Weekly Vulnerabilities Reports > December 27, 2010 to January 2, 2011

Overview

49 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 41 products from 30 vendors including Mybb, IBM, Redhat, Linux, and Xwiki. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Information Exposure", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".

  • 44 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 44 reported vulnerabilities are exploitable by an anonymous user.
  • Mybb has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-29 CVE-2010-4601 IBM Unspecified vulnerability in IBM Rational Clearquest

Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.

10.0
2010-12-30 CVE-2010-4507 Clear Cross-Site Request Forgery (CSRF) vulnerability in Clear products

Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.

9.3
2010-12-30 CVE-2010-4321 Novell Buffer Errors vulnerability in Novell Iprint Client 5.52

Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.

9.3

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-30 CVE-2010-4641 Xwiki SQL Injection vulnerability in Xwiki

SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-12-30 CVE-2010-4639 Intendance SQL Injection vulnerability in Intendance Mysource Matrix

SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-12-30 CVE-2010-4636 Site2Nite SQL Injection vulnerability in Site2Nite Business E-Listings

SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2010-12-30 CVE-2010-4635 Site2Nite SQL Injection vulnerability in Site2Nite Vacation Rental Listings

SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2010-12-30 CVE-2010-4633 Sumeffect SQL Injection vulnerability in Sumeffect Digishop 2.0.2

SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.

7.5
2010-12-30 CVE-2010-4632 Pilotcart SQL Injection vulnerability in Pilotcart Pilot Cart 7.3

Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp.

7.5
2010-12-30 CVE-2010-3708 Redhat Improper Input Validation vulnerability in Redhat products

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.

7.5
2010-12-29 CVE-2010-4619 Webscripti SQL Injection vulnerability in Webscripti Mafya Oyun Scrpti

SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-12-29 CVE-2010-4615 Iskenderaltuntas SQL Injection vulnerability in Iskenderaltuntas OTO Galeri Sistemi 1.0

Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.

7.5
2010-12-29 CVE-2010-4614 Mhproducts SQL Injection vulnerability in Mhproducts ERO Auktion 2010

SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.

7.5
2010-12-29 CVE-2010-4613 Hycus Path Traversal vulnerability in Hycus CMS 1.0.3

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2010-12-29 CVE-2010-4609 Html Edit SQL Injection vulnerability in Html-Edit CMS 3.1.8

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.

7.5

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-30 CVE-2010-3923 Mitsu Hiro HI Rose Unspecified vulnerability in Mitsu Hiro HI Rose Attachecase

Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9
2010-12-30 CVE-2010-4638 Iptechinside
Joomla
SQL Injection vulnerability in Iptechinside COM Jquarks4S 1.0.0

SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.

6.8
2010-12-30 CVE-2010-4627 Mybb Cross-Site Request Forgery (CSRF) vulnerability in Mybb

Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2010-12-29 CVE-2010-4617 Kanich
Joomla
Path Traversal vulnerability in Kanich COM Jotloader 2.2.1

Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.

6.8
2010-12-29 CVE-2010-4612 Hycus SQL Injection vulnerability in Hycus CMS 1.0.3

Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html.

6.8
2010-12-29 CVE-2010-4603 IBM Unspecified vulnerability in IBM Rational Clearquest

IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.

6.5
2010-12-29 CVE-2010-4343 Linux
Vmware
Improper Initialization vulnerability in multiple products

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.

5.5
2010-12-30 CVE-2010-4626 Mybb Cryptographic Issues vulnerability in Mybb

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.

5.1
2010-12-30 CVE-2010-4629 Mybb Permissions, Privileges, and Access Controls vulnerability in Mybb

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.

5.0
2010-12-30 CVE-2010-4628 Mybb Unspecified vulnerability in Mybb

member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.

5.0
2010-12-30 CVE-2010-4625 Mybb Information Exposure vulnerability in Mybb

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.

5.0
2010-12-30 CVE-2010-4622 IBM Path Traversal vulnerability in IBM Tivoli Access Manager for E-Business 6.1.1

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

5.0
2010-12-29 CVE-2010-4611 Html Edit Information Exposure vulnerability in Html-Edit CMS 3.1.8

Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.

5.0
2010-12-29 CVE-2010-4608 Habariproject Information Exposure vulnerability in Habariproject Habari 0.6.5

Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.

5.0
2010-12-29 CVE-2010-4600 Dojofoundation
IBM
Information Exposure vulnerability in multiple products

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

5.0
2010-12-30 CVE-2010-4161 Linux
Redhat
Resource Management Errors vulnerability in multiple products

The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158.

4.9
2010-12-30 CVE-2010-4642 Xwiki Cross-Site Scripting vulnerability in Xwiki

Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-12-30 CVE-2010-4640 Xwiki Cross-Site Scripting vulnerability in Xwiki Watch 1.0

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register.

4.3
2010-12-30 CVE-2010-4637 Finalcut
Wordpress
Cross-Site Scripting vulnerability in Finalcut Feedlist 2.61.01

Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

4.3
2010-12-30 CVE-2010-4631 Pilotcart Cross-Site Scripting vulnerability in Pilotcart Pilot Cart 7.3

Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.

4.3
2010-12-30 CVE-2010-4630 Fubra
Wordpress
Cross-Site Scripting vulnerability in Fubra Wp-Survey-And-Quiz-Tool 1.2.1

Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2010-12-30 CVE-2010-4522 Mybb Cross-Site Scripting vulnerability in Mybb 1.4.14/1.6.0

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.

4.3
2010-12-30 CVE-2010-3878 Redhat Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise Application Platform 4.3.0

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

4.3
2010-12-30 CVE-2010-4276 Livezilla Cross-Site Scripting vulnerability in Livezilla 3.2.0.2

Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.

4.3
2010-12-29 CVE-2010-4618 Algisinfo
Joomla
Cross-Site Scripting vulnerability in Algisinfo Aicontactsafe

Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-12-29 CVE-2010-4616 Impresscms Cross-Site Scripting vulnerability in Impresscms

Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.

4.3
2010-12-29 CVE-2010-4610 Html Edit Cross-Site Scripting vulnerability in Html-Edit CMS 3.1.8

Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2010-12-30 CVE-2010-4623 IBM Resource Management Errors vulnerability in IBM Tivoli Access Manager for E-Business 6.1.1

WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.

4.0
2010-12-29 CVE-2010-4602 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Rational Clearquest

The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-30 CVE-2010-4624 Mybb Permissions, Privileges, and Access Controls vulnerability in Mybb

MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.

3.5
2010-12-30 CVE-2010-3862 Redhat Improper Input Validation vulnerability in Redhat products

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.

2.6
2010-12-29 CVE-2010-4607 Habariproject Cross-Site Scripting vulnerability in Habariproject Habari 0.6.5

Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php.

2.6
2010-12-30 CVE-2010-4352 D BUS Project Resource Management Errors vulnerability in D-Bus Project D-Bus

Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.

2.1
2010-12-29 CVE-2010-4565 Linux Information Exposure vulnerability in Linux Kernel

The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.

2.1