Weekly Vulnerabilities Reports > November 1 to 7, 2010
Overview
84 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 61 vendors including Google, Apple, Microsoft, Adobe, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Use After Free".
- 78 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities have public exploit available.
- 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 83 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 23 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 18 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-11-02 | CVE-2010-4142 | Realflex | Buffer Errors vulnerability in Realflex Realwin 1.06/2.0 Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. | 10.0 |
| 2010-11-06 | CVE-2010-4203 | Google Webmproject Redhat | Integer Overflow or Wraparound vulnerability in multiple products WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | 9.8 |
| 2010-11-05 | CVE-2010-2941 | Apple Fedoraproject Canonical Debian Opensuse Suse Redhat | Use After Free vulnerability in multiple products ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | 9.8 |
| 2010-11-07 | CVE-2010-4091 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. | 9.3 |
| 2010-11-07 | CVE-2010-3652 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. | 9.3 |
| 2010-11-07 | CVE-2010-3650 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3649 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3648 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3647 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3646 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3645 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3644 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3643 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3642 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3641 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3640 | Adobe Apple Linux Microsoft SUN | Remote Memory Corruption vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 9.3 |
| 2010-11-07 | CVE-2010-3639 | Adobe Apple Linux Microsoft SUN | Remote Denial of Service vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | 9.3 |
| 2010-11-07 | CVE-2010-3637 | Adobe Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. | 9.3 |
| 2010-11-07 | CVE-2010-3636 | Adobe Apple Linux Microsoft SUN | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. | 9.3 |
| 2010-11-06 | CVE-2010-3916 | Justsystems | Remote Code Execution vulnerability in Justsystems Ichitaro 2007/2008/2009 Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915. | 9.3 |
| 2010-11-06 | CVE-2010-3915 | Justsystems | Remote Code Execution vulnerability in Justsystems Ichitaro 2007/2008/2009 Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916. | 9.3 |
| 2010-11-06 | CVE-2010-1523 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream. | 9.3 |
| 2010-11-05 | CVE-2010-4092 | Adobe | Resource Management Errors vulnerability in Adobe Shockwave Player Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. | 9.3 |
| 2010-11-05 | CVE-2010-3962 | Microsoft | Use After Free vulnerability in Microsoft Internet Explorer 6/7/8 Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. | 9.3 |
| 2010-11-04 | CVE-2010-4182 | Microsoft | Unspecified vulnerability in Microsoft products Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. | 9.3 |
| 2010-11-03 | CVE-2010-4154 | Rhinosoft | Path Traversal vulnerability in Rhinosoft FTP Voyager Directory traversal vulnerability in Rhino Software, Inc. | 9.3 |
| 2010-11-03 | CVE-2010-4153 | Crossftp | Path Traversal vulnerability in Crossftp PRO Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
| 2010-11-03 | CVE-2010-3914 | VIM | DLL Loading Arbitrary Code Execution vulnerability in GVim Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. | 9.3 |
| 2010-11-03 | CVE-2010-2583 | Sonicwall | Buffer Errors vulnerability in Sonicwall Ssl-Vpn End-Point Interrogator/Installer Activex Control 10.0.5 Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. | 9.3 |
| 2010-11-02 | CVE-2010-4149 | Freshwebmaster | Path Traversal vulnerability in Freshwebmaster Fresh FTP 5.36 Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
| 2010-11-02 | CVE-2010-4148 | Anyconnect | Path Traversal vulnerability in Anyconnect Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 9.3 |
15 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-11-02 | CVE-2010-4031 | HP | Remote Privilege Escalation vulnerability in HP Insight Control Performance Management Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | 8.0 |
| 2010-11-06 | CVE-2010-4205 | Unspecified vulnerability in Google Chrome Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 | |
| 2010-11-06 | CVE-2010-4204 | Google Webkitgtk Fedoraproject | Denial of Service vulnerability in Google Chrome WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 |
| 2010-11-06 | CVE-2010-4202 | Google Linux | Integer Overflow OR Wraparound vulnerability in Google Chrome Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. | 7.5 |
| 2010-11-06 | CVE-2010-4201 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections. | 7.5 | |
| 2010-11-06 | CVE-2010-4197 | Google Webkitgtk Fedoraproject | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. | 7.5 |
| 2010-11-06 | CVE-2009-5015 | Turbogears | Unspecified vulnerability in Turbogears Turbogears2 The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. | 7.5 |
| 2010-11-06 | CVE-2009-5014 | Turbogears | Cryptographic Issues vulnerability in Turbogears Turbogears2 The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. | 7.5 |
| 2010-11-05 | CVE-2010-4186 | Onlinetechtools COM | SQL Injection vulnerability in Onlinetechtools.Com Oasys Professional 2.10 SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
| 2010-11-05 | CVE-2010-4185 | Energine | SQL Injection vulnerability in Energine 2.1/2.2 SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie. | 7.5 |
| 2010-11-05 | CVE-2010-3702 | Apple Freedesktop Xpdfreader Fedoraproject Opensuse Suse Debian Redhat Canonical | Null Pointer Dereference vulnerability in multiple products The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | 7.5 |
| 2010-11-03 | CVE-2010-4152 | 4Site | SQL Injection vulnerability in 4Site CMS 2.0/2.2 SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2010-11-03 | CVE-2010-4006 | WSN Wsnlinks | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. | 7.5 |
| 2010-11-02 | CVE-2010-4147 | Avactis | SQL Injection vulnerability in Avactis Shopping Cart Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php. | 7.5 |
| 2010-11-02 | CVE-2010-4144 | Aspindir | SQL Injection vulnerability in Aspindir Kisisel Radyo Script SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. | 7.5 |
37 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-11-06 | CVE-2010-4005 | Gnome | Code Injection vulnerability in Gnome Tomboy The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2010-11-06 | CVE-2010-4000 | Gnome | Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell 2.31.5 gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2010-11-06 | CVE-2010-3998 | Banshee Project | Local Privilege Escalation vulnerability in Banshee 'LD_LIBRARY_PATH' The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2010-11-05 | CVE-2010-3999 | Gnucash | Local Privilege Escalation vulnerability in GNUCash 'LD_LIBRARY_PATH' gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2010-11-05 | CVE-2010-3996 | Cstr | Unspecified vulnerability in Cstr Festival festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2010-11-06 | CVE-2010-4206 | Google Webkitgtk Fedoraproject | Out-Of-Bounds Write vulnerability in Google Chrome Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters. | 6.8 |
| 2010-11-06 | CVE-2010-4199 | Google Debian | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. | 6.8 |
| 2010-11-06 | CVE-2010-4198 | Google Webkitgtk Fedoraproject | Improper Input Validation vulnerability in Google Chrome WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. | 6.8 |
| 2010-11-05 | CVE-2010-3704 | Poppler Foolabs Glyphandcog KDE | Improper Input Validation vulnerability in multiple products The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | 6.8 |
| 2010-11-02 | CVE-2010-4143 | Phpcheckz | SQL Injection vulnerability in PHPcheckz 1.1.0 SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2010-11-02 | CVE-2010-4106 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control FOR Linux Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2010-11-02 | CVE-2010-4032 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control Performance Management Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2010-11-02 | CVE-2010-4105 | HP | Multiple Unspecified vulnerability in HP Insight Orchestration 6.0 Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors. | 6.4 |
| 2010-11-05 | CVE-2010-4184 | Netsupportsoftware | Cryptographic Issues vulnerability in Netsupportsoftware Netsupport Manager NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | 5.0 |
| 2010-11-05 | CVE-2010-3863 | Apache Jsecurity | Path Traversal vulnerability in multiple products Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. | 5.0 |
| 2010-11-05 | CVE-2010-3764 | Mozilla | Information Exposure vulnerability in Mozilla Bugzilla The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. | 5.0 |
| 2010-11-04 | CVE-2010-4181 | Yaws | Path Traversal vulnerability in Yaws 1.89 Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences. | 5.0 |
| 2010-11-02 | CVE-2010-4145 | Aspindir | Permissions, Privileges, and Access Controls vulnerability in Aspindir Kisisel Radyo Script Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | 5.0 |
| 2010-11-02 | CVE-2010-4104 | HP | Multiple Unspecified vulnerability in HP Insight Orchestration 6.0 Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2010-11-02 | CVE-2010-4103 | HP | Unspecified vulnerability in HP Insight Managed System Setup Wizard 6.0/6.0.1 Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2010-11-02 | CVE-2010-4102 | HP | Unspecified vulnerability in HP Insight Recovery 1.0/6.0 Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2010-11-02 | CVE-2010-4100 | HP | Arbitrary File Download vulnerability in HP Insight Control Performance Management Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2010-11-04 | CVE-2010-3851 | Libguestfs Matthew Booth Richard Jones | Information Exposure vulnerability in Libguestfs libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier. | 4.7 |
| 2010-11-07 | CVE-2010-4209 | Yahoo Mozilla | Cross-Site Scripting vulnerability in Yahoo YUI 2.8.0/2.8.1 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. | 4.3 |
| 2010-11-07 | CVE-2010-4208 | Yahoo Moodle Mozilla | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | 4.3 |
| 2010-11-07 | CVE-2010-4207 | Yahoo Moodle Mozilla | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | 4.3 |
| 2010-11-07 | CVE-2010-3638 | Adobe Apple | Information Disclosure vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. | 4.3 |
| 2010-11-06 | CVE-2010-2477 | Pythonpaste | Cross-Site Scripting vulnerability in Pythonpaste Paste Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. | 4.3 |
| 2010-11-05 | CVE-2010-3703 | Poppler | Improper Input Validation vulnerability in Poppler The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference. | 4.3 |
| 2010-11-05 | CVE-2010-4183 | Htmlpurifier | Cross-Site Scripting vulnerability in Htmlpurifier Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479. | 4.3 |
| 2010-11-05 | CVE-2010-3913 | Transware | Code Injection vulnerability in Transware Active! Mail CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 4.3 |
| 2010-11-04 | CVE-2010-3611 | ISC | Denial of Service vulnerability in ISC DHCP Server Relay-Forward Empty Link-Address Field ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. | 4.3 |
| 2010-11-03 | CVE-2010-4155 | Exv2 | Cross-Site Scripting vulnerability in Exv2 2.10 Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. | 4.3 |
| 2010-11-03 | CVE-2010-3977 | Deliciousdays Wordpress | Cross-Site Scripting vulnerability in Deliciousdays Cforms 11.5 Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. | 4.3 |
| 2010-11-02 | CVE-2010-4146 | Attachmate | Cross-Site Scripting vulnerability in Attachmate Reflection FOR the web Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-11-02 | CVE-2010-4101 | HP | Cross-Site Scripting vulnerability in HP Insight Recovery 1.0/6.0 Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-11-02 | CVE-2010-4030 | HP | Cross-Site Scripting vulnerability in HP Insight Control Performance Management Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-11-05 | CVE-2010-3172 | Mozilla | Code Injection vulnerability in Mozilla Bugzilla CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. | 2.6 |