Weekly Vulnerabilities Reports > April 4 to 10, 2011
Overview
70 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 64 products from 47 vendors including Linux, HP, IBM, Drupal, and 7T. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 55 reported vulnerabilities are remotely exploitables.
- 18 reported vulnerabilities have public exploit available.
- 29 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 65 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 5 reported vulnerabilities.
- 7T has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-10 | CVE-2011-0994 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell File Reporter Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data. | 10.0 |
2011-04-05 | CVE-2011-1568 | 7T | USE of Externally-Controlled Format String vulnerability in 7T Igss Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. | 10.0 |
2011-04-05 | CVE-2011-1567 | 7T | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 7T Igss Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401. | 10.0 |
2011-04-05 | CVE-2011-1566 | 7T | Path Traversal vulnerability in 7T Igss Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397. | 10.0 |
2011-04-05 | CVE-2011-1565 | 7T | Path Traversal vulnerability in 7T Igss Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401. | 10.0 |
2011-04-05 | CVE-2011-1564 | Realflex | Numeric Errors vulnerability in Realflex Realwin 1.06/2.0/2.1 Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow. | 10.0 |
2011-04-05 | CVE-2011-1563 | Realflex | Buffer Errors vulnerability in Realflex Realwin 1.06/2.0/2.1 Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910. | 10.0 |
2011-04-05 | CVE-2011-1559 | IBM | Remote Security vulnerability in IBM Webi 1.0.4 Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors. | 10.0 |
2011-04-04 | CVE-2010-4235 | Realnetworks | USE of Externally-Controlled Format String vulnerability in Realnetworks Helix Mobile Server and Helix Server Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. | 10.0 |
2011-04-08 | CVE-2011-0465 | Matthias Hopf X | Improper Input Validation vulnerability in multiple products xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. | 9.3 |
2011-04-06 | CVE-2011-1525 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. | 9.3 |
2011-04-05 | CVE-2011-1560 | IBM | Credentials Management vulnerability in IBM Soliddb solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value. | 9.3 |
2011-04-04 | CVE-2010-4596 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Helix Mobile Server and Helix Server Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. | 9.3 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-10 | CVE-2011-1667 | Xmedien | SQL Injection vulnerability in Xmedien Anzeigenmarkt 2011 SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action. | 7.5 |
2011-04-10 | CVE-2011-1663 | Icanlocalize Drupal | SQL Injection vulnerability in Icanlocalize Translation Management SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-04-08 | CVE-2011-0997 | ISC Debian Canonical | Improper Input Validation vulnerability in multiple products dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | 7.5 |
2011-04-07 | CVE-2010-4782 | Softwebsnepal | SQL Injection vulnerability in Softwebsnepal Ananda Real Estate 3.4 Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807. | 7.5 |
2011-04-07 | CVE-2010-4780 | Enanocms | SQL Injection vulnerability in Enanocms Enano CMS SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. | 7.5 |
2011-04-04 | CVE-2011-1557 | Icloudcenter | SQL Injection vulnerability in Icloudcenter Icjobsite 1.1 SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. | 7.5 |
2011-04-04 | CVE-2011-1546 | Aphpkb | SQL Injection vulnerability in Aphpkb Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. | 7.5 |
2011-04-10 | CVE-2011-0765 | Pwhois | Privilege Escalation vulnerability in Pwhois Layer Four Traceroute 3.0/3.1/3.2 Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) 3.x before 3.3 allows local users to gain privileges via a crafted command line. | 7.2 |
40 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-04 | CVE-2011-1126 | Vmware Linux | Permissions, Privileges, and Access Controls vulnerability in VMWare VIX API and Workstation VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory. | 6.9 |
2011-04-04 | CVE-2011-0468 | Opensuse | Permissions, Privileges, and Access Controls vulnerability in Opensuse 11.3/11.4 The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion. | 6.9 |
2011-04-10 | CVE-2011-1674 | Netgear | Improper Authentication vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. | 6.8 |
2011-04-10 | CVE-2011-1664 | Icanlocalize Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Icanlocalize Translation Management Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2011-04-07 | CVE-2010-4784 | Phpwebscripts | SQL Injection vulnerability in PHPwebscripts Easy Banner Free 2009.05.18 Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 6.8 |
2011-04-05 | CVE-2011-1561 | IBM | Improper Authentication vulnerability in IBM AIX 6.1 The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | 6.8 |
2011-04-04 | CVE-2011-1556 | Aphpkb | SQL Injection vulnerability in Aphpkb 0.95.4 SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter. | 6.8 |
2011-04-04 | CVE-2011-1555 | Aphpkb | SQL Injection vulnerability in Aphpkb SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. | 6.8 |
2011-04-10 | CVE-2011-0466 | Novell | Permissions, Privileges, and Access Controls vulnerability in Novell Opensuse Build Service The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. | 6.4 |
2011-04-04 | CVE-2011-0461 | Opensuse | Link Following vulnerability in Opensuse 11.2/11.3 /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | 6.3 |
2011-04-08 | CVE-2011-1492 | Roundcube | Improper Input Validation vulnerability in Roundcube Webmail steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request. | 5.5 |
2011-04-04 | CVE-2011-0894 | HP | Unspecified vulnerability in HP Operations 9.10 Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors. | 5.5 |
2011-04-04 | CVE-2011-1425 | Aleksey Apple | Permissions, Privileges, and Access Controls vulnerability in multiple products xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. | 5.1 |
2011-04-10 | CVE-2011-1673 | Netgear | Cryptographic Issues vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. | 5.0 |
2011-04-10 | CVE-2011-1672 | Dell | Information Exposure vulnerability in Dell Kace K2000 Systems Deployment Appliance The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password. | 5.0 |
2011-04-10 | CVE-2011-1669 | Mikoviny Wordpress | Path Traversal vulnerability in Mikoviny WP Custom Pages 0.5.0.1 Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | 5.0 |
2011-04-10 | CVE-2011-1666 | Metaways | Information Exposure vulnerability in Metaways Tine 2.0 Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path. | 5.0 |
2011-04-10 | CVE-2011-1665 | Phpboost | Permissions, Privileges, and Access Controls vulnerability in PHPboost 3.0 PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/. | 5.0 |
2011-04-10 | CVE-2011-1661 | Nicholas Thompson Drupal | Permissions, Privileges, and Access Controls vulnerability in Nicholas Thompson Node Quick Find 6.X1.1 The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature. | 5.0 |
2011-04-08 | CVE-2011-1475 | Apache | Improper Input Validation vulnerability in Apache Tomcat The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | 5.0 |
2011-04-07 | CVE-2010-4781 | Enanocms | Information Exposure vulnerability in Enanocms Enano CMS index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message. | 5.0 |
2011-04-05 | CVE-2011-1569 | Douran | Information Exposure vulnerability in Douran Portal 3.9.7.8 download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter. | 5.0 |
2011-04-04 | CVE-2011-0951 | Cisco | Credentials Management vulnerability in Cisco Secure Access Control System The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. | 5.0 |
2011-04-04 | CVE-2011-1083 | Linux Suse Redhat | Resource Exhaustion vulnerability in multiple products The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. | 4.9 |
2011-04-10 | CVE-2011-1677 | Linux | Unspecified vulnerability in Linux Util-Linux mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. | 4.6 |
2011-04-10 | CVE-2011-1680 | Ncpfs | Permissions, Privileges, and Access Controls vulnerability in Ncpfs ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. | 4.4 |
2011-04-04 | CVE-2011-0891 | HP | Local Denial Of Service vulnerability in HP Hp-Ux B.11.23/B.11.31 Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors. | 4.4 |
2011-04-10 | CVE-2011-1671 | Getontracks | Cross-Site Scripting vulnerability in Getontracks Tracks 1.7.2/2.0 Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. | 4.3 |
2011-04-10 | CVE-2011-1670 | A Kulikov | Cross-Site Scripting vulnerability in A.Kulikov Interra Blog Machine 1.84 Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit. | 4.3 |
2011-04-10 | CVE-2011-1668 | Awcm CMS | Cross-Site Scripting vulnerability in Awcm-Cms AR web Content Manager 2.1/2.2 Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2011-04-10 | CVE-2011-1662 | Icanlocalize Drupal | Cross-Site Scripting vulnerability in Icanlocalize Translation Management Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-04-10 | CVE-2011-1660 | Grapecity | Cross-Site Scripting vulnerability in Grapecity Data Dynamics Reports Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx. | 4.3 |
2011-04-10 | CVE-2011-0462 | Novell | Cross-Site Scripting vulnerability in Novell Opensuse Build Service Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-04-07 | CVE-2010-4779 | Bravenewcode Wordpress | Cross-Site Scripting vulnerability in Bravenewcode Wptouch 1.9.19.4/1.9.20 Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. | 4.3 |
2011-04-05 | CVE-2011-1558 | IBM | Cross-Site Scripting vulnerability in IBM Webi 1.0.4 Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. | 4.3 |
2011-04-04 | CVE-2011-0893 | HP | Cross-Site Scripting vulnerability in HP Operations 9.10 Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-04-04 | CVE-2010-4778 | Horde | Cross-Site Scripting vulnerability in Horde Groupware and IMP Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. | 4.3 |
2011-04-04 | CVE-2010-3693 | Horde | Cross-Site Scripting vulnerability in Horde Dynamic IMP and Groupware Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. | 4.3 |
2011-04-04 | CVE-2010-3447 | Horde | Cross-Site Scripting vulnerability in Horde Gollem Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action. | 4.3 |
2011-04-06 | CVE-2011-0895 | HP | Information Disclosure vulnerability in HP Network Node Manager i Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-04-08 | CVE-2011-1658 | GNU | Permissions, Privileges, and Access Controls vulnerability in GNU Glibc ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. | 3.7 |
2011-04-08 | CVE-2011-1491 | Roundcube | Improper Input Validation vulnerability in Roundcube Webmail The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue. | 3.5 |
2011-04-10 | CVE-2011-1681 | Vmware | Configuration vulnerability in VMWare Open-Vm-Tools vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
2011-04-10 | CVE-2011-1679 | Ncpfs | Improper Input Validation vulnerability in Ncpfs ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
2011-04-10 | CVE-2011-1678 | Samba | Improper Input Validation vulnerability in Samba smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
2011-04-10 | CVE-2011-1676 | Linux | Permissions, Privileges, and Access Controls vulnerability in Linux Util-Linux mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. | 3.3 |
2011-04-10 | CVE-2011-1675 | Linux | Resource Management Errors vulnerability in Linux Util-Linux mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
2011-04-10 | CVE-2011-1089 | GNU | Configuration vulnerability in GNU Glibc The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | 3.3 |
2011-04-07 | CVE-2010-4783 | Phpwebscripts | Cross-Site Scripting vulnerability in PHPwebscripts Easy Banner Free 2009.05.18 Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters. | 2.6 |