Weekly Vulnerabilities Reports > February 21 to 27, 2011

Overview

80 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 41 vendors including Cisco, Redhat, HEX Rays, Fedoraproject, and Microsoft. Vulnerabilities are notably categorized as "Resource Management Errors", "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", and "OS Command Injection".

  • 70 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 26 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-02-25 CVE-2011-1018 Logwatch Improper Input Validation vulnerability in Logwatch 7.3.6

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

10.0
2011-02-25 CVE-2010-4227 Novell Buffer Errors vulnerability in Novell Netware 6.5

The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.

10.0
2011-02-25 CVE-2011-0385 Cisco Unspecified vulnerability in Cisco products

The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.

10.0
2011-02-25 CVE-2011-0384 Cisco Improper Authentication vulnerability in Cisco products

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.

10.0
2011-02-25 CVE-2011-0383 Cisco Improper Authentication vulnerability in Cisco products

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

10.0
2011-02-25 CVE-2011-0382 Cisco OS Command Injection vulnerability in Cisco products

The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221.

10.0
2011-02-25 CVE-2011-0381 Cisco OS Command Injection vulnerability in Cisco Telepresence Manager

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085.

10.0
2011-02-25 CVE-2011-0376 Cisco Information Exposure vulnerability in Cisco products

The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.

10.0
2011-02-25 CVE-2011-0372 Cisco OS Command Injection vulnerability in Cisco products

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.

10.0
2011-02-21 CVE-2011-1054 HEX Rays Buffer Overflow vulnerability in Hex-Rays IDA 5.7/6.0

Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.

10.0
2011-02-21 CVE-2011-1052 HEX Rays Numeric Errors vulnerability in Hex-Rays IDA 5.7/6.0

Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

10.0
2011-02-21 CVE-2011-1051 HEX Rays Numeric Errors vulnerability in Hex-Rays IDA 5.7/6.0

Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

10.0
2011-02-21 CVE-2011-1050 HEX Rays Buffer Overflow vulnerability in Hex-Rays IDA 5.7/6.0

Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."

10.0
2011-02-25 CVE-2011-0332 Foxitsoftware Numeric Errors vulnerability in Foxitsoftware Foxit Phantom and Foxit Reader

Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

9.3
2011-02-25 CVE-2011-0926 Cisco Improper Input Validation vulnerability in Cisco Secure Desktop

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

9.3
2011-02-25 CVE-2011-0386 Cisco Code Injection vulnerability in Cisco products

The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.

9.3
2011-02-23 CVE-2011-1065 Pipi Buffer Errors vulnerability in Pipi Player 2.8.0.0

Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods.

9.3
2011-02-21 CVE-2011-0694 Realnetworks Unspecified vulnerability in Realnetworks Realplayer and Realplayer SP

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.

9.3
2011-02-25 CVE-2011-0375 Cisco OS Command Injection vulnerability in Cisco products

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.

9.0
2011-02-25 CVE-2011-0374 Cisco OS Command Injection vulnerability in Cisco products

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.

9.0
2011-02-25 CVE-2011-0373 Cisco OS Command Injection vulnerability in Cisco products

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.

9.0

26 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-02-25 CVE-2011-1036 CA Unspecified vulnerability in CA products

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

8.8
2011-02-25 CVE-2011-0378 Cisco OS Command Injection vulnerability in Cisco products

The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.

8.3
2011-02-25 CVE-2011-0387 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164.

8.0
2011-02-25 CVE-2011-0379 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761.

7.9
2011-02-25 CVE-2011-0396 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352.

7.8
2011-02-25 CVE-2011-0395 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583.

7.8
2011-02-25 CVE-2011-0394 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances 500 series devices; and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(20), 3.2 before 3.2(20), 4.0 before 4.0(15), and 4.1 before 4.1(5) allow remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug IDs CSCtg69457 and CSCtl84952.

7.8
2011-02-25 CVE-2011-0393 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707.

7.8
2011-02-25 CVE-2011-0391 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad hoc recording" issue, aka Bug ID CSCtf97205.

7.8
2011-02-25 CVE-2011-0390 Cisco Resource Management Errors vulnerability in Cisco products

The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534.

7.8
2011-02-25 CVE-2011-0389 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993.

7.8
2011-02-25 CVE-2011-0388 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.

7.8
2011-02-25 CVE-2011-0377 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605.

7.8
2011-02-25 CVE-2011-0392 Cisco Improper Authentication vulnerability in Cisco products

Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.

7.5
2011-02-25 CVE-2011-0380 Cisco Improper Authentication vulnerability in Cisco Telepresence Manager

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.

7.5
2011-02-23 CVE-2011-0019 Fedoraproject
Redhat
Improper Input Validation vulnerability in multiple products

slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.

7.5
2011-02-23 CVE-2011-1061 Webmastersite SQL Injection vulnerability in Webmastersite WSN Guest 1.24

SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.

7.5
2011-02-23 CVE-2011-1060 Webmastersite SQL Injection vulnerability in Webmastersite WSN Guest 1.24

SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.

7.5
2011-02-22 CVE-2011-0530 Wouter Verhelst Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wouter Verhelst NBD

Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request.

7.5
2011-02-21 CVE-2011-1055 Lingxia273 SQL Injection vulnerability in Lingxia273 Lingxia I.C.E CMS 1.0

SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.

7.5
2011-02-21 CVE-2011-1048 Mihantools SQL Injection vulnerability in Mihantools 1.33

SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-02-21 CVE-2011-1047 Vasthtml
Wordpress
SQL Injection vulnerability in Vasthtml Forum Server 1.6.1/1.6.5

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.

7.5
2011-02-21 CVE-2011-0449 Rubyonrails Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

7.5
2011-02-21 CVE-2011-0448 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

7.5
2011-02-25 CVE-2011-0037 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

7.2
2011-02-23 CVE-2011-0414 ISC Resource Management Errors vulnerability in ISC Bind 9.7.1/9.7.2

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

7.1

30 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-02-24 CVE-2011-1011 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux, Fedora and Policycoreutils

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

6.9
2011-02-25 CVE-2011-1101 Citrix Denial Of Service vulnerability in Citrix Licensing Administration Console 11.6

Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors.

6.8
2011-02-23 CVE-2011-1003 Clamav Resource Management Errors vulnerability in Clamav

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document.

6.8
2011-02-23 CVE-2011-1064 Qibosoft SQL Injection vulnerability in Qibosoft QI BO CMS 7

SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.

6.8
2011-02-21 CVE-2011-1049 HEX Rays Buffer Errors vulnerability in Hex-Rays IDA 5.7/6.0

Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file.

6.8
2011-02-21 CVE-2011-1045 IBM Security Bypass vulnerability in IBM products

Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors.

6.8
2011-02-25 CVE-2011-1100 Pixelpost SQL Injection vulnerability in Pixelpost 1.7.3

Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.

6.5
2011-02-24 CVE-2011-0452 Lunascape Unspecified vulnerability in Lunascape

Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.2
2011-02-23 CVE-2011-0532 Fedoraproject
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.2
2011-02-21 CVE-2011-1056 Metasploit
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Metasploit Framework 3.5.1

The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.

6.2
2011-02-25 CVE-2011-0718 Redhat Improper Authentication vulnerability in Redhat Network Satellite Server 5.4

Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.

5.8
2011-02-25 CVE-2011-0717 Redhat Security Bypass vulnerability in Redhat Network Satellite Server 5.4

Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk.

5.8
2011-02-25 CVE-2011-1103 F Secure Information Exposure vulnerability in F-Secure Policy Manager

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.

5.0
2011-02-23 CVE-2011-1067 Fedoraproject Improper Input Validation vulnerability in Fedoraproject 389 Directory Server

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.

5.0
2011-02-23 CVE-2010-4746 Fedoraproject Resource Management Errors vulnerability in Fedoraproject 389 Directory Server

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.

5.0
2011-02-22 CVE-2011-1002 Avahi Resource Management Errors vulnerability in Avahi

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353.

5.0
2011-02-21 CVE-2011-1046 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.

5.0
2011-02-21 CVE-2011-0330 Dell Permissions, Privileges, and Access Controls vulnerability in Dell Dellsystemlite.Scanner Activex Control 1.0.0.0

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software.

5.0
2011-02-21 CVE-2011-0329 Dell Path Traversal vulnerability in Dell Dellsystemlite.Scanner Activex Control 1.0.0.0

Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter.

5.0
2011-02-23 CVE-2011-0999 Linux Resource Exhaustion vulnerability in Linux Kernel

mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application.

4.9
2011-02-23 CVE-2011-0725 Sebastian Heinlein
Canonical
Path Traversal vulnerability in multiple products

Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface.

4.9
2011-02-23 CVE-2011-0022 Fedoraproject
Redhat
Resource Management Errors vulnerability in multiple products

The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.

4.7
2011-02-25 CVE-2011-1102 F Secure Cross-Site Scripting vulnerability in F-Secure Policy Manager

Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-02-23 CVE-2011-1063 Cherry Software Cross-Site Scripting vulnerability in Cherry-Software Photopad 1.2.0

Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php.

4.3
2011-02-23 CVE-2011-1062 Taskfreak Cross-Site Scripting vulnerability in Taskfreak Taskfreak! 0.6.4

Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php.

4.3
2011-02-22 CVE-2011-1059 Apple
Google
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.

4.3
2011-02-22 CVE-2011-1038 IBM Cross-Site Scripting vulnerability in IBM Lotus Sametime 8.0.1

Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.

4.3
2011-02-22 CVE-2011-0707 GNU Cross-Site Scripting vulnerability in GNU Mailman

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

4.3
2011-02-21 CVE-2011-1053 HEX Rays Buffer Overflow vulnerability in Hex-Rays IDA 5.7/6.0

Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file.

4.3
2011-02-21 CVE-2010-4745 Gareth Watts Cross-Site Scripting vulnerability in Gareth Watts PHPxref

Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-02-23 CVE-2011-1068 Microsoft Improper Input Validation vulnerability in Microsoft Windows Azure SDK 1.3

Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps.

2.6
2011-02-23 CVE-2011-1066 Reyero
Drupal
Cross-Site Scripting vulnerability in Reyero Messaging

Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors.

2.6
2011-02-22 CVE-2011-1058 Moinmo Cross-Site Scripting vulnerability in Moinmo Moinmoin

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute.

2.6