Weekly Vulnerabilities Reports > January 31 to February 6, 2011

Overview

91 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 41 vendors including Google, Smarty, Opera, Novell, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Information Exposure".

  • 85 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 22 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Smarty has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-02-03 CVE-2010-4727 Smarty Improper Input Validation vulnerability in Smarty

Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.

10.0
2011-02-03 CVE-2010-4726 Smarty Unspecified vulnerability in Smarty

Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors.

10.0
2011-02-03 CVE-2010-4725 Smarty Unspecified vulnerability in Smarty

Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors.

10.0
2011-02-03 CVE-2010-4724 Smarty Unspecified vulnerability in Smarty

Multiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors.

10.0
2011-02-03 CVE-2010-4722 Smarty Unspecified vulnerability in Smarty

Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors.

10.0
2011-02-03 CVE-2009-5052 Smarty Remote Security vulnerability in Smarty

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.

10.0
2011-02-03 CVE-2011-0354 Cisco Credentials Management vulnerability in Cisco products

The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.

10.0
2011-02-02 CVE-2011-0742 Novell Buffer Errors vulnerability in Novell Zenworks Handheld Management 7

Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.

10.0
2011-02-02 CVE-2011-0276 HP Remote Arbitrary Code Execution vulnerability in HP OpenView Performance Insight Server 'doPost()'

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

10.0
2011-02-01 CVE-2011-0732 IBM Unspecified vulnerability in IBM Tivoli Common Reporting and Tivoli Integrated Portal

Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs."

10.0
2011-01-31 CVE-2010-4714 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.

10.0
2011-01-31 CVE-2010-4713 Novell Numeric Errors vulnerability in Novell Groupwise

Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header.

10.0
2011-01-31 CVE-2010-4712 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise

Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data.

10.0
2011-01-31 CVE-2010-4711 Novell Resource Management Errors vulnerability in Novell Groupwise

Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.

10.0
2011-02-03 CVE-2010-4723 Smarty Permissions, Privileges, and Access Controls vulnerability in Smarty

Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.

9.3
2011-02-02 CVE-2010-3269 Cisco Buffer Errors vulnerability in Cisco products

Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.

9.3
2011-02-02 CVE-2010-3044 Cisco Buffer Errors vulnerability in Cisco products

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.

9.3
2011-02-02 CVE-2010-3043 Cisco Buffer Errors vulnerability in Cisco products

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.

9.3
2011-02-02 CVE-2010-3042 Cisco Buffer Errors vulnerability in Cisco products

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.

9.3
2011-02-02 CVE-2010-3041 Cisco Buffer Errors vulnerability in Cisco products

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044.

9.3
2011-01-31 CVE-2011-0688 Symantec Improper Authentication vulnerability in Symantec products

Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111.

9.3
2011-01-31 CVE-2011-0682 Opera Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser

Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.

9.3
2011-01-31 CVE-2010-4393 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file.

9.3
2011-01-31 CVE-2010-0111 Symantec Improper Input Validation vulnerability in Symantec products

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.

9.3

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-02-02 CVE-2010-3719 Symantec Code Injection vulnerability in Symantec IM Manager

Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

8.5
2011-01-31 CVE-2010-0110 Symantec Buffer Errors vulnerability in Symantec products

Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service.

7.9
2011-01-31 CVE-2011-0413 ISC Improper Input Validation vulnerability in ISC Dhcp

The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.

7.8
2011-01-31 CVE-2011-0450 Opera
Microsoft
Remote Security vulnerability in Opera Web Browser

The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.

7.6
2011-02-04 CVE-2011-0781 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.

7.5
2011-02-04 CVE-2011-0778 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5
2011-02-04 CVE-2011-0777 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.

7.5
2011-02-04 CVE-2011-0537 Mediawiki
Microsoft
Path Traversal vulnerability in Mediawiki

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.

7.5
2011-02-03 CVE-2011-0720 Plone
Redhat
Remote Security Bypass vulnerability in Plone

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

7.5
2011-02-03 CVE-2009-5054 Smarty Permissions, Privileges, and Access Controls vulnerability in Smarty

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

7.5
2011-02-03 CVE-2009-5053 Smarty Remote Security vulnerability in Smarty

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.

7.5
2011-02-02 CVE-2010-3929 Modxcms SQL Injection vulnerability in Modxcms Evolution

SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.

7.5
2011-02-01 CVE-2010-4721 Mhproducts SQL Injection vulnerability in Mhproducts Immo Makler

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-02-01 CVE-2010-4720 Harmistechnology
Joomla
SQL Injection vulnerability in Harmistechnology COM Jeauto

SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.

7.5
2011-02-01 CVE-2010-4719 Fxwebdesign
Joomla
Path Traversal vulnerability in Fxwebdesign COM Jradio

Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

7.5
2011-02-01 CVE-2011-0731 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2011-02-04 CVE-2011-0649 Tibco Local Privilege Escalation vulnerability in Multiple TIBCO Products

Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).

7.2
2011-02-02 CVE-2011-0521 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.

7.2

48 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-02-02 CVE-2011-0017 Exim Improper Input Validation vulnerability in Exim

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

6.9
2011-02-04 CVE-2011-0025 Redhat Improper Input Validation vulnerability in Redhat Icedtea

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

6.8
2011-02-04 CVE-2011-0784 Google Race Condition vulnerability in Google Chrome

Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.

6.8
2011-02-04 CVE-2011-0780 Google Unspecified vulnerability in Google Chrome

The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

6.8
2011-02-04 CVE-2011-0771 Janrain
Drupal
Improper Input Validation vulnerability in Janrain RPX 6.X1.3

The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site.

6.8
2011-02-04 CVE-2004-0694 Tsugio Okamoto Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tsugio Okamoto LHA

Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771.

6.8
2011-02-02 CVE-2010-3270 Cisco Buffer Errors vulnerability in Cisco Webex Meeting Center 27.0

Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting.

6.8
2011-02-02 CVE-2011-0739 Mikel Lindsaar Improper Input Validation vulnerability in Mikel Lindsaar Mail

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

6.8
2011-02-02 CVE-2010-4652 Proftpd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.

6.8
2011-02-02 CVE-2011-0757 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

6.5
2011-02-02 CVE-2010-4015 Postgresql Numeric Errors vulnerability in Postgresql

Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

6.5
2011-01-31 CVE-2010-4717 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise

Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.

6.5
2011-02-01 CVE-2011-0321 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Networker

librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.

6.4
2011-02-04 CVE-2011-0782 Google Unspecified vulnerability in Google Chrome

Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5.0
2011-02-04 CVE-2011-0779 Google
Debian
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.

5.0
2011-02-04 CVE-2011-0776 Google Information Exposure vulnerability in Google Chrome

The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.

5.0
2011-02-04 CVE-2011-0775 Pivotx Information Exposure vulnerability in Pivotx 2.2.2

pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message.

5.0
2011-02-04 CVE-2011-0774 Pivotx Information Exposure vulnerability in Pivotx 2.2.2

PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.

5.0
2011-02-04 CVE-2011-0049 MJ2 Path Traversal vulnerability in MJ2 Majordomo 2

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via ..

5.0
2011-02-02 CVE-2011-0755 PHP Numeric Errors vulnerability in PHP

Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.

5.0
2011-02-02 CVE-2011-0752 PHP Improper Input Validation vulnerability in PHP

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.

5.0
2011-02-02 CVE-2010-3930 Modxcms Path Traversal vulnerability in Modxcms Evolution

Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.

5.0
2011-02-01 CVE-2011-0737 Adobe Information Exposure vulnerability in Adobe Coldfusion

** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message.

5.0
2011-01-31 CVE-2011-0686 Opera Multiple Security vulnerability in Opera Web Browser

Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.

5.0
2011-01-31 CVE-2011-0684 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.

5.0
2011-01-31 CVE-2011-0680 Google Information Disclosure vulnerability in Open Handset Alliance Android 'data/WorkingMessage.java'

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.

5.0
2011-01-31 CVE-2010-4715 Novell Path Traversal vulnerability in Novell Groupwise

Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors.

5.0
2011-02-02 CVE-2011-0754 PHP
Microsoft
Link Following vulnerability in PHP

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

4.4
2011-02-04 CVE-2011-0783 Google
Debian
Unspecified vulnerability in Google Chrome

Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."

4.3
2011-02-04 CVE-2011-0773 Pivotx Cross-Site Scripting vulnerability in Pivotx

Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

4.3
2011-02-04 CVE-2011-0772 Pivotx Cross-Site Scripting vulnerability in Pivotx

Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.

4.3
2011-02-04 CVE-2011-0047 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

4.3
2011-02-03 CVE-2011-0451 Lockon Cross-Site Scripting vulnerability in Lockon Ec-Cube

Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-02-02 CVE-2011-0753 PHP Race Condition vulnerability in PHP

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.

4.3
2011-02-02 CVE-2011-0741 Modxcms Cross-Site Scripting vulnerability in Modxcms Evolution

Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.

4.3
2011-02-02 CVE-2011-0740 Pleer
Wordpress
Cross-Site Scripting vulnerability in Pleer RSS Feed Reader 0.1

Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.

4.3
2011-02-02 CVE-2011-0738 Ncsa
Globus
Improper Input Validation vulnerability in multiple products

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

4.3
2011-02-02 CVE-2010-3854 Apache Cross-Site Scripting vulnerability in Apache Couchdb

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-02-01 CVE-2010-4718 Lyften
Joomla
Cross-Site Scripting vulnerability in Lyften COM Lyftenbloggie 1.1.0

Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.

4.3
2011-02-01 CVE-2011-0736 Adobe Information Exposure vulnerability in Adobe Coldfusion

** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file.

4.3
2011-02-01 CVE-2011-0735 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

4.3
2011-02-01 CVE-2011-0734 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack.

4.3
2011-02-01 CVE-2011-0733 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file.

4.3
2011-01-31 CVE-2011-0687 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.

4.3
2011-01-31 CVE-2011-0683 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3
2011-01-31 CVE-2011-0681 Opera Multiple Security vulnerability in Opera Web Browser

The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.

4.3
2011-01-31 CVE-2011-0096 Microsoft Cross-Site Scripting vulnerability in Microsoft products

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."

4.3
2011-01-31 CVE-2010-4716 Novell Cross-Site Scripting vulnerability in Novell Groupwise

Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-31 CVE-2011-0685 Opera Improper Input Validation vulnerability in Opera Browser

The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.

2.1