Weekly Vulnerabilities Reports > November 8 to 14, 2010
Overview
53 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 28 products from 17 vendors including IBM, Microsoft, Google, Adobe, and PHP. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Resource Management Errors", and "Improper Input Validation".
- 46 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 48 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 23 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-10 | CVE-2010-3635 | Adobe | Code Injection vulnerability in Adobe Flash Media Server Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability." | 10.0 |
2010-11-09 | CVE-2010-4221 | Proftpd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd 1.3.2/1.3.3 Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. | 10.0 |
2010-11-09 | CVE-2010-4218 | IBM | Security vulnerability in IBM Enovia 6 Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet." | 10.0 |
2010-11-09 | CVE-2010-3040 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Intelligent Contact Manager Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. | 10.0 |
2010-11-12 | CVE-2010-3894 | IBM | Buffer Errors vulnerability in IBM Omnifind 6.1/8.0/8.4 Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password. | 9.3 |
2010-11-10 | CVE-2010-3337 | Microsoft | Unspecified vulnerability in Microsoft Office 2007/2010 Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. | 9.3 |
2010-11-10 | CVE-2010-3336 | Microsoft | Buffer Errors vulnerability in Microsoft Office and Open XML File Format Converter Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." | 9.3 |
2010-11-10 | CVE-2010-3335 | Microsoft | Buffer Errors vulnerability in Microsoft Office and Open XML File Format Converter Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." | 9.3 |
2010-11-10 | CVE-2010-3334 | Microsoft | Buffer Errors vulnerability in Microsoft Office and Open XML File Format Converter Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." | 9.3 |
2010-11-10 | CVE-2010-2573 | Microsoft | Numeric Errors vulnerability in Microsoft Office, Powerpoint and Powerpoint Viewer Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." | 9.3 |
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-10 | CVE-2010-3333 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Office and Open XML File Format Converter Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." | 7.8 |
2010-11-10 | CVE-2010-2572 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Powerpoint 2002/2003 Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." | 7.8 |
2010-11-12 | CVE-2010-3896 | IBM | Improper Authentication vulnerability in IBM Omnifind The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | 7.5 |
2010-11-12 | CVE-2010-3893 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Omnifind The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. | 7.5 |
2010-11-12 | CVE-2010-3895 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Omnifind 8.0/8.4/8.5 esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. | 7.2 |
2010-11-09 | CVE-2010-3867 | Proftpd | Path Traversal vulnerability in Proftpd Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. | 7.1 |
35 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-12 | CVE-2010-4236 | IBM | Multiple vulnerability in RETIRED: IBM OmniFind Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. | 6.9 |
2010-11-12 | CVE-2010-3892 | IBM | Multiple vulnerability in RETIRED: IBM OmniFind Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. | 6.8 |
2010-11-12 | CVE-2009-5016 | PHP | Numeric Errors vulnerability in PHP Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. | 6.8 |
2010-11-12 | CVE-2010-3891 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Omnifind 8.0/8.4/8.5 Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. | 6.8 |
2010-11-09 | CVE-2010-3694 | Horde | Cross-Site Request Forgery (CSRF) vulnerability in Horde Application Framework Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. | 6.8 |
2010-11-09 | CVE-2010-3039 | Cisco | OS Command Injection vulnerability in Cisco Unified Communications Manager /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. | 6.8 |
2010-11-09 | CVE-2010-2635 | IBM | SQL Injection vulnerability in IBM Websphere Commerce SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | 6.5 |
2010-11-09 | CVE-2010-0785 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
2010-11-10 | CVE-2010-2732 | Microsoft | Improper Input Validation vulnerability in Microsoft Forefront Unified Access Gateway 2010 Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." | 5.8 |
2010-11-12 | CVE-2010-3899 | IBM | Resource Management Errors vulnerability in IBM Omnifind 8.0/9.0 IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. | 5.0 |
2010-11-12 | CVE-2010-3898 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Omnifind IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. | 5.0 |
2010-11-12 | CVE-2010-3897 | IBM | Credentials Management vulnerability in IBM Omnifind ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. | 5.0 |
2010-11-10 | CVE-2010-4156 | PHP Scottmac | Improper Input Validation vulnerability in Scottmac Libmbfl 1.1.0 The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). | 5.0 |
2010-11-10 | CVE-2010-3634 | Adobe | Remote Denial of Service vulnerability in Adobe Flash Media Server Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors. | 5.0 |
2010-11-10 | CVE-2010-3633 | Adobe | Resource Management Errors vulnerability in Adobe Flash Media Server Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | 5.0 |
2010-11-09 | CVE-2010-4217 | IBM | Resource Management Errors vulnerability in IBM Tivoli Directory Server Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. | 5.0 |
2010-11-09 | CVE-2010-4216 | IBM | Buffer Errors vulnerability in IBM Tivoli Directory Server 6.0/6.0.0.7/6.0.0.8 IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address. | 5.0 |
2010-11-09 | CVE-2010-0786 | IBM | Improper Input Validation vulnerability in IBM Websphere Application Server The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. | 5.0 |
2010-11-09 | CVE-2010-3436 | PHP Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. | 5.0 |
2010-11-12 | CVE-2009-5017 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox 1.5/3.0/3.6 Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. | 4.3 |
2010-11-12 | CVE-2010-3890 | IBM | Cross-Site Scripting vulnerability in IBM Omnifind 8.0/8.4/8.5 Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. | 4.3 |
2010-11-12 | CVE-2010-2637 | IBM | Cryptographic Issues vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | 4.3 |
2010-11-10 | CVE-2010-3936 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Forefront Unified Access Gateway 2010 Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." | 4.3 |
2010-11-10 | CVE-2010-2734 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Forefront Unified Access Gateway 2010 Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." | 4.3 |
2010-11-10 | CVE-2010-2733 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Forefront Unified Access Gateway 2010 Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." | 4.3 |
2010-11-09 | CVE-2010-4220 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | 4.3 |
2010-11-09 | CVE-2010-4219 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.1 Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-11-09 | CVE-2010-3871 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-11-09 | CVE-2010-3077 | Horde | Cross-Site Scripting vulnerability in Horde Application Framework Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. | 4.3 |
2010-11-09 | CVE-2010-2636 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Commerce 7.0 Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2010-11-09 | CVE-2010-0784 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-11-09 | CVE-2010-0783 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-11-09 | CVE-2010-4214 | Wellsfargo | Cryptographic Issues vulnerability in Wellsfargo Wells Fargo Mobile 1.1 The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | 4.3 |
2010-11-09 | CVE-2010-4213 | Bankofamerica | Cryptographic Issues vulnerability in Bankofamerica Bank of America 2.12 The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | 4.3 |
2010-11-09 | CVE-2008-7265 | Proftpd | Resource Management Errors vulnerability in Proftpd The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-09 | CVE-2010-4211 | Ebay Apple | Improper Authentication vulnerability in Ebay Paypal The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | 2.9 |
2010-11-09 | CVE-2010-4212 | Usaa | Permissions, Privileges, and Access Controls vulnerability in Usaa 3.0 The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. | 1.9 |