Weekly Vulnerabilities Reports > September 20 to 26, 2010
Overview
75 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 57 products from 39 vendors including IBM, Cisco, Google, Canonical, and Opensuse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Path Traversal", and "Use After Free".
- 68 reported vulnerabilities are remotely exploitables.
- 15 reported vulnerabilities have public exploit available.
- 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 62 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-24 | CVE-2010-1825 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. | 9.3 | |
2010-09-24 | CVE-2010-1824 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. | 9.3 |
2010-09-24 | CVE-2010-1823 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. | 9.3 |
21 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-24 | CVE-2010-1772 | Google Redhat Canonical Opensuse Fedoraproject | Use After Free vulnerability in multiple products Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. | 8.8 |
2010-09-24 | CVE-2010-3081 | Linux Vmware Suse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. | 7.8 |
2010-09-23 | CVE-2010-2836 | Cisco | Resource Management Errors vulnerability in Cisco IOS Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685. | 7.8 |
2010-09-23 | CVE-2010-2835 | Cisco | Unspecified vulnerability in Cisco Ios, IOS XE and Unified Communications Manager Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358. | 7.8 |
2010-09-23 | CVE-2010-2834 | Cisco | Unspecified vulnerability in Cisco Ios, IOS XE and Unified Communications Manager Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987. | 7.8 |
2010-09-23 | CVE-2010-2833 | Cisco | Unspecified vulnerability in Cisco IOS and IOS XE Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472. | 7.8 |
2010-09-23 | CVE-2010-2832 | Cisco | Unspecified vulnerability in Cisco IOS and IOS XE Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428. | 7.8 |
2010-09-23 | CVE-2010-2831 | Cisco | Unspecified vulnerability in Cisco IOS and IOS XE Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624. | 7.8 |
2010-09-23 | CVE-2010-2829 | Cisco | H.323 Unspecified Denial of Service vulnerability in Cisco IOS XE Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567. | 7.8 |
2010-09-23 | CVE-2010-2828 | Cisco | H.323 Unspecified Denial of Service vulnerability in Cisco IOS XE Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759. | 7.8 |
2010-09-23 | CVE-2010-3279 | Alcatel Lucent | Configuration vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. | 7.6 |
2010-09-24 | CVE-2010-3608 | Wire Plastic Design | SQL Injection vulnerability in Wire Plastic Design Wpquiz 2.7 Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php. | 7.5 |
2010-09-24 | CVE-2010-3604 | Alex Kellner Typo3 | SQL Injection vulnerability in Alex Kellner Powermail SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-09-24 | CVE-2010-3601 | Invisionpower | SQL Injection vulnerability in Invisionpower Ibphotohost 1.1.2 SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. | 7.5 |
2010-09-22 | CVE-2010-3485 | Lightneasy | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |
2010-09-22 | CVE-2010-3484 | Lightneasy | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |
2010-09-22 | CVE-2010-3483 | Bouzouste | Permissions, Privileges, and Access Controls vulnerability in Bouzouste Primitive CMS 1.0.9 cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | 7.5 |
2010-09-22 | CVE-2010-3479 | Boutikone | SQL Injection vulnerability in Boutikone 1.0 SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2010-09-22 | CVE-2009-5003 | E Soft24 | SQL Injection vulnerability in E-Soft24 Banner Exchange Script 1.0 SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | 7.5 |
2010-09-22 | CVE-2010-3313 | Egroupware | Code Injection vulnerability in Egroupware phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters. | 7.5 |
2010-09-23 | CVE-2010-2830 | Cisco | Unspecified vulnerability in Cisco IOS and IOS XE The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. | 7.1 |
46 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-23 | CVE-2010-3280 | Alcatel Lucent | Information Exposure vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. | 6.9 |
2010-09-24 | CVE-2010-3606 | Netartmedia | Path Traversal vulnerability in Netartmedia Real Estate Portal 2.0 Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters. | 6.8 |
2010-09-24 | CVE-2010-3603 | Sourcetreesolutions | Cross-Site Request Forgery (CSRF) vulnerability in Sourcetreesolutions Mojoportal 2.3.4.3/2.3.5.1 Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information. | 6.8 |
2010-09-24 | CVE-2010-1773 | Google Redhat Canonical Opensuse Fedoraproject | Off-By-One Error vulnerability in multiple products Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. | 6.8 |
2010-09-24 | CVE-2010-1767 | Cross-Site Request Forgery (CSRF) vulnerability in Google Chrome Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation. | 6.8 | |
2010-09-22 | CVE-2010-3481 | Apphp | SQL Injection vulnerability in Apphp PHP Microcms 1.0.1 Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. | 6.8 |
2010-09-22 | CVE-2010-3480 | Apphp | Path Traversal vulnerability in Apphp PHP Microcms 1.0.1 Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2010-09-21 | CVE-2010-1820 | Apple | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. | 6.8 |
2010-09-22 | CVE-2010-3482 | Bouzouste | SQL Injection vulnerability in Bouzouste Primitive CMS 1.0.9 Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. | 6.5 |
2010-09-24 | CVE-2010-3304 | Dovecot | Permissions, Privileges, and Access Controls vulnerability in Dovecot The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. | 6.4 |
2010-09-22 | CVE-2010-3332 | Microsoft | Information Exposure Through AN Error Message vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | 6.4 |
2010-09-20 | CVE-2009-5002 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 4.0.2 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | 6.4 |
2010-09-20 | CVE-2010-3473 | IBM | Improper Input Validation vulnerability in IBM Filenet P8 Application Engine 3.5.1 Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2010-09-21 | CVE-2010-3092 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. | 5.5 |
2010-09-21 | CVE-2010-3078 | Linux Opensuse Suse Canonical Vmware | Information Exposure vulnerability in multiple products The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | 5.5 |
2010-09-21 | CVE-2010-2942 | Linux Canonical Opensuse Suse Avaya Vmware | Memory Leak vulnerability in multiple products The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. | 5.5 |
2010-09-23 | CVE-2010-3281 | Alcatel Lucent | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel-Lucent Omnivista 4760 Server Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request. | 5.4 |
2010-09-24 | CVE-2010-3306 | Salvo G Tomaselli | Path Traversal vulnerability in Salvo G. Tomaselli Weborf Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI. | 5.0 |
2010-09-24 | CVE-2010-3285 | HP | Unspecified vulnerability in HP Openview Network Node Manager 7.51/7.53 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
2010-09-24 | CVE-2010-3261 | RSA | Path Traversal vulnerability in RSA Authentication Agent FOR web Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. | 5.0 |
2010-09-22 | CVE-2010-3488 | Houbysoft | Path Traversal vulnerability in Houbysoft Quickshare 1.0 Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... | 5.0 |
2010-09-22 | CVE-2010-3487 | Yellosoft | Path Traversal vulnerability in Yellosoft Pinky 1.0 Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | 5.0 |
2010-09-22 | CVE-2010-3486 | Smartertools | Path Traversal vulnerability in Smartertools Smartermail 7.1.3876 Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | 5.0 |
2010-09-20 | CVE-2010-3476 | Otrs | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080. | 5.0 |
2010-09-20 | CVE-2010-3474 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2 IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | 5.0 |
2010-09-20 | CVE-2010-3072 | Squid Cache | Denial Of Service vulnerability in Squid Proxy String Processing NULL Pointer Dereference The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | 5.0 |
2010-09-24 | CVE-2010-3607 | Netartmedia | Cross-Site Scripting vulnerability in Netartmedia Real Estate Portal 2.0 Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2010-09-24 | CVE-2010-3605 | Alex Kellner Typo3 | Cross-Site Scripting vulnerability in Alex Kellner Powermail Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-09-24 | CVE-2010-3602 | Sourcetreesolutions | Cross-Site Scripting vulnerability in Sourcetreesolutions Mojoportal 2.3.4.3/2.3.5.1 Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. | 4.3 |
2010-09-24 | CVE-2010-3284 | HP | Information Exposure vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors. | 4.3 |
2010-09-24 | CVE-2010-3283 | HP | Improper Input Validation vulnerability in HP System Management Homepage Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.3 |
2010-09-24 | CVE-2010-2491 | Roundup Tracker | Cross-Site Scripting vulnerability in Roundup-Tracker Roundup Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. | 4.3 |
2010-09-22 | CVE-2010-3489 | Digitalworkroom | Cross-Site Scripting vulnerability in Digitalworkroom CMS Digital Workroom 5.3.1/5.5.0 Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter. | 4.3 |
2010-09-22 | CVE-2010-3314 | Egroupware | Cross-Site Scripting vulnerability in Egroupware Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
2010-09-20 | CVE-2010-3472 | IBM | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1 Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-09-20 | CVE-2010-3471 | IBM | Improper Authentication vulnerability in IBM Filenet P8 Application Engine 4.0.2 Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
2010-09-20 | CVE-2010-3470 | IBM | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1/4.0.2 Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-09-20 | CVE-2009-5000 | IBM | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 4.0.2 Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | 4.3 |
2010-09-20 | CVE-2009-4999 | IBM | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1 Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. | 4.3 |
2010-09-20 | CVE-2010-3262 | Flock | Cross-Site Scripting vulnerability in Flock 0.7.14 Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | 4.3 |
2010-09-20 | CVE-2010-3200 | Microsoft | Unspecified vulnerability in Microsoft Word 2003 MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. | 4.3 |
2010-09-21 | CVE-2010-0781 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. | 4.0 |
2010-09-20 | CVE-2010-3475 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2 IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | 4.0 |
2010-09-20 | CVE-2009-5001 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 4.0.2 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | 4.0 |
2010-09-20 | CVE-2006-7242 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | 4.0 |
2010-09-20 | CVE-2006-7241 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1 The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-21 | CVE-2010-3093 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. | 3.5 |
2010-09-20 | CVE-2010-2080 | Otrs | Cross-Site Scripting vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2010-09-20 | CVE-2009-4998 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1/4.0.2 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 2.6 |
2010-09-21 | CVE-2010-3094 | Drupal | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | 2.1 |
2010-09-20 | CVE-2008-7261 | IBM | Credentials Management vulnerability in IBM Filenet P8 Application Engine 3.5.1 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. | 2.1 |