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.

7.5
2010-08-25 CVE-2009-4985 Websitesrus SQL Injection vulnerability in Websitesrus Accessories ME PHP Affiliate Script 1.4

SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.

7.5
2010-08-25 CVE-2009-4979 Keil Software SQL Injection vulnerability in Keil-Software Photokorn Gallery 1.81

Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters.

7.5
2010-08-24 CVE-2010-3055 Phpmyadmin Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

7.5
2010-08-23 CVE-2010-3107 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Iprint

A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.

7.1

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-08-25 CVE-2010-1808 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Type Services, mac OS X and mac OS X Server

Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

6.8
2010-08-25 CVE-2010-1801 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Coregraphics, mac OS X and mac OS X Server

Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.

6.8
2010-08-25 CVE-2009-4986 IN Portal Path Traversal vulnerability in In-Portal 4.3.1

Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

6.8
2010-08-25 CVE-2009-4982 Irokez SQL Injection vulnerability in Irokez CMS 0.7.1

SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI.

6.8
2010-08-25 CVE-2009-4981 Keil Software Cross-Site Request Forgery (CSRF) vulnerability in Keil-Software Photokorn Gallery 1.81

Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators.

6.8
2010-08-24 CVE-2010-1526 Mono Project Numeric Errors vulnerability in Mono-Project Libgdiplus 2.6.7

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.

6.8
2010-08-24 CVE-2010-2784 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization and KVM

The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

6.6
2010-08-24 CVE-2010-0431 Redhat Improper Input Validation vulnerability in Redhat Enterprise Virtualization and KVM

QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.

6.6
2010-08-24 CVE-2010-0429 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization and Qspice

libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

6.6
2010-08-24 CVE-2010-0428 Redhat Improper Input Validation vulnerability in Redhat Enterprise Virtualization and Qspice

libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.

6.6
2010-08-25 CVE-2009-4977 Tufat Code Injection vulnerability in Tufat Mybackup 1.4.0

PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.

6.5
2010-08-23 CVE-2010-1645 Cacti Improper Input Validation vulnerability in Cacti

Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

6.5
2010-08-25 CVE-2010-2711 HP
Apple
Unspecified vulnerability in HP Magcloud

Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors.

6.4
2010-08-25 CVE-2010-1802 Apple Improper Authentication vulnerability in Apple Libsecurity, mac OS X and mac OS X Server

libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com.

6.4
2010-08-24 CVE-2010-2811 Redhat Denial of Service vulnerability in Redhat Enterprise Virtualization 2.2

Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.

5.7
2010-08-26 CVE-2010-2865 Adobe Denial-Of-Service vulnerability in Shockwave Player

Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors.

5.0
2010-08-25 CVE-2010-3122 Devonit Credentials Management vulnerability in Devonit Thin-Client Management Tool

The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network.

5.0
2010-08-25 CVE-2010-1800 Apple Information Exposure vulnerability in Apple Cfnetwork, mac OS X and mac OS X Server

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.

5.0
2010-08-25 CVE-2009-4978 Tufat Path Traversal vulnerability in Tufat Mybackup 1.4.0

Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a ..

5.0
2010-08-24 CVE-2010-3118 Google Information Exposure vulnerability in Google Chrome

The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.

5.0
2010-08-24 CVE-2010-3115 Google
Webkitgtk
Canonical
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
5.0
2010-08-24 CVE-2010-0435 Redhat Unspecified vulnerability in Redhat Enterprise Virtualization and KVM

The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation.

4.6
2010-08-25 CVE-2009-4995 Smartertools Cross-Site Scripting vulnerability in Smartertools Smartertrack

Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field.

4.3
2010-08-25 CVE-2009-4994 Smartertools Cross-Site Scripting vulnerability in Smartertools Smartertrack

Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2010-08-25 CVE-2009-4991 Omnistaretools Cross-Site Scripting vulnerability in Omnistaretools Omnistar Recruiting

Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter.

4.3
2010-08-25 CVE-2009-4990 Jrbcs
Drupal
Cross-Site Scripting vulnerability in Jrbcs Webform Report

Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.

4.3
2010-08-25 CVE-2009-4989 Ajsquare Cross-Site Scripting vulnerability in Ajsquare AJ Auction Pro-Oopd 3.0

Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action.

4.3
2010-08-25 CVE-2009-4984 Websitesrus Cross-Site Scripting vulnerability in Websitesrus Accessories ME PHP Affiliate Script 1.4

Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.

4.3
2010-08-25 CVE-2009-4983 Snowhall Cross-Site Scripting vulnerability in Snowhall Silurus System 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.

4.3
2010-08-25 CVE-2009-4980 Keil Software Cross-Site Scripting vulnerability in Keil-Software Photokorn Gallery 1.81

Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php.

4.3
2010-08-24 CVE-2010-3056 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

4.3
2010-08-23 CVE-2010-2545 Cacti Cross-Site Scripting vulnerability in Cacti

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.

4.3
2010-08-23 CVE-2010-2544 Cacti Cross-Site Scripting vulnerability in Cacti

Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

4.3
2010-08-23 CVE-2010-2543 Cacti Cross-Site Scripting vulnerability in Cacti

Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php.

4.3
2010-08-23 CVE-2010-1644 Cacti Cross-Site Scripting vulnerability in Cacti

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS