Weekly Vulnerabilities Reports > November 29 to December 5, 2010
Overview
40 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 28 products from 18 vendors including Artica, Nullsoft, MIT, Awstats, and Boka. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Code Injection", "Numeric Errors", and "Cryptographic Issues".
- 40 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities have public exploit available.
- 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 33 reported vulnerabilities are exploitable by an anonymous user.
- Artica has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Nullsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-02 | CVE-2010-4279 | Artica | Improper Authentication vulnerability in Artica Pandora FMS The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. | 10.0 |
2010-12-02 | CVE-2010-4372 | Nullsoft | Numeric Errors vulnerability in Nullsoft Winamp Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586. | 9.3 |
2010-12-02 | CVE-2010-4371 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box. | 9.3 |
2010-12-02 | CVE-2010-4370 | Nullsoft | Numeric Errors vulnerability in Nullsoft Winamp Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow. | 9.3 |
2010-12-02 | CVE-2010-2586 | Nullsoft | Numeric Errors vulnerability in Nullsoft Winamp Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. | 9.3 |
2010-12-02 | CVE-2010-4278 | Artica | OS Command Injection vulnerability in Artica Pandora FMS operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | 9.0 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-02 | CVE-2010-4283 | Artica | Code Injection vulnerability in Artica Pandora FMS PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter. | 7.5 |
2010-12-02 | CVE-2010-4282 | Artica | Path Traversal vulnerability in Artica Pandora FMS Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. | 7.5 |
2010-12-02 | CVE-2010-4281 | Artica | Code Injection vulnerability in Artica Pandora FMS Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character. | 7.5 |
2010-12-02 | CVE-2010-4280 | Artica | SQL Injection vulnerability in Artica Pandora FMS Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php. | 7.5 |
2010-12-02 | CVE-2010-4368 | Awstats Microsoft | Code Injection vulnerability in Awstats awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. | 7.5 |
2010-12-02 | CVE-2010-4367 | Awstats | Code Injection vulnerability in Awstats awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. | 7.5 |
2010-12-01 | CVE-2010-4365 | Harmistechnology Joomla | SQL Injection vulnerability in Harmistechnology COM Jeajaxeventcalendar SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. | 7.5 |
2010-12-01 | CVE-2010-4362 | Micronetsoft | SQL Injection vulnerability in Micronetsoft RV Dealer Website Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp. | 7.5 |
2010-12-01 | CVE-2010-4360 | Jurpo | SQL Injection vulnerability in Jurpo Jurpopage 0.2.0 Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. | 7.5 |
2010-12-01 | CVE-2010-4359 | Jurpo | SQL Injection vulnerability in Jurpo Jurpopage 0.2.0 SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2010-12-01 | CVE-2010-4357 | Boka | SQL Injection vulnerability in Boka Siteengine 7.1 SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter. | 7.5 |
2010-12-01 | CVE-2010-4356 | Site2Nite | SQL Injection vulnerability in Site2Nite BIG Truck Broker SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter. | 7.5 |
2010-12-01 | CVE-2008-7267 | Boka | SQL Injection vulnerability in Boka Siteengine 5.0 SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
16 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-01 | CVE-2010-4363 | Mrcgiguy | SQL Injection vulnerability in Mrcgiguy Freeticket 1.0.0 Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action. | 6.8 |
2010-12-02 | CVE-2010-3267 | Ifdefined | SQL Injection vulnerability in Ifdefined Bugtracker.Net Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. | 6.5 |
2010-12-02 | CVE-2010-4369 | Awstats | Path Traversal vulnerability in Awstats Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. | 6.4 |
2010-12-02 | CVE-2010-4313 | Novo WS | Unspecified vulnerability in Novo-Ws Orbis CMS 1.0.2 Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/. | 6.0 |
2010-12-02 | CVE-2009-5020 | Awstats | Improper Input Validation vulnerability in Awstats Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2010-12-01 | CVE-2008-7269 | Boka | Improper Input Validation vulnerability in Boka Siteengine 5.0 Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. | 5.8 |
2010-12-01 | CVE-2009-5019 | Webwiz | Permissions, Privileges, and Access Controls vulnerability in Webwiz web WIZ Newspad Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. | 5.0 |
2010-12-01 | CVE-2008-7268 | Boka | Information Exposure vulnerability in Boka Siteengine 5.0 The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php. | 5.0 |
2010-11-30 | CVE-2010-4354 | Cisco | Information Exposure vulnerability in Cisco products The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. | 5.0 |
2010-12-02 | CVE-2010-4374 | Nullsoft | Resource Management Errors vulnerability in Nullsoft Winamp The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length. | 4.3 |
2010-12-02 | CVE-2010-4373 | Nullsoft | Denial-Of-Service vulnerability in Winamp The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file. | 4.3 |
2010-12-02 | CVE-2010-1324 | MIT | Cryptographic Issues vulnerability in MIT Kerberos 5 MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key. | 4.3 |
2010-12-01 | CVE-2010-4366 | ABK Soft | Cross-Site Scripting vulnerability in Abk-Soft Chameleon Social Networking Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2) thread_description parameters in a message. | 4.3 |
2010-12-01 | CVE-2010-4364 | Dadabik | Cross-Site Scripting vulnerability in Dadabik 4.3 DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting (XSS) attacks via the (1) html content and (2) rich_editor fields. | 4.3 |
2010-12-01 | CVE-2010-4361 | Jurpo | Cross-Site Scripting vulnerability in Jurpo Jurpopage 0.2.0 Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
2010-12-01 | CVE-2010-4358 | Mrcgiguy | Cross-Site Scripting vulnerability in Mrcgiguy Guestbook 1.0 Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-02 | CVE-2010-4020 | MIT | Cryptographic Issues vulnerability in MIT Kerberos 5 MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. | 3.5 |
2010-12-02 | CVE-2010-3266 | Ifdefined | Cross-Site Scripting vulnerability in Ifdefined Bugtracker.Net Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. | 3.5 |
2010-12-01 | CVE-2010-4355 | Dadabik | Cross-Site Scripting vulnerability in Dadabik Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter. | 3.5 |
2010-12-02 | CVE-2010-1323 | MIT | Cryptographic Issues vulnerability in MIT Kerberos and Kerberos 5 MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. | 2.6 |
2010-12-02 | CVE-2010-4021 | MIT | Permissions, Privileges, and Access Controls vulnerability in MIT Kerberos 5 1.7 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." | 2.1 |