Weekly Vulnerabilities Reports > September 13 to 19, 2010

Overview

86 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 48 vendors including Microsoft, IBM, Google, HP, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Improper Input Validation", and "Cryptographic Issues".

  • 77 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities have public exploit available.
  • 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 77 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-16 CVE-2010-3415 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2010-09-16 CVE-2010-3414 Google
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2010-09-15 CVE-2010-3398 IBM Unspecified vulnerability in IBM Lotus Sametime Connect Web Container

Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.

10.0
2010-09-16 CVE-2010-3412 Google Race Condition vulnerability in Google Chrome

Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.

9.3
2010-09-16 CVE-2010-3407 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Domino

Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.

9.3
2010-09-16 CVE-2010-3403 Qualcomm Unspecified vulnerability in Qualcomm Extensible Diagnostic Monitor 03.09.19

Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file.

9.3
2010-09-16 CVE-2010-3402 Ultraedit DLL Loading Arbitrary Code Execution vulnerability in IDM Computer Solutions UltraEdit 'dwmapi.dll'

Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.

9.3
2010-09-15 CVE-2010-2738 Microsoft Improper Input Validation vulnerability in Microsoft products

The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."

9.3
2010-09-15 CVE-2010-2730 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Information Services 7.5

Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx 'FastCGI is not enabled by default in IIS.'

9.3
2010-09-15 CVE-2010-2729 Microsoft Improper Input Validation vulnerability in Microsoft products

The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."

9.3
2010-09-15 CVE-2010-2728 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Outlook 2002/2003/2007

Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."

9.3
2010-09-15 CVE-2010-2567 Microsoft Code Injection vulnerability in Microsoft Windows Server 2003 and Windows XP

The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."

9.3
2010-09-15 CVE-2010-2563 Microsoft Code Injection vulnerability in Microsoft Windows Server 2003 and Windows XP

The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."

9.3
2010-09-15 CVE-2010-0818 Microsoft Code Injection vulnerability in Microsoft products

The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."

9.3
2010-09-15 CVE-2010-3397 PGP DLL Loading Arbitrary Code Execution vulnerability in PGP Desktop 10.0.0/9.10.0/9.9.0

Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file.

9.3
2010-09-15 CVE-2010-2884 Adobe
Google
Apple
Microsoft
Remote Code Execution vulnerability in Adobe Flash Player

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.

9.3
2010-09-15 CVE-2010-2600 RIM DLL Loading Arbitrary Code Execution vulnerability in BlackBerry Desktop Software

Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.

9.3
2010-09-15 CVE-2010-1326 March Hare Permissions, Privileges, and Access Controls vulnerability in March-Hare CVS Suite and Cvsnt

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.

9.3
2010-09-15 CVE-2010-0820 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability."

9.0
2010-09-15 CVE-2010-3009 HP
Linux
Information Disclosure Vulnerability in HP System Management Homepage 6.0/6.1

Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.

9.0

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-17 CVE-2010-3461 Endonesia SQL Injection vulnerability in Endonesia 8.4

SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.

7.5
2010-09-17 CVE-2010-3458 Getsymphony SQL Injection vulnerability in Getsymphony Symphony 2.0.7/2.1.1

SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/.

7.5
2010-09-16 CVE-2010-3428 Intermesh SQL Injection vulnerability in Intermesh Group-Office 3.5.9

SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.

7.5
2010-09-16 CVE-2010-3426 4You Studio
Joomla
Path Traversal vulnerability in 4You-Studio COM Jphone 1.0

Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-09-16 CVE-2010-3423 Freka
Drupal
SQL Injection vulnerability in Freka YR Verdata

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.

7.5
2010-09-16 CVE-2010-3422 Solventus
Joomla
SQL Injection vulnerability in Solventus COM Jgen 0.9.33

SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

7.5
2010-09-16 CVE-2010-3419 Haudenschilt Code Injection vulnerability in Haudenschilt Family Connections CMS 2.2.3

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.

7.5
2010-09-16 CVE-2010-3416 Google
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5
2010-09-16 CVE-2010-3404 Eshtery She7Ata SQL Injection vulnerability in Eshtery.She7Ata Eshtery CMS

Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

7.5
2010-09-15 CVE-2010-3069 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

7.5
2010-09-15 CVE-2010-3396 Kingsoft Buffer Errors vulnerability in Kingsoft Antivirus 2010.04.26.648

Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004.

7.2
2010-09-13 CVE-2010-3008 HP Unspecified vulnerability in HP Data Protector Express 3.1/3.5/4.0

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.

7.2

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-15 CVE-2010-1891 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2003 and Windows XP

The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."

6.9
2010-09-14 CVE-2010-2961 Scott James Remnant Race Condition vulnerability in Scott James Remnant Mountall 1.0

mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.

6.9
2010-09-14 CVE-2010-2953 Apache Remote Code Execution vulnerability in Apache Couchdb 0.8.0

Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.

6.9
2010-09-17 CVE-2010-3467 E Xoopport SQL Injection vulnerability in E-Xoopport Samsara 3.0/3.1

SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action.

6.8
2010-09-17 CVE-2010-3464 Santafox Cross-Site Request Forgery (CSRF) vulnerability in Santafox 2.02

Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php.

6.8
2010-09-16 CVE-2010-3405 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios

Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.

6.8
2010-09-15 CVE-2010-2731 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
6.8
2010-09-14 CVE-2010-2799 Dest Unreach Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dest-Unreach Socat

Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.

6.8
2010-09-14 CVE-2010-0153 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks.

6.8
2010-09-13 CVE-2010-3320 IBM Improper Input Validation vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1

Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.8
2010-09-14 CVE-2010-3322 Splunk Permissions, Privileges, and Access Controls vulnerability in Splunk

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

6.0
2010-09-15 CVE-2010-3400 Mozilla Cryptographic Issues vulnerability in Mozilla Firefox and Seamonkey

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.

5.8
2010-09-15 CVE-2010-3399 Mozilla Cryptographic Issues vulnerability in Mozilla Firefox

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.

5.8
2010-09-15 CVE-2010-3171 Mozilla Cryptographic Issues vulnerability in Mozilla Firefox

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.

5.8
2010-09-17 CVE-2010-3460 Gecad
Microsoft
Path Traversal vulnerability in Gecad Axigen Mail Server

Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.

5.0
2010-09-17 CVE-2010-3456 Energyscripts Path Traversal vulnerability in Energyscripts Simple Download 1.0

Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a ..

5.0
2010-09-17 CVE-2010-3075 Arg0 Cryptographic Issues vulnerability in Arg0 Encfs

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.

5.0
2010-09-17 CVE-2010-3011 HP Improper Input Validation vulnerability in HP System Management Homepage

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.0
2010-09-16 CVE-2010-3417 Google Information Exposure vulnerability in Google Chrome

Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.

5.0
2010-09-16 CVE-2010-3413 Google Denial-Of-Service vulnerability in Chrome

Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5.0
2010-09-16 CVE-2010-3411 Google
Linux
Reachable Assertion vulnerability in Google Chrome

Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.

5.0
2010-09-15 CVE-2010-2580 Mailenable Improper Input Validation vulnerability in Mailenable

The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."

5.0
2010-09-13 CVE-2010-3319 IBM Credentials Management vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.

5.0
2010-09-13 CVE-2010-3318 IBM Credentials Management vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2010-09-14 CVE-2010-3323 Splunk Unspecified vulnerability in Splunk

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

4.6
2010-09-17 CVE-2010-3466 Netartmedia Cross-Site Scripting vulnerability in Netartmedia Iboutique.Mall 1.2

Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter.

4.3
2010-09-17 CVE-2010-3465 Ecommercesoft Cross-Site Scripting vulnerability in Ecommercesoft XSE Shopping Cart 1.5.2.1/1.5.3.0

Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx.

4.3
2010-09-17 CVE-2010-3463 Santafox Cross-Site Scripting vulnerability in Santafox 2.02

Cross-site scripting (XSS) vulnerability in modules/search/search.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the search parameter to search.html.

4.3
2010-09-17 CVE-2010-3462 Mollify Cross-Site Scripting vulnerability in Mollify 1.6/1.6.5.5

Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter.

4.3
2010-09-17 CVE-2010-3459 Gecad Cross-Site Scripting vulnerability in Gecad Axigen Mail Server

Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-17 CVE-2010-3457 Getsymphony Cross-Site Scripting vulnerability in Getsymphony Symphony 2.0.7/2.1.1

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/.

4.3
2010-09-17 CVE-2010-3455 Atutor Cross-Site Scripting vulnerability in Atutor Achecker 1.0

Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter.

4.3
2010-09-17 CVE-2010-3012 HP Cross-Site Scripting vulnerability in HP System Management Homepage

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-17 CVE-2010-3324 Microsoft Cross-Site Scripting vulnerability in Microsoft products

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.

4.3
2010-09-16 CVE-2010-3427 Open Classifieds Cross-Site Scripting vulnerability in Open-Classifieds Open Classifieds 1.7.0.2

Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php.

4.3
2010-09-16 CVE-2010-3425 Smartertools Cross-Site Scripting vulnerability in Smartertools Smarterstats 5.3/5.3.3819

Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2010-09-16 CVE-2010-3424 Invisionpower Cross-Site Scripting vulnerability in Invisioncommunity Invision Power Board 3.1.2

Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-16 CVE-2010-3421 Productcart Cross-Site Scripting vulnerability in Productcart 3.0/4.1

Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995.

4.3
2010-09-16 CVE-2010-3420 Webassist Cross-Site Scripting vulnerability in Webassist Powerstore 3.0

Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter.

4.3
2010-09-16 CVE-2010-3418 Netartmedia Cross-Site Scripting vulnerability in Netartmedia CAR Portal 1.0/2.0

Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php.

4.3
2010-09-15 CVE-2010-3010 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-15 CVE-2010-1899 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx 'ASP pages are prohibited by default on IIS 6.0.

4.3
2010-09-14 CVE-2010-3082 Djangoproject Cross-Site Scripting vulnerability in Djangoproject Django 1.2.1/1.2.2

Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.

4.3
2010-09-14 CVE-2010-0152 IBM Cross-Site Scripting vulnerability in IBM products

Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters.

4.3
2010-09-13 CVE-2010-3317 IBM Cross-Site Scripting vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1

Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-13 CVE-2010-3202 Flock Cross-Site Scripting vulnerability in Flock 3.0.0.3989

Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.

4.3
2010-09-13 CVE-2010-2952 Apache Improper Input Validation vulnerability in Apache Traffic Server 2.0.0/2.1.0/2.1.1

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

4.3
2010-09-13 CVE-2010-2366 Futomi Cross-Site Scripting vulnerability in Futomi Access Analyzer CGI

Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-14 CVE-2010-0154 IBM Path Traversal vulnerability in IBM products

Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a ..

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-15 CVE-2010-3089 GNU Cross-Site Scripting vulnerability in GNU Mailman

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

3.5
2010-09-14 CVE-2010-0155 IBM Code Injection vulnerability in IBM products

CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.

3.5
2010-09-17 CVE-2010-3074 Arg0 Cryptographic Issues vulnerability in Arg0 Encfs

SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.

2.1
2010-09-17 CVE-2010-3073 Arg0 Cryptographic Issues vulnerability in Arg0 Encfs

SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

2.1
2010-09-16 CVE-2010-3406 IBM Local Privilege Escalation and Security Bypass vulnerability in IBM AIX 5.3

Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.

1.7