Weekly Vulnerabilities Reports > December 6 to 12, 2010

Overview

109 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 97 products from 55 vendors including Mozilla, Google, Apple, Linux, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Numeric Errors".

  • 91 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 103 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-09 CVE-2010-4511 Sixapart Unspecified vulnerability in Movable Type (CVE-2010-4511)

Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message."

10.0
2010-12-09 CVE-2010-4509 Sixapart Security vulnerability in Movable Type

Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags.

10.0
2010-12-09 CVE-2010-4508 Mozilla Unspecified vulnerability in Mozilla Firefox 4.0

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.

10.0
2010-12-10 CVE-2010-3778 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-12-10 CVE-2010-3777 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Thunderbird

Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-12-10 CVE-2010-3776 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-12-10 CVE-2010-3775 Mozilla Unspecified vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.

9.3
2010-12-10 CVE-2010-3772 Mozilla Numeric Errors vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element.

9.3
2010-12-10 CVE-2010-3769 Mozilla
Microsoft
Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.

9.3
2010-12-10 CVE-2010-3768 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.

9.3
2010-12-10 CVE-2010-3767 Mozilla Numeric Errors vulnerability in Mozilla Firefox and Seamonkey

Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.

9.3
2010-12-10 CVE-2010-3766 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.

9.3
2010-12-09 CVE-2010-4009 Apple Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

9.3
2010-12-09 CVE-2010-3802 Apple Numeric Errors vulnerability in Apple Quicktime

Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.

9.3
2010-12-09 CVE-2010-3801 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.

9.3
2010-12-09 CVE-2010-3800 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.

9.3
2010-12-09 CVE-2010-1508 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.

9.3
2010-12-07 CVE-2010-4490 Google Unspecified vulnerability in Google Chrome

Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.

9.3
2010-12-07 CVE-2010-4486 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.

9.3
2010-12-06 CVE-2010-4294 Vmware
Microsoft
Code Injection vulnerability in VMWare products

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.

9.3

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-09 CVE-2010-2235 Michael Dehaan Code Injection vulnerability in Michael Dehaan Cobbler

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.

8.5
2010-12-09 CVE-2010-3922 Sixapart SQL Injection vulnerability in Sixapart Movabletype

SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-12-09 CVE-2009-5021 Michael Dehaan Credentials Management vulnerability in Michael Dehaan Cobbler

Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.

7.5
2010-12-08 CVE-2010-4503 Aigaion SQL Injection vulnerability in Aigaion 1.3.4

SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.

7.5
2010-12-07 CVE-2010-4179 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise MRG 1.3

The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.

7.5
2010-12-07 CVE-2010-4494 Google
Xmlsoft
Apple
Opensuse
Suse
Fedoraproject
Redhat
Debian
HP
Apache
Double Free vulnerability in Google Chrome

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

7.5
2010-12-07 CVE-2010-4492 Google
Debian
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.

7.5
2010-12-07 CVE-2010-4487 Google
Apple
Linux
Unspecified vulnerability in Google Chrome

Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."

7.5
2010-12-07 CVE-2010-4479 Clamav Multiple vulnerability in ClamAV Prior to 0.96.5

Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

7.5
2010-12-07 CVE-2010-4261 Clamav Numeric Errors vulnerability in Clamav

Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

7.5
2010-12-06 CVE-2010-4478 Openbsd Improper Authentication vulnerability in Openbsd Openssh

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

7.5
2010-12-06 CVE-2010-4252 Openssl Improper Authentication vulnerability in Openssl

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

7.5
2010-12-06 CVE-2010-4254 Mono
Novell
Improper Input Validation vulnerability in multiple products

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.

7.5
2010-12-06 CVE-2010-4404 Anything Digital
Joomla
SQL Injection vulnerability in Anything-Digital Sh404Sef

SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-12-06 CVE-2010-4400 Dynpg SQL Injection vulnerability in Dynpg CMS 4.2.0

SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.

7.5
2010-12-09 CVE-2010-4512 Michael Dehaan Permissions, Privileges, and Access Controls vulnerability in Michael Dehaan Cobbler

Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.

7.2
2010-12-08 CVE-2010-4502 CA Numeric Errors vulnerability in CA Internet Security Suite Plus 2010

Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.

7.2
2010-12-07 CVE-2010-4170 Systemtap Permissions, Privileges, and Access Controls vulnerability in Systemtap 1.3

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

7.2
2010-12-06 CVE-2010-4297 Vmware Improper Input Validation vulnerability in VMWare products

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.

7.2
2010-12-06 CVE-2010-4296 Vmware
Linux
Permissions, Privileges, and Access Controls vulnerability in VMWare products

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.

7.2
2010-12-06 CVE-2010-3904 Linux
Opensuse
Suse
Canonical
Improper Input Validation vulnerability in multiple products

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

7.2
2010-12-06 CVE-2010-4398 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

7.2

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-08 CVE-2010-3372 Nordugrid Unspecified vulnerability in Nordugrid Nordugrid-Arc

Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable.

6.9
2010-12-06 CVE-2010-4295 Vmware
Linux
Race Condition vulnerability in VMWare products

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.

6.9
2010-12-10 CVE-2010-3773 Mozilla Privilege Escalation vulnerability in Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.

6.8
2010-12-10 CVE-2010-3771 Mozilla Privilege Escalation vulnerability in Mozilla Firefox and SeaMonkey 'about:blank' Window Chrome

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.

6.8
2010-12-09 CVE-2010-4517 Harmistechnology
Joomla
SQL Injection vulnerability in Harmistechnology COM Jeauto 1.0

SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.

6.8
2010-12-08 CVE-2010-4505 Injader SQL Injection vulnerability in Injader 2.4.4

Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters.

6.8
2010-12-08 CVE-2010-4108 HP Remote Denial Of Service vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31

HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.

6.8
2010-12-08 CVE-2010-2793 Redhat Race Condition vulnerability in Redhat Enterprise Virtualization Manager and Spice-Activex

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.

6.8
2010-12-08 CVE-2010-4500 Mrcgiguy SQL Injection vulnerability in Mrcgiguy Freeticket 1.0.0

Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action.

6.8
2010-12-07 CVE-2010-4330 Pulsecms Path Traversal vulnerability in Pulsecms Pulse CMS

Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-12-07 CVE-2010-4259 Alexej Kryukov Buffer Errors vulnerability in Alexej Kryukov Fontforge 20100501

Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.

6.8
2010-12-06 CVE-2010-4408 Apache Cross-Site Scripting vulnerability in Apache Archiva

Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.

6.8
2010-12-06 CVE-2010-3449 Jesse Mcconnell
Apache
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.

6.8
2010-12-06 CVE-2010-4406 Brunetton Path Traversal vulnerability in Brunetton Littlephpgallery 1.0.2

Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.

6.8
2010-12-06 CVE-2010-3614 ISC Improper Input Validation vulnerability in ISC Bind

named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.

6.4
2010-12-10 CVE-2010-4157 Linux
Fedoraproject
Opensuse
Suse
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.

6.2
2010-12-08 CVE-2010-4012 Apple Race Condition vulnerability in Apple Iphone OS 4.0/4.1

Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.

6.2
2010-12-07 CVE-2010-4257 Wordpress SQL Injection vulnerability in Wordpress

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

6.0
2010-12-10 CVE-2010-3919 Fenrir Permissions, Privileges, and Access Controls vulnerability in Fenrir Grani

Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site.

5.8
2010-12-10 CVE-2010-3918 Fenrir INC Permissions, Privileges, and Access Controls vulnerability in Fenrir-Inc Sleipnir

Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site.

5.8
2010-12-08 CVE-2010-3860 Redhat Information Exposure vulnerability in Redhat Icedtea

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

5.0
2010-12-07 CVE-2010-4150 PHP Resource Management Errors vulnerability in PHP

Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

5.0
2010-12-07 CVE-2010-4488 Google Improper Authentication vulnerability in Google Chrome

Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5.0
2010-12-07 CVE-2010-4484 Google Unspecified vulnerability in Google Chrome

Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.

5.0
2010-12-07 CVE-2010-4482 Google Security Bypass vulnerability in Chrome

Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.

5.0
2010-12-07 CVE-2010-4260 Clamav Multiple vulnerability in ClamAV Prior to 0.96.5

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

5.0
2010-12-06 CVE-2010-4409 PHP Numeric Errors vulnerability in PHP

Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.

5.0
2010-12-06 CVE-2010-2639 IBM Information Exposure vulnerability in IBM Websphere Commerce 7.0/7.0.0.1

IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."

5.0
2010-12-06 CVE-2010-3615 ISC Permissions, Privileges, and Access Controls vulnerability in ISC Bind 9.7.2

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.

5.0
2010-12-06 CVE-2010-4403 Devbits
Wordpress
Information Exposure vulnerability in Devbits Register-Plus

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.

5.0
2010-12-06 CVE-2010-4401 Dynpg Information Exposure vulnerability in Dynpg CMS 4.2.0

languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

5.0
2010-12-10 CVE-2010-3880 Linux
Debian
Infinite Loop vulnerability in multiple products

net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.

4.9
2010-12-06 CVE-2010-3066 Linux Unspecified vulnerability in Linux Kernel

The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag.

4.9
2010-12-08 CVE-2010-3920 Epson Permissions, Privileges, and Access Controls vulnerability in Epson products

The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories.

4.6
2010-12-10 CVE-2010-3774 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.

4.3
2010-12-10 CVE-2010-3770 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

4.3
2010-12-09 CVE-2010-4518 Wobeo
Wordpress
Cross-Site Scripting vulnerability in Wobeo Wp-Safe-Search 0.7

Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.

4.3
2010-12-09 CVE-2010-4516 Jxtended
Joomla
Cross-Site Scripting vulnerability in Jxtended Comments 1.2.0/1.2.1

Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-12-09 CVE-2010-4515 Citrix Cross-Site Scripting vulnerability in Citrix web Interface

Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454.

4.3
2010-12-09 CVE-2010-4514 Dotnetnuke Cross-Site Scripting vulnerability in Dotnetnuke 5.05.01/5.06.00

Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter.

4.3
2010-12-09 CVE-2010-4513 Zimplit Cross-Site Scripting vulnerability in Zimplit CMS

Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.

4.3
2010-12-09 CVE-2010-3921 Sixapart Cross-Site Scripting vulnerability in Sixapart Movabletype

Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-12-08 CVE-2010-4504 Intelliants Cross-Site Scripting vulnerability in Intelliants Esyndicat 2.3

Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php.

4.3
2010-12-08 CVE-2010-4109 HP Cross-Site Scripting vulnerability in HP Palm Webos 1.4.1/1.4.5

Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.

4.3
2010-12-08 CVE-2010-4480 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 3.3.8.1/3.3.9.0

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

4.3
2010-12-07 CVE-2010-4493 Google
Debian
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

4.3
2010-12-07 CVE-2010-4491 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.

4.3
2010-12-07 CVE-2010-4489 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video.

4.3
2010-12-07 CVE-2010-4485 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.

4.3
2010-12-07 CVE-2010-4483 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.

4.3
2010-12-07 CVE-2010-4412 Bsdperimeter Cross-Site Scripting vulnerability in Bsdperimeter Pfsense 2.0

Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.

4.3
2010-12-07 CVE-2010-4246 Bsdperimeter Cross-Site Scripting vulnerability in Bsdperimeter Pfsense 1.2.3/2.0

Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182.

4.3
2010-12-06 CVE-2008-7270 Openssl Cryptographic Issues vulnerability in Openssl

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

4.3
2010-12-06 CVE-2010-4180 Openssl Unspecified vulnerability in Openssl

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

4.3
2010-12-06 CVE-2010-4411 Andy Armstrong Unspecified vulnerability in Andy Armstrong Cgi.Pm

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors.

4.3
2010-12-06 CVE-2010-4410 Andy Armstrong Code Injection vulnerability in Andy Armstrong Cgi-Simple and Cgi.Pm

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

4.3
2010-12-06 CVE-2010-2761 Andy Armstrong Code Injection vulnerability in Andy Armstrong Cgi-Simple and Cgi.Pm

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

4.3
2010-12-06 CVE-2010-4407 Alberto Pittoni Cross-Site Scripting vulnerability in Alberto Pittoni Alguest 1.1

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters.

4.3
2010-12-06 CVE-2010-4405 Anything Digital
Joomla
Cross-Site Scripting vulnerability in Anything-Digital Sh404Sef

Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-12-06 CVE-2010-4402 Devbits
Wordpress
Cross-Site Scripting vulnerability in Devbits Register-Plus

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.

4.3
2010-12-06 CVE-2010-4399 Dynpg Path Traversal vulnerability in Dynpg CMS 4.1.1/4.2.0

Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2010-12-07 CVE-2010-4176 Fedoraproject
Kernel
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

4.0
2010-12-06 CVE-2010-3613 ISC Permissions, Privileges, and Access Controls vulnerability in ISC Bind

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-08 CVE-2010-3699 Citrix Resource Management Errors vulnerability in Citrix XEN

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.

2.7
2010-12-10 CVE-2010-3861 Linux
Opensuse
Suse
Canonical
Information Exposure vulnerability in multiple products

The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

2.1
2010-12-09 CVE-2010-0530 Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime

Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.

2.1
2010-12-07 CVE-2010-4171 Systemtap Improper Input Validation vulnerability in Systemtap 1.3

The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).

2.1