Weekly Vulnerabilities Reports > December 6 to 12, 2010
Overview
91 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 52 vendors including Mozilla, Google, Apple, Microsoft, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Numeric Errors".
- 81 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities have public exploit available.
- 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 84 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-09 | CVE-2010-4511 | Sixapart | Unspecified vulnerability in Movable Type (CVE-2010-4511) Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message." | 10.0 |
2010-12-09 | CVE-2010-4509 | Sixapart | Security vulnerability in Movable Type Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags. | 10.0 |
2010-12-09 | CVE-2010-4508 | Mozilla | Unspecified vulnerability in Mozilla Firefox 4.0 The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification. | 10.0 |
2010-12-10 | CVE-2010-3778 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-12-10 | CVE-2010-3777 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox and Thunderbird Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-12-10 | CVE-2010-3776 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-12-10 | CVE-2010-3775 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. | 9.3 |
2010-12-10 | CVE-2010-3772 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. | 9.3 |
2010-12-10 | CVE-2010-3769 | Mozilla Microsoft | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. | 9.3 |
2010-12-10 | CVE-2010-3768 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. | 9.3 |
2010-12-10 | CVE-2010-3767 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox and Seamonkey Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. | 9.3 |
2010-12-10 | CVE-2010-3766 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. | 9.3 |
2010-12-09 | CVE-2010-4009 | Apple | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 9.3 |
2010-12-09 | CVE-2010-3802 | Apple | Numeric Errors vulnerability in Apple Quicktime Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. | 9.3 |
2010-12-09 | CVE-2010-3801 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file. | 9.3 |
2010-12-09 | CVE-2010-3800 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. | 9.3 |
2010-12-09 | CVE-2010-1508 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. | 9.3 |
2010-12-07 | CVE-2010-4490 | Unspecified vulnerability in Google Chrome Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error. | 9.3 | |
2010-12-07 | CVE-2010-4486 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling. | 9.3 | |
2010-12-06 | CVE-2010-4294 | Vmware Microsoft | Code Injection vulnerability in VMWare products The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. | 9.3 |
14 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-06 | CVE-2010-3904 | Linux Suse Opensuse Canonical Redhat Vmware | Improper Validation of Specified Quantity in Input vulnerability in multiple products The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. | 7.8 |
2010-12-06 | CVE-2010-4398 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." | 7.8 |
2010-12-09 | CVE-2010-3922 | Sixapart | SQL Injection vulnerability in Sixapart Movabletype SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-12-09 | CVE-2009-5021 | Michael Dehaan | Credentials Management vulnerability in Michael Dehaan Cobbler Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | 7.5 |
2010-12-08 | CVE-2010-4503 | Aigaion | SQL Injection vulnerability in Aigaion 1.3.4 SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action. | 7.5 |
2010-12-07 | CVE-2010-4494 | Google Xmlsoft Apple Opensuse Suse Fedoraproject Redhat Debian HP Apache | Double Free vulnerability in Google Chrome Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | 7.5 |
2010-12-07 | CVE-2010-4492 | Google Debian | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. | 7.5 |
2010-12-07 | CVE-2010-4487 | Unspecified vulnerability in Google Chrome Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file." | 7.5 | |
2010-12-06 | CVE-2010-4254 | Mono Novell | Improper Input Validation vulnerability in multiple products Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | 7.5 |
2010-12-06 | CVE-2010-4404 | Anything Digital Joomla | SQL Injection vulnerability in Anything-Digital Sh404Sef SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-12-06 | CVE-2010-4400 | Dynpg | SQL Injection vulnerability in Dynpg 4.2.0 SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter. | 7.5 |
2010-12-09 | CVE-2010-4512 | Michael Dehaan | Permissions, Privileges, and Access Controls vulnerability in Michael Dehaan Cobbler Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | 7.2 |
2010-12-08 | CVE-2010-4502 | CA | Numeric Errors vulnerability in CA Internet Security Suite Plus 2010 Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow. | 7.2 |
2010-12-06 | CVE-2010-4297 | Vmware | Improper Input Validation vulnerability in VMWare products The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. | 7.2 |
55 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-08 | CVE-2010-3372 | Nordugrid | Unspecified vulnerability in Nordugrid Nordugrid-Arc Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. | 6.9 |
2010-12-10 | CVE-2010-3773 | Mozilla | Privilege Escalation vulnerability in Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | 6.8 |
2010-12-10 | CVE-2010-3771 | Mozilla | Privilege Escalation vulnerability in Mozilla Firefox and SeaMonkey 'about:blank' Window Chrome Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI. | 6.8 |
2010-12-09 | CVE-2010-4517 | Harmistechnology Joomla | SQL Injection vulnerability in Harmistechnology COM Jeauto 1.0 SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | 6.8 |
2010-12-08 | CVE-2010-4505 | Injader | SQL Injection vulnerability in Injader 2.4.4 Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters. | 6.8 |
2010-12-08 | CVE-2010-4108 | HP | Remote Denial Of Service vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors. | 6.8 |
2010-12-08 | CVE-2010-2793 | Redhat | Race Condition vulnerability in Redhat Enterprise Virtualization Manager and Spice-Activex Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | 6.8 |
2010-12-08 | CVE-2010-4500 | Mrcgiguy | SQL Injection vulnerability in Mrcgiguy Freeticket 1.0.0 Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. | 6.8 |
2010-12-07 | CVE-2010-4330 | Pulsecms | Path Traversal vulnerability in Pulsecms Pulse CMS Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2010-12-07 | CVE-2010-4259 | Alexej Kryukov | Buffer Errors vulnerability in Alexej Kryukov Fontforge 20100501 Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file. | 6.8 |
2010-12-06 | CVE-2010-4406 | Brunetton | Path Traversal vulnerability in Brunetton Littlephpgallery 1.0.2 Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter. | 6.8 |
2010-12-06 | CVE-2010-3614 | ISC | Improper Input Validation vulnerability in ISC Bind named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. | 6.4 |
2010-12-08 | CVE-2010-4012 | Apple | Race Condition vulnerability in Apple Iphone OS 4.0/4.1 Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. | 6.2 |
2010-12-07 | CVE-2010-4257 | Wordpress | SQL Injection vulnerability in Wordpress SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | 6.0 |
2010-12-10 | CVE-2010-3919 | Fenrir | Permissions, Privileges, and Access Controls vulnerability in Fenrir Grani Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. | 5.8 |
2010-12-10 | CVE-2010-3918 | Fenrir INC | Permissions, Privileges, and Access Controls vulnerability in Fenrir-Inc Sleipnir Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. | 5.8 |
2010-12-08 | CVE-2010-3860 | Redhat | Information Exposure vulnerability in Redhat Icedtea IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | 5.0 |
2010-12-07 | CVE-2010-4150 | PHP | Resource Management Errors vulnerability in PHP Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 5.0 |
2010-12-07 | CVE-2010-4488 | Improper Authentication vulnerability in Google Chrome Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 | |
2010-12-07 | CVE-2010-4484 | Unspecified vulnerability in Google Chrome Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 | |
2010-12-07 | CVE-2010-4482 | Security Bypass vulnerability in Chrome Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors. | 5.0 | |
2010-12-06 | CVE-2010-4409 | PHP | Numeric Errors vulnerability in PHP Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. | 5.0 |
2010-12-06 | CVE-2010-2639 | IBM | Information Exposure vulnerability in IBM Websphere Commerce 7.0/7.0.0.1 IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | 5.0 |
2010-12-06 | CVE-2010-3615 | ISC | Permissions, Privileges, and Access Controls vulnerability in ISC Bind 9.7.2 named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. | 5.0 |
2010-12-06 | CVE-2010-4403 | Devbits Wordpress | Information Exposure vulnerability in Devbits Register-Plus The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message. | 5.0 |
2010-12-06 | CVE-2010-4401 | Dynpg | Information Exposure vulnerability in Dynpg 4.2.0 languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | 5.0 |
2010-12-08 | CVE-2010-3920 | Epson | Permissions, Privileges, and Access Controls vulnerability in Epson products The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. | 4.6 |
2010-12-10 | CVE-2010-3774 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. | 4.3 |
2010-12-10 | CVE-2010-3770 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. | 4.3 |
2010-12-09 | CVE-2010-4518 | Wobeo Wordpress | Cross-Site Scripting vulnerability in Wobeo Wp-Safe-Search 0.7 Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. | 4.3 |
2010-12-09 | CVE-2010-4515 | Citrix | Cross-Site Scripting vulnerability in Citrix web Interface Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454. | 4.3 |
2010-12-09 | CVE-2010-4514 | Dotnetnuke | Cross-Site Scripting vulnerability in Dotnetnuke 5.05.01/5.06.00 Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. | 4.3 |
2010-12-09 | CVE-2010-4513 | Zimplit | Cross-Site Scripting vulnerability in Zimplit CMS Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php. | 4.3 |
2010-12-09 | CVE-2010-3921 | Sixapart | Cross-Site Scripting vulnerability in Sixapart Movabletype Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-08 | CVE-2010-4504 | Intelliants | Cross-Site Scripting vulnerability in Intelliants Esyndicat 2.3 Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php. | 4.3 |
2010-12-08 | CVE-2010-4109 | HP | Cross-Site Scripting vulnerability in HP Palm Webos 1.4.1/1.4.5 Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | 4.3 |
2010-12-08 | CVE-2010-4480 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin 3.3.8.1/3.3.9.0 error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". | 4.3 |
2010-12-07 | CVE-2010-4493 | Google Debian | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. | 4.3 |
2010-12-07 | CVE-2010-4491 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. | 4.3 | |
2010-12-07 | CVE-2010-4489 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. | 4.3 | |
2010-12-07 | CVE-2010-4485 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site. | 4.3 | |
2010-12-07 | CVE-2010-4483 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site. | 4.3 | |
2010-12-07 | CVE-2010-4412 | Bsdperimeter | Cross-Site Scripting vulnerability in Bsdperimeter Pfsense 2.0 Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246. | 4.3 |
2010-12-07 | CVE-2010-4246 | Bsdperimeter | Cross-Site Scripting vulnerability in Bsdperimeter Pfsense 1.2.3/2.0 Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182. | 4.3 |
2010-12-06 | CVE-2008-7270 | Openssl | Cryptographic Issues vulnerability in Openssl OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. | 4.3 |
2010-12-06 | CVE-2010-4180 | Openssl Fedoraproject Debian Canonical Suse Opensuse F5 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | 4.3 |
2010-12-06 | CVE-2010-4411 | Andy Armstrong | Unspecified vulnerability in Andy Armstrong Cgi.Pm Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. | 4.3 |
2010-12-06 | CVE-2010-4410 | Andy Armstrong | Code Injection vulnerability in Andy Armstrong Cgi-Simple and Cgi.Pm CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. | 4.3 |
2010-12-06 | CVE-2010-2761 | Andy Armstrong | Code Injection vulnerability in Andy Armstrong Cgi-Simple and Cgi.Pm The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. | 4.3 |
2010-12-06 | CVE-2010-4407 | Alberto Pittoni | Cross-Site Scripting vulnerability in Alberto Pittoni Alguest 1.1 Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters. | 4.3 |
2010-12-06 | CVE-2010-4405 | Anything Digital Joomla | Cross-Site Scripting vulnerability in Anything-Digital Sh404Sef Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-06 | CVE-2010-4402 | Devbits Wordpress | Cross-Site Scripting vulnerability in Devbits Register-Plus Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. | 4.3 |
2010-12-06 | CVE-2010-4399 | Dynpg | Path Traversal vulnerability in Dynpg 4.1.1/4.2.0 Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2010-12-07 | CVE-2010-4176 | Udev Project Dracut Project | Incorrect Default Permissions vulnerability in multiple products plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | 4.0 |
2010-12-06 | CVE-2010-3613 | ISC | Permissions, Privileges, and Access Controls vulnerability in ISC Bind named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-08 | CVE-2010-3699 | Citrix | Resource Management Errors vulnerability in Citrix XEN The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. | 2.7 |
2010-12-09 | CVE-2010-0530 | Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. | 2.1 |