Weekly Vulnerabilities Reports > March 14 to 20, 2011
Overview
64 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 39 products from 28 vendors including Otrs, PHP, Openldap, Google, and Redhat. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Resource Management Errors", and "Cryptographic Issues".
- 60 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 45 reported vulnerabilities are exploitable by an anonymous user.
- Otrs has the most reported vulnerabilities, with 24 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-16 | CVE-2011-0889 | HP | Remote Code Execution vulnerability in HP Client Automation Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-16 | CVE-2011-0648 | EMC | Remote Privilege Escalation vulnerability in EMC Avamar (CVE-2011-0648) Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors. | 8.5 |
2011-03-15 | CVE-2011-0609 | Adobe Opensuse Suse | Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011. | 7.8 |
2011-03-20 | CVE-2011-0284 | MIT | Resource Management Errors vulnerability in MIT Kerberos 5 Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data. | 7.6 |
2011-03-18 | CVE-2011-1148 | PHP | Resource Management Errors vulnerability in PHP Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. | 7.5 |
2011-03-16 | CVE-2011-1153 | PHP | USE of Externally-Controlled Format String vulnerability in PHP Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. | 7.5 |
2011-03-16 | CVE-2011-0751 | Nazgul | Path Traversal vulnerability in Nazgul Nostromo Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | 7.5 |
2011-03-16 | CVE-2011-0322 | RSA | Security Bypass vulnerability in RSA Access Manager Server Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors. | 7.5 |
2011-03-15 | CVE-2011-1092 | PHP | Numeric Errors vulnerability in PHP Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. | 7.5 |
2011-03-14 | CVE-2011-0432 | Simon Pamies | SQL Injection vulnerability in Simon Pamies Pywebdav Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. | 7.5 |
47 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-20 | CVE-2011-1025 | Openldap | Improper Authentication vulnerability in Openldap bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password. | 6.8 |
2011-03-16 | CVE-2011-1432 | SCO | Unspecified vulnerability in SCO Scoofficeserver The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
2011-03-16 | CVE-2011-1431 | Frederik Vermeulen | Unspecified vulnerability in Frederik Vermeulen Netqmail 1.06 The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
2011-03-16 | CVE-2011-1430 | Ipswitch | Improper Input Validation vulnerability in Ipswitch Imail The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
2011-03-16 | CVE-2011-0411 | Postfix | Permissions, Privileges, and Access Controls vulnerability in Postfix The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. | 6.8 |
2011-03-15 | CVE-2011-1147 | Digium | Buffer Errors vulnerability in Digium Asterisk, Asterisknow and S800I Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet. | 6.8 |
2011-03-15 | CVE-2011-0438 | Arthurdejong | Improper Authentication vulnerability in Arthurdejong Nss-Pam-Ldapd 0.8.0 nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication. | 6.8 |
2011-03-18 | CVE-2010-4763 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections. | 6.5 |
2011-03-18 | CVE-2008-7279 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors. | 6.5 |
2011-03-18 | CVE-2008-7277 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets. | 6.5 |
2011-03-18 | CVE-2010-4768 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions. | 6.0 |
2011-03-18 | CVE-2008-7283 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions. | 6.0 |
2011-03-16 | CVE-2011-1429 | Mutt | Improper Input Validation vulnerability in Mutt Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. | 5.8 |
2011-03-15 | CVE-2011-0695 | Linux Redhat Canonical | Race Condition vulnerability in multiple products Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. | 5.7 |
2011-03-20 | CVE-2011-1467 | PHP | Denial of Service vulnerability in PHP 'Intl' Extension 'NumberFormatter::setSymbol()' Function Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. | 5.0 |
2011-03-20 | CVE-2011-1466 | PHP | Numeric Errors vulnerability in PHP Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. | 5.0 |
2011-03-20 | CVE-2011-1465 | Unspecified vulnerability in Google Chrome The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream. | 5.0 | |
2011-03-20 | CVE-2011-1081 | Openldap | Resource Management Errors vulnerability in Openldap modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. | 5.0 |
2011-03-18 | CVE-2011-1433 | Otrs | Cryptographic Issues vulnerability in Otrs The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. | 5.0 |
2011-03-18 | CVE-2010-4767 | Otrs | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox. | 5.0 |
2011-03-18 | CVE-2010-4764 | Otrs | Credentials Management vulnerability in Otrs Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature. | 5.0 |
2011-03-18 | CVE-2009-5057 | Otrs | Cryptographic Issues vulnerability in Otrs The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. | 5.0 |
2011-03-18 | CVE-2008-7280 | Otrs | Improper Input Validation vulnerability in Otrs Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message. | 5.0 |
2011-03-18 | CVE-2008-7278 | Otrs | Improper Input Validation vulnerability in Otrs The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. | 5.0 |
2011-03-15 | CVE-2011-0063 | MJ2 | Path Traversal vulnerability in MJ2 Majordomo 2 The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. | 5.0 |
2011-03-18 | CVE-2010-4765 | Otrs | Race Condition vulnerability in Otrs Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets. | 4.9 |
2011-03-20 | CVE-2011-1024 | Openldap | Permissions, Privileges, and Access Controls vulnerability in Openldap chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. | 4.6 |
2011-03-18 | CVE-2008-7282 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors. | 4.6 |
2011-03-18 | CVE-2008-7276 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value. | 4.6 |
2011-03-20 | CVE-2011-1470 | PHP | Improper Input Validation vulnerability in PHP The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. | 4.3 |
2011-03-20 | CVE-2011-1469 | PHP | Remote Denial of Service vulnerability in PHP Stream Component Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. | 4.3 |
2011-03-20 | CVE-2011-1468 | PHP | Resource Management Errors vulnerability in PHP Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. | 4.3 |
2011-03-20 | CVE-2011-1464 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. | 4.3 |
2011-03-20 | CVE-2011-0708 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. | 4.3 |
2011-03-20 | CVE-2011-0421 | PHP | Denial Of Service vulnerability in libzip '_zip_name_locate()' NULL Pointer Dereference The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. | 4.3 |
2011-03-18 | CVE-2010-4766 | Otrs | Improper Input Validation vulnerability in Otrs The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. | 4.3 |
2011-03-18 | CVE-2008-7281 | Otrs | Information Exposure vulnerability in Otrs Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field. | 4.3 |
2011-03-18 | CVE-2008-7275 | Otrs | Cross-Site Scripting vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView. | 4.3 |
2011-03-16 | CVE-2011-1094 | Redhat | Improper Input Validation vulnerability in Redhat Kdelibs kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. | 4.3 |
2011-03-15 | CVE-2011-1427 | Kodak | Cross-Site Scripting vulnerability in Kodak Insite 5.5.2 Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp. | 4.3 |
2011-03-15 | CVE-2011-0457 | E107 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-03-15 | CVE-2010-4757 | E107 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. | 4.3 |
2011-03-14 | CVE-2011-0280 | HP | Cross-Site Scripting vulnerability in HP Power Manager Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. | 4.3 |
2011-03-18 | CVE-2010-4761 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog. | 4.0 |
2011-03-18 | CVE-2010-4759 | Otrs | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search. | 4.0 |
2011-03-16 | CVE-2011-0745 | Sugarcrm | Improper Input Validation vulnerability in Sugarcrm SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | 4.0 |
2011-03-14 | CVE-2011-0701 | Wordpress | Information Exposure vulnerability in Wordpress wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-18 | CVE-2010-4762 | Otrs | Cross-Site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface. | 3.5 |
2011-03-18 | CVE-2010-4760 | Otrs | Information Exposure vulnerability in Otrs Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. | 3.5 |
2011-03-18 | CVE-2009-5055 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. | 3.5 |
2011-03-16 | CVE-2011-0442 | EMC | Cryptographic Issues vulnerability in EMC Avamar The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network. | 3.5 |
2011-03-14 | CVE-2011-0700 | Wordpress | Cross-Site Scripting vulnerability in Wordpress Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. | 3.5 |
2011-03-18 | CVE-2009-5056 | Otrs | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list. | 2.1 |
2011-03-18 | CVE-2010-4758 | Otrs | Cryptographic Issues vulnerability in Otrs installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | 1.9 |