Weekly Vulnerabilities Reports > October 25 to 31, 2010

Overview

66 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 34 vendors including HP, Adobe, IBM, Typo3, and Ponsoftware. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Path Traversal".

  • 55 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 61 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-29 CVE-2010-3036 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

10.0
2010-10-26 CVE-2010-3491 Tibco Improper Input Validation vulnerability in Tibco products

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

10.0
2010-10-26 CVE-2010-2585 Realpage Buffer Errors vulnerability in Realpage Module Activex Control 1.0.0.9

Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value.

10.0
2010-10-25 CVE-2010-4070 IBM Numeric Errors vulnerability in IBM Informix Dynamic Server

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.

10.0
2010-10-29 CVE-2010-4090 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

9.3
2010-10-29 CVE-2010-4089 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.

9.3
2010-10-29 CVE-2010-4088 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.

9.3
2010-10-29 CVE-2010-4087 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.

9.3
2010-10-29 CVE-2010-4086 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.

9.3
2010-10-29 CVE-2010-4085 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088.

9.3
2010-10-29 CVE-2010-4084 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.

9.3
2010-10-29 CVE-2010-3655 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.

9.3
2010-10-29 CVE-2010-3654 Adobe
Macromedia
Apple
Linux
Microsoft
Oracle
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.

9.3
2010-10-29 CVE-2010-2582 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.

9.3
2010-10-29 CVE-2010-2581 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.

9.3
2010-10-28 CVE-2010-4025 HP Unspecified vulnerability in HP Palm Webos 1.4.1

Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document.

9.3
2010-10-28 CVE-2010-3765 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

9.3
2010-10-26 CVE-2010-4095 Robo FTP Path Traversal vulnerability in Robo-Ftp 3.7.3/3.7.4

Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a ..

9.3
2010-10-26 CVE-2010-3653 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010.

9.3
2010-10-28 CVE-2010-3992 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

9.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-25 CVE-2010-4069 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server

Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023.

8.5
2010-10-28 CVE-2010-4029 HP Unspecified vulnerability in HP Storage Essentials

Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

7.5
2010-10-28 CVE-2010-4028 HP Unspecified vulnerability in HP Loadrunner and Loadrunner web Tours

Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors.

7.5
2010-10-28 CVE-2010-0112 Symantec SQL Injection vulnerability in Symantec IM Manager

Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp.

7.5
2010-10-28 CVE-2010-2891 TU Braunschweig Buffer Errors vulnerability in Tu-Braunschweig Libsmi 0.4.8

Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by .

7.5
2010-10-25 CVE-2010-3714 Typo3 Permissions, Privileges, and Access Controls vulnerability in Typo3

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

7.1

40 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-25 CVE-2010-3165 Yokkasoft Unspecified vulnerability in Yokkasoft products

Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier, UnEditor 1.10.1.2 and earlier, DeuxEditor 1.7.1.2 and earlier, SQLEditorXP 3.14.1.2 and earlier, SQLEditorTE 1.9.1.3 and earlier, SQLEditor8 3.8.1.2 and earlier, and SQLEditorClassic 1.8.1.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9
2010-10-25 CVE-2010-3164 Fenrir Unspecified vulnerability in Fenrir Grani and Sleipnir

Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9
2010-10-25 CVE-2010-3163 Fenrir Unspecified vulnerability in Fenrir Grani and Sleipnir

Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 and Grani before 4.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9
2010-10-25 CVE-2010-3162 Masahiko Watanabe Unspecified vulnerability in Masahiko Watanabe Apsaly

Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9
2010-10-25 CVE-2010-3161 Susumu Terao Unspecified vulnerability in Susumu Terao Terapad

Untrusted search path vulnerability in TeraPad before 1.00 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9
2010-10-25 CVE-2010-3160 Ponsoftware Unspecified vulnerability in Ponsoftware Archive Decoder

Untrusted search path vulnerability in Archive Decoder 1.23 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9
2010-10-25 CVE-2010-3159 Ponsoftware Untrusted Search Path vulnerability in Ponsoftware Explzh

Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9
2010-10-25 CVE-2010-3156 K2Top Unspecified vulnerability in K2Top K2Editor 1.5.8

Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9
2010-10-28 CVE-2010-4024 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control Power Management

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2010-10-28 CVE-2010-3989 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2010-10-27 CVE-2010-4099 Nitrosecurity Improper Input Validation vulnerability in Nitrosecurity Nitroview ESM Software 8.4.0A

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

6.8
2010-10-28 CVE-2010-3993 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors.

6.4
2010-10-28 CVE-2010-3933 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails 2.3.9/3.0.0

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

6.4
2010-10-28 CVE-2010-4026 HP Unspecified vulnerability in HP Palm Webos 1.4.1

Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls.

6.2
2010-10-25 CVE-2010-3716 Typo3 Improper Input Validation vulnerability in Typo3

The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.

6.0
2010-10-28 CVE-2010-3842 Curl Path Traversal vulnerability in Curl 7.20.0/7.20.1/7.21.1

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.

5.8
2010-10-28 CVE-2010-4027 HP Unspecified vulnerability in HP Palm Webos 1.4.1

Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors.

5.6
2010-10-29 CVE-2010-3700 Acegisecurity
Vmware
IBM
Permissions, Privileges, and Access Controls vulnerability in multiple products

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

5.0
2010-10-28 CVE-2010-3990 HP Unspecified vulnerability in HP Virtual Server Environment

Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2010-10-28 CVE-2010-3988 HP Unspecified vulnerability in HP Insight Control Virtual Machine Management

Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.

5.0
2010-10-27 CVE-2010-4098 Monotone Denial Of Service vulnerability in monotone

monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command.

5.0
2010-10-26 CVE-2010-2584 Realpage Permissions, Privileges, and Access Controls vulnerability in Realpage Module Activex Controls 1.0.0.9

The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property.

5.0
2010-10-26 CVE-2010-4094 IBM Credentials Management vulnerability in IBM products

The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role.

5.0
2010-10-26 CVE-2010-3986 HP Unspecified vulnerability in HP Virtual Connect Enterprise Manager 6.0/6.1

Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2010-10-25 CVE-2010-3717 Typo3 Permissions, Privileges, and Access Controls vulnerability in Typo3

The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.

5.0
2010-10-25 CVE-2010-4068 Typo3 Improper Input Validation vulnerability in Typo3

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714.

4.9
2010-10-27 CVE-2010-4096 Monkeysphere Project Code Injection vulnerability in Monkeysphere Project Monkeysphere 0.31/0.32

share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local users to execute arbitrary code via unknown manipulations related to the "monkeysphere-authentication keys-for-user" command.

4.6
2010-10-28 CVE-2010-4120 IBM Cross-Site Scripting vulnerability in IBM Tivoli Access Manager FOR E-Business 6.1.0/6.1.1

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.

4.3
2010-10-28 CVE-2010-4023 HP Cross-Site Scripting vulnerability in HP Insight Control Power Management

Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-10-28 CVE-2010-3994 HP Cross-Site Scripting vulnerability in HP and Version Control Repository Manager

Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-10-28 CVE-2010-3991 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-10-28 CVE-2010-3987 HP Cross-Site Scripting vulnerability in HP Insight Control Virtual Machine Management

Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-10-28 CVE-2010-3713 Usebb Permissions, Privileges, and Access Controls vulnerability in Usebb

rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed.

4.3
2010-10-27 CVE-2010-4097 Avatic Cross-Site Scripting vulnerability in Avatic Aardvark Topsites PHP 5.2.0/5.2.1

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters.

4.3
2010-10-26 CVE-2010-3985 HP Cross-Site Scripting vulnerability in HP Operations Orchestration 7.1/7.2/7.5

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-10-26 CVE-2010-2886 Adobe Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server

Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-10-26 CVE-2010-2885 Adobe Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word.

4.3
2010-10-25 CVE-2010-3715 Typo3 Cross-Site Scripting vulnerability in Typo3

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

4.3
2010-10-25 CVE-2010-3710 PHP Resource Management Errors vulnerability in PHP

Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.

4.3
2010-10-28 CVE-2010-3711 Pidgin Improper Input Validation vulnerability in Pidgin

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

4.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS