Weekly Vulnerabilities Reports > November 1 to 7, 2010

Overview

88 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 64 vendors including Google, Adobe, Apple, Microsoft, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Permissions, Privileges, and Access Controls".

  • 79 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 23 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 18 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-06 CVE-2010-4203 Google
Webmproject
Redhat
Integer Overflow OR Wraparound vulnerability in Google Chrome

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

10.0
2010-11-02 CVE-2010-4142 Realflex Buffer Errors vulnerability in Realflex Realwin 1.06/2.0

Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet.

10.0
2010-11-07 CVE-2010-4091 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function.

9.3
2010-11-07 CVE-2010-3652 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650.

9.3
2010-11-07 CVE-2010-3650 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3649 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3648 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3647 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3646 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3645 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3644 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3643 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3642 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3641 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3640 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

9.3
2010-11-07 CVE-2010-3639 Adobe
Apple
Linux
Microsoft
SUN
Google
Remote Denial of Service vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.

9.3
2010-11-07 CVE-2010-3637 Adobe
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.

9.3
2010-11-07 CVE-2010-3636 Adobe
Apple
Linux
Microsoft
SUN
Google
Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

9.3
2010-11-06 CVE-2010-3916 Justsystems Remote Code Execution vulnerability in Justsystems Ichitaro 2007/2008/2009

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.

9.3
2010-11-06 CVE-2010-3915 Justsystems Remote Code Execution vulnerability in Justsystems Ichitaro 2007/2008/2009

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916.

9.3
2010-11-06 CVE-2010-1523 Nullsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp

Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.

9.3
2010-11-05 CVE-2010-4092 Adobe Resource Management Errors vulnerability in Adobe Shockwave Player

Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library.

9.3
2010-11-05 CVE-2010-3962 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7/8

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

9.3
2010-11-04 CVE-2010-4182 Microsoft Unspecified vulnerability in Microsoft products

Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll.

9.3
2010-11-03 CVE-2010-4154 Rhinosoft Path Traversal vulnerability in Rhinosoft FTP Voyager

Directory traversal vulnerability in Rhino Software, Inc.

9.3
2010-11-03 CVE-2010-4153 Crossftp Path Traversal vulnerability in Crossftp PRO

Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

9.3
2010-11-03 CVE-2010-3914 VIM DLL Loading Arbitrary Code Execution vulnerability in GVim

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file.

9.3
2010-11-03 CVE-2010-2583 Sonicwall Buffer Errors vulnerability in Sonicwall Ssl-Vpn End-Point Interrogator/Installer Activex Control 10.0.5

Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.

9.3
2010-11-02 CVE-2010-4149 Freshwebmaster Path Traversal vulnerability in Freshwebmaster Fresh FTP 5.36

Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

9.3
2010-11-02 CVE-2010-4148 Anyconnect Path Traversal vulnerability in Anyconnect

Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

9.3

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-02 CVE-2010-4031 HP Remote Privilege Escalation vulnerability in HP Insight Control Performance Management

Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

8.0
2010-11-05 CVE-2010-2941 Apple Resource Management Errors vulnerability in Apple Cups

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

7.9
2010-11-06 CVE-2010-4205 Google Unspecified vulnerability in Google Chrome

Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2010-11-06 CVE-2010-4204 Google
Webkitgtk
Fedoraproject
Denial of Service vulnerability in Google Chrome

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2010-11-06 CVE-2010-4202 Google
Linux
Integer Overflow OR Wraparound vulnerability in Google Chrome

Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.

7.5
2010-11-06 CVE-2010-4201 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.

7.5
2010-11-06 CVE-2010-4197 Google
Webkitgtk
Fedoraproject
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.

7.5
2010-11-06 CVE-2009-5015 Turbogears Unspecified vulnerability in Turbogears Turbogears2

The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.

7.5
2010-11-06 CVE-2009-5014 Turbogears Cryptographic Issues vulnerability in Turbogears Turbogears2

The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.

7.5
2010-11-05 CVE-2010-4186 Onlinetechtools COM SQL Injection vulnerability in Onlinetechtools.Com Oasys Professional 2.10

SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2010-11-05 CVE-2010-4185 Energine SQL Injection vulnerability in Energine 2.1/2.2

SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.

7.5
2010-11-05 CVE-2010-3702 Apple
Freedesktop
Xpdfreader
Fedoraproject
Opensuse
Suse
Debian
Redhat
Canonical
Null Pointer Dereference vulnerability in multiple products

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

7.5
2010-11-03 CVE-2010-4152 4Site SQL Injection vulnerability in 4Site CMS 2.0/2.2

SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2010-11-03 CVE-2010-4006 WSN
Wsnlinks
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.

7.5
2010-11-02 CVE-2010-4147 Avactis SQL Injection vulnerability in Avactis Shopping Cart

Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.

7.5
2010-11-02 CVE-2010-4144 Aspindir SQL Injection vulnerability in Aspindir Kisisel Radyo Script

SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter.

7.5

41 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-06 CVE-2010-4005 Gnome Code Injection vulnerability in Gnome Tomboy

The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2010-11-06 CVE-2010-4000 Gnome Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell 2.31.5

gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2010-11-06 CVE-2010-3998 Banshee Project Local Privilege Escalation vulnerability in Banshee 'LD_LIBRARY_PATH'

The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2010-11-05 CVE-2010-3999 Gnucash Local Privilege Escalation vulnerability in GNUCash 'LD_LIBRARY_PATH'

gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2010-11-05 CVE-2010-3996 Cstr Unspecified vulnerability in Cstr Festival

festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2010-11-05 CVE-2010-3846 Nongnu Buffer Errors vulnerability in Nongnu CVS 1.11.23

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.

6.9
2010-11-06 CVE-2010-4206 Google
Webkitgtk
Fedoraproject
Out-Of-Bounds Write vulnerability in Google Chrome

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.

6.8
2010-11-06 CVE-2010-4199 Google
Debian
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

6.8
2010-11-06 CVE-2010-4198 Google
Webkitgtk
Fedoraproject
Improper Input Validation vulnerability in Google Chrome

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

6.8
2010-11-05 CVE-2010-3704 Poppler
Foolabs
Glyphandcog
KDE
Improper Input Validation vulnerability in multiple products

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

6.8
2010-11-03 CVE-2010-4151 Deluxebb SQL Injection vulnerability in Deluxebb

SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.

6.8
2010-11-02 CVE-2010-4143 Phpcheckz SQL Injection vulnerability in PHPcheckz 1.1.0

SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2010-11-02 CVE-2010-4106 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control FOR Linux

Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2010-11-02 CVE-2010-4032 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control Performance Management

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2010-11-06 CVE-2010-3852 Redhat Improper Authentication vulnerability in Redhat Luci

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie.

6.4
2010-11-02 CVE-2010-4105 HP Multiple Unspecified vulnerability in HP Insight Orchestration 6.0

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.

6.4
2010-11-05 CVE-2010-4184 Netsupportsoftware Cryptographic Issues vulnerability in Netsupportsoftware Netsupport Manager

NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network.

5.0
2010-11-05 CVE-2010-3863 Apache
Jsecurity
Path Traversal vulnerability in multiple products

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

5.0
2010-11-05 CVE-2010-3764 Mozilla Information Exposure vulnerability in Mozilla Bugzilla

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.

5.0
2010-11-04 CVE-2010-4181 Yaws Path Traversal vulnerability in Yaws 1.89

Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.

5.0
2010-11-02 CVE-2010-4145 Aspindir Permissions, Privileges, and Access Controls vulnerability in Aspindir Kisisel Radyo Script

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.

5.0
2010-11-02 CVE-2010-4104 HP Multiple Unspecified vulnerability in HP Insight Orchestration 6.0

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2010-11-02 CVE-2010-4103 HP Unspecified vulnerability in HP Insight Managed System Setup Wizard 6.0/6.0.1

Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2010-11-02 CVE-2010-4102 HP Unspecified vulnerability in HP Insight Recovery 1.0/6.0

Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2010-11-02 CVE-2010-4100 HP Arbitrary File Download vulnerability in HP Insight Control Performance Management

Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2010-11-04 CVE-2010-3851 Libguestfs
Matthew Booth
Richard Jones
Information Exposure vulnerability in Libguestfs

libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.

4.7
2010-11-06 CVE-2010-4001 Gromacs
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in Gromacs

** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

4.6
2010-11-07 CVE-2010-4209 Yahoo
Mozilla
Cross-Site Scripting vulnerability in Yahoo YUI 2.8.0/2.8.1

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.

4.3
2010-11-07 CVE-2010-4208 Yahoo
Moodle
Mozilla
Cross-Site Scripting vulnerability in Yahoo YUI

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.

4.3
2010-11-07 CVE-2010-4207 Yahoo
Moodle
Mozilla
Cross-Site Scripting vulnerability in Yahoo YUI

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.

4.3
2010-11-07 CVE-2010-3638 Adobe
Apple
Information Disclosure vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.

4.3
2010-11-06 CVE-2010-2477 Pythonpaste Cross-Site Scripting vulnerability in Pythonpaste Paste

Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.

4.3
2010-11-05 CVE-2010-3703 Poppler Improper Input Validation vulnerability in Poppler

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

4.3
2010-11-05 CVE-2010-4183 Htmlpurifier Cross-Site Scripting vulnerability in Htmlpurifier

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

4.3
2010-11-05 CVE-2010-3913 Transware Code Injection vulnerability in Transware Active! Mail

CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3
2010-11-04 CVE-2010-3611 ISC Denial of Service vulnerability in ISC DHCP Server Relay-Forward Empty Link-Address Field

ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.

4.3
2010-11-03 CVE-2010-4155 Exv2 Cross-Site Scripting vulnerability in Exv2 2.10

Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965.

4.3
2010-11-03 CVE-2010-3977 Deliciousdays
Wordpress
Cross-Site Scripting vulnerability in Deliciousdays Cforms 11.5

Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.

4.3
2010-11-02 CVE-2010-4146 Attachmate Cross-Site Scripting vulnerability in Attachmate Reflection FOR the web

Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-11-02 CVE-2010-4101 HP Cross-Site Scripting vulnerability in HP Insight Recovery 1.0/6.0

Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-11-02 CVE-2010-4030 HP Cross-Site Scripting vulnerability in HP Insight Control Performance Management

Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-05 CVE-2010-3172 Mozilla Code Injection vulnerability in Mozilla Bugzilla

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.

2.6