Weekly Vulnerabilities Reports > March 14 to 20, 2011

Overview

72 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 46 products from 34 vendors including Otrs, PHP, Redhat, Openldap, and Apache. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Resource Management Errors", and "Numeric Errors".

  • 68 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 52 reported vulnerabilities are exploitable by an anonymous user.
  • Otrs has the most reported vulnerabilities, with 24 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-16 CVE-2011-0889 HP Remote Code Execution vulnerability in HP Client Automation

Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2011-03-15 CVE-2011-0609 Adobe
Apple
Linux
Microsoft
Oracle
Google
Remote Memory Corruption vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

9.3

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-16 CVE-2011-0648 EMC Remote Privilege Escalation vulnerability in EMC Avamar (CVE-2011-0648)

Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.

8.5
2011-03-20 CVE-2011-0284 MIT Resource Management Errors vulnerability in MIT Kerberos 5

Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.

7.6
2011-03-18 CVE-2011-1148 PHP Resource Management Errors vulnerability in PHP

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

7.5
2011-03-16 CVE-2011-1153 PHP USE of Externally-Controlled Format String vulnerability in PHP

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.

7.5
2011-03-16 CVE-2011-0751 Nazgul Path Traversal vulnerability in Nazgul Nostromo

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.

7.5
2011-03-16 CVE-2011-0322 RSA Security Bypass vulnerability in RSA Access Manager Server

Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors.

7.5
2011-03-15 CVE-2011-1092 PHP Numeric Errors vulnerability in PHP

Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.

7.5
2011-03-14 CVE-2011-0432 Simon Pamies SQL Injection vulnerability in Simon Pamies Pywebdav

Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument.

7.5

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-15 CVE-2011-1146 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt 0.8.8

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.

6.9
2011-03-20 CVE-2011-1025 Openldap Improper Authentication vulnerability in Openldap

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

6.8
2011-03-16 CVE-2011-1432 SCO Unspecified vulnerability in SCO Scoofficeserver

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

6.8
2011-03-16 CVE-2011-1431 Frederik Vermeulen Unspecified vulnerability in Frederik Vermeulen Netqmail 1.06

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

6.8
2011-03-16 CVE-2011-1430 Ipswitch Improper Input Validation vulnerability in Ipswitch Imail

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

6.8
2011-03-16 CVE-2011-0411 Postfix Permissions, Privileges, and Access Controls vulnerability in Postfix

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

6.8
2011-03-15 CVE-2011-1147 Digium Buffer Errors vulnerability in Digium Asterisk, Asterisknow and S800I

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.

6.8
2011-03-15 CVE-2011-0438 Arthurdejong Improper Authentication vulnerability in Arthurdejong Nss-Pam-Ldapd 0.8.0

nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.

6.8
2011-03-18 CVE-2010-4763 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.

6.5
2011-03-18 CVE-2008-7279 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors.

6.5
2011-03-18 CVE-2008-7277 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.

6.5
2011-03-18 CVE-2010-4768 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.

6.0
2011-03-18 CVE-2008-7283 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.

6.0
2011-03-16 CVE-2011-1429 Mutt Improper Input Validation vulnerability in Mutt

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

5.8
2011-03-16 CVE-2011-1428 Flashtux Improper Input Validation vulnerability in Flashtux Weechat

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

5.8
2011-03-14 CVE-2011-1419 Apache Unspecified vulnerability in Apache Tomcat

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

5.8
2011-03-14 CVE-2011-1088 Apache Unspecified vulnerability in Apache Tomcat

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

5.8
2011-03-15 CVE-2011-0695 Linux
Redhat
Canonical
Race Condition vulnerability in multiple products

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

5.7
2011-03-20 CVE-2011-1467 PHP Denial of Service vulnerability in PHP 'Intl' Extension 'NumberFormatter::setSymbol()' Function

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

5.0
2011-03-20 CVE-2011-1466 PHP Numeric Errors vulnerability in PHP

Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.

5.0
2011-03-20 CVE-2011-1465 Google Unspecified vulnerability in Google Chrome

The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.

5.0
2011-03-20 CVE-2011-1081 Openldap Resource Management Errors vulnerability in Openldap

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

5.0
2011-03-20 CVE-2011-1027 Lars Hjemli Numeric Errors vulnerability in Lars Hjemli Cgit

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

5.0
2011-03-18 CVE-2011-1433 Otrs Cryptographic Issues vulnerability in Otrs

The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.

5.0
2011-03-18 CVE-2010-4767 Otrs Improper Input Validation vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.

5.0
2011-03-18 CVE-2010-4764 Otrs Credentials Management vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.

5.0
2011-03-18 CVE-2009-5057 Otrs Cryptographic Issues vulnerability in Otrs

The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

5.0
2011-03-18 CVE-2008-7280 Otrs Improper Input Validation vulnerability in Otrs

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message.

5.0
2011-03-18 CVE-2008-7278 Otrs Improper Input Validation vulnerability in Otrs

The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

5.0
2011-03-15 CVE-2011-0063 MJ2 Path Traversal vulnerability in MJ2 Majordomo 2

The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce ..

5.0
2011-03-15 CVE-2011-0001 Zaal Resource Management Errors vulnerability in Zaal TGT

Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login.

5.0
2011-03-18 CVE-2010-4765 Otrs Race Condition vulnerability in Otrs

Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.

4.9
2011-03-20 CVE-2011-1024 Openldap Permissions, Privileges, and Access Controls vulnerability in Openldap

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.

4.6
2011-03-18 CVE-2008-7282 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.

4.6
2011-03-18 CVE-2008-7276 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.

4.6
2011-03-20 CVE-2011-1471 PHP Numeric Errors vulnerability in PHP

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

4.3
2011-03-20 CVE-2011-1470 PHP Improper Input Validation vulnerability in PHP

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

4.3
2011-03-20 CVE-2011-1469 PHP Remote Denial of Service vulnerability in PHP Stream Component

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.

4.3
2011-03-20 CVE-2011-1468 PHP Resource Management Errors vulnerability in PHP

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.

4.3
2011-03-20 CVE-2011-1464 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.

4.3
2011-03-20 CVE-2011-0708 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

4.3
2011-03-20 CVE-2011-0421 PHP Denial Of Service vulnerability in libzip '_zip_name_locate()' NULL Pointer Dereference

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

4.3
2011-03-18 CVE-2010-4766 Otrs Improper Input Validation vulnerability in Otrs

The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client.

4.3
2011-03-18 CVE-2008-7281 Otrs Information Exposure vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.

4.3
2011-03-18 CVE-2008-7275 Otrs Cross-Site Scripting vulnerability in Otrs

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView.

4.3
2011-03-16 CVE-2011-1094 Redhat Improper Input Validation vulnerability in Redhat Kdelibs

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.

4.3
2011-03-15 CVE-2011-1427 Kodak Cross-Site Scripting vulnerability in Kodak Insite 5.5.2

Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.

4.3
2011-03-15 CVE-2011-0457 E107 Cross-Site Scripting vulnerability in E107

Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-03-15 CVE-2010-4757 E107 Cross-Site Scripting vulnerability in E107

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208.

4.3
2011-03-14 CVE-2011-0280 HP Cross-Site Scripting vulnerability in HP Power Manager

Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp.

4.3
2011-03-18 CVE-2010-4761 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.

4.0
2011-03-18 CVE-2010-4759 Otrs Improper Input Validation vulnerability in Otrs

Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.

4.0
2011-03-16 CVE-2011-0745 Sugarcrm Improper Input Validation vulnerability in Sugarcrm

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

4.0
2011-03-14 CVE-2011-1091 Pidgin Denial of Service vulnerability in Libpurple Yahoo Protocol 'YMSG' NULL Pointer Dereference

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.

4.0
2011-03-14 CVE-2011-0701 Wordpress Information Exposure vulnerability in Wordpress

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-18 CVE-2010-4762 Otrs Cross-Site Scripting vulnerability in Otrs

Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.

3.5
2011-03-18 CVE-2010-4760 Otrs Information Exposure vulnerability in Otrs

Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.

3.5
2011-03-18 CVE-2009-5055 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

3.5
2011-03-16 CVE-2011-0442 EMC Cryptographic Issues vulnerability in EMC Avamar

The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.

3.5
2011-03-14 CVE-2011-0700 Wordpress Cross-Site Scripting vulnerability in Wordpress

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.

3.5
2011-03-18 CVE-2009-5056 Otrs Improper Input Validation vulnerability in Otrs

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

2.1
2011-03-18 CVE-2010-4758 Otrs Cryptographic Issues vulnerability in Otrs

installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.

1.9