Weekly Vulnerabilities Reports > September 20 to 26, 2010

Overview

80 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 63 products from 41 vendors including IBM, Cisco, Canonical, Linux, and Google. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Path Traversal", and "Use After Free".

  • 69 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 70 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-24 CVE-2010-1825 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.

9.3
2010-09-24 CVE-2010-1824 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

9.3
2010-09-24 CVE-2010-1823 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

9.3

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-23 CVE-2010-2836 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.

7.8
2010-09-23 CVE-2010-2835 Cisco Unspecified vulnerability in Cisco Ios, IOS XE and Unified Communications Manager

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.

7.8
2010-09-23 CVE-2010-2834 Cisco Unspecified vulnerability in Cisco Ios, IOS XE and Unified Communications Manager

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.

7.8
2010-09-23 CVE-2010-2833 Cisco Unspecified vulnerability in Cisco IOS and IOS XE

Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.

7.8
2010-09-23 CVE-2010-2832 Cisco Unspecified vulnerability in Cisco IOS and IOS XE

Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.

7.8
2010-09-23 CVE-2010-2831 Cisco Unspecified vulnerability in Cisco IOS and IOS XE

Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.

7.8
2010-09-23 CVE-2010-2829 Cisco H.323 Unspecified Denial of Service vulnerability in Cisco IOS XE

Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567.

7.8
2010-09-23 CVE-2010-2828 Cisco H.323 Unspecified Denial of Service vulnerability in Cisco IOS XE

Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759.

7.8
2010-09-23 CVE-2010-3279 Alcatel Lucent Configuration vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center

The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe.

7.6
2010-09-24 CVE-2010-3608 Wire Plastic Design SQL Injection vulnerability in Wire Plastic Design Wpquiz 2.7

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.

7.5
2010-09-24 CVE-2010-3604 Alex Kellner
Typo3
SQL Injection vulnerability in Alex Kellner Powermail

SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-09-24 CVE-2010-3601 Invisionpower SQL Injection vulnerability in Invisionpower Ibphotohost 1.1.2

SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.

7.5
2010-09-22 CVE-2010-3485 Lightneasy SQL Injection vulnerability in Lightneasy 3.2.1

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593.

7.5
2010-09-22 CVE-2010-3484 Lightneasy SQL Injection vulnerability in Lightneasy 3.2.1

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.

7.5
2010-09-22 CVE-2010-3483 Bouzouste Permissions, Privileges, and Access Controls vulnerability in Bouzouste Primitive CMS 1.0.9

cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.

7.5
2010-09-22 CVE-2010-3479 Boutikone SQL Injection vulnerability in Boutikone 1.0

SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2010-09-22 CVE-2009-5003 E Soft24 SQL Injection vulnerability in E-Soft24 Banner Exchange Script 1.0

SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.

7.5
2010-09-22 CVE-2010-3313 Egroupware Code Injection vulnerability in Egroupware

phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.

7.5
2010-09-24 CVE-2010-3081 Linux
Vmware
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

7.2
2010-09-22 CVE-2010-3301 Linux
Suse
Canonical
Improper Privilege Management vulnerability in multiple products

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register.

7.2
2010-09-21 CVE-2010-3080 Linux
Opensuse
Suse
Canonical
Double Free vulnerability in multiple products

Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.

7.2
2010-09-23 CVE-2010-2830 Cisco Unspecified vulnerability in Cisco IOS and IOS XE

The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.

7.1

47 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-23 CVE-2010-3280 Alcatel Lucent Information Exposure vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center

The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.

6.9
2010-09-24 CVE-2010-3606 Netartmedia Path Traversal vulnerability in Netartmedia Real Estate Portal 2.0

Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters.

6.8
2010-09-24 CVE-2010-3603 Sourcetreesolutions Cross-Site Request Forgery (CSRF) vulnerability in Sourcetreesolutions Mojoportal 2.3.4.3/2.3.5.1

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.

6.8
2010-09-24 CVE-2010-1773 Google
Redhat
Canonical
Opensuse
Fedoraproject
Off-By-One Error vulnerability in multiple products

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

6.8
2010-09-24 CVE-2010-1772 Google
Redhat
Canonical
Opensuse
Fedoraproject
USE After Free vulnerability in multiple products

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

6.8
2010-09-24 CVE-2010-1767 Google Cross-Site Request Forgery (CSRF) vulnerability in Google Chrome

Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.

6.8
2010-09-22 CVE-2010-3481 Apphp SQL Injection vulnerability in Apphp PHP Microcms 1.0.1

Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php.

6.8
2010-09-22 CVE-2010-3480 Apphp Path Traversal vulnerability in Apphp PHP Microcms 1.0.1

Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-09-21 CVE-2010-1820 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.

6.8
2010-09-22 CVE-2010-3482 Bouzouste SQL Injection vulnerability in Bouzouste Primitive CMS 1.0.9

Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters.

6.5
2010-09-24 CVE-2010-3304 Dovecot Permissions, Privileges, and Access Controls vulnerability in Dovecot

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.

6.4
2010-09-22 CVE-2010-3332 Microsoft Information Exposure Through AN Error Message vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

6.4
2010-09-20 CVE-2009-5002 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 4.0.2

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection.

6.4
2010-09-20 CVE-2010-3473 IBM Improper Input Validation vulnerability in IBM Filenet P8 Application Engine 3.5.1

Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2010-09-21 CVE-2010-3092 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

5.5
2010-09-23 CVE-2010-3281 Alcatel Lucent Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel-Lucent Omnivista 4760 Server

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.

5.4
2010-09-24 CVE-2010-3306 Salvo G Tomaselli Path Traversal vulnerability in Salvo G. Tomaselli Weborf

Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.

5.0
2010-09-24 CVE-2010-3285 HP Unspecified vulnerability in HP Openview Network Node Manager 7.51/7.53

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors.

5.0
2010-09-24 CVE-2010-3261 RSA Path Traversal vulnerability in RSA Authentication Agent FOR web

Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors.

5.0
2010-09-22 CVE-2010-3488 Houbysoft Path Traversal vulnerability in Houbysoft Quickshare 1.0

Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ...

5.0
2010-09-22 CVE-2010-3487 Yellosoft Path Traversal vulnerability in Yellosoft Pinky 1.0

Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.

5.0
2010-09-22 CVE-2010-3486 Smartertools Path Traversal vulnerability in Smartertools Smartermail 7.1.3876

Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.

5.0
2010-09-20 CVE-2010-3476 Otrs Improper Input Validation vulnerability in Otrs

Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.

5.0
2010-09-20 CVE-2010-3474 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2

IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.

5.0
2010-09-20 CVE-2010-3072 Squid Cache Denial Of Service vulnerability in Squid Proxy String Processing NULL Pointer Dereference

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

5.0
2010-09-21 CVE-2010-3067 Linux
Opensuse
Suse
Debian
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.

4.9
2010-09-24 CVE-2010-3607 Netartmedia Cross-Site Scripting vulnerability in Netartmedia Real Estate Portal 2.0

Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.

4.3
2010-09-24 CVE-2010-3605 Alex Kellner
Typo3
Cross-Site Scripting vulnerability in Alex Kellner Powermail

Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-24 CVE-2010-3602 Sourcetreesolutions Cross-Site Scripting vulnerability in Sourcetreesolutions Mojoportal 2.3.4.3/2.3.5.1

Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter.

4.3
2010-09-24 CVE-2010-3294 Pecl PHP Cross-Site Scripting vulnerability in Pecl-PHP Alternative PHP Cache

Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-24 CVE-2010-3284 HP Information Exposure vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.

4.3
2010-09-24 CVE-2010-3283 HP Improper Input Validation vulnerability in HP System Management Homepage

Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3
2010-09-24 CVE-2010-2491 Roundup Tracker Cross-Site Scripting vulnerability in Roundup-Tracker Roundup

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.

4.3
2010-09-22 CVE-2010-3489 Digitalworkroom Cross-Site Scripting vulnerability in Digitalworkroom CMS Digital Workroom 5.3.1/5.5.0

Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter.

4.3
2010-09-22 CVE-2010-3314 Egroupware Cross-Site Scripting vulnerability in Egroupware

Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2010-09-20 CVE-2010-3472 IBM Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-20 CVE-2010-3471 IBM Improper Authentication vulnerability in IBM Filenet P8 Application Engine 4.0.2

Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.

4.3
2010-09-20 CVE-2010-3470 IBM Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1/4.0.2

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-09-20 CVE-2009-5000 IBM Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 4.0.2

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages.

4.3
2010-09-20 CVE-2009-4999 IBM Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1

Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.

4.3
2010-09-20 CVE-2010-3262 Flock Cross-Site Scripting vulnerability in Flock 0.7.14

Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

4.3
2010-09-20 CVE-2010-3200 Microsoft Unspecified vulnerability in Microsoft Word 2003

MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.

4.3
2010-09-21 CVE-2010-0781 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.

4.0
2010-09-20 CVE-2010-3475 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

4.0
2010-09-20 CVE-2009-5001 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 4.0.2

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

4.0
2010-09-20 CVE-2006-7242 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

4.0
2010-09-20 CVE-2006-7241 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1

The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-21 CVE-2010-3093 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

3.5
2010-09-20 CVE-2010-2080 Otrs Cross-Site Scripting vulnerability in Otrs

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2010-09-20 CVE-2009-4998 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1/4.0.2

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

2.6
2010-09-21 CVE-2010-3477 Linux
Debian
Canonical
Resource Management Errors vulnerability in multiple products

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation.

2.1
2010-09-21 CVE-2010-3094 Drupal Cross-Site Scripting vulnerability in Drupal

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

2.1
2010-09-21 CVE-2010-3078 Linux
Opensuse
Suse
Canonical
Vmware
Information Exposure vulnerability in multiple products

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

2.1
2010-09-21 CVE-2010-2942 Linux
Canonical
Opensuse
Suse
Avaya
Vmware
Memory Leak vulnerability in multiple products

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

2.1
2010-09-20 CVE-2008-7261 IBM Credentials Management vulnerability in IBM Filenet P8 Application Engine 3.5.1

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.

2.1