Weekly Vulnerabilities Reports > April 4 to 10, 2011

Overview

80 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 70 products from 49 vendors including Linux, GNU, IBM, HP, and Drupal. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 60 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities have public exploit available.
  • 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • 7T has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-04-10 CVE-2011-0994 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell File Reporter

Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.

10.0
2011-04-05 CVE-2011-1568 7T USE of Externally-Controlled Format String vulnerability in 7T Igss

Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG.

10.0
2011-04-05 CVE-2011-1567 7T Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 7T Igss

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.

10.0
2011-04-05 CVE-2011-1566 7T Path Traversal vulnerability in 7T Igss

Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.

10.0
2011-04-05 CVE-2011-1565 7T Path Traversal vulnerability in 7T Igss

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.

10.0
2011-04-05 CVE-2011-1564 Realflex Numeric Errors vulnerability in Realflex Realwin 1.06/2.0/2.1

Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.

10.0
2011-04-05 CVE-2011-1563 Realflex Buffer Errors vulnerability in Realflex Realwin 1.06/2.0/2.1

Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910.

10.0
2011-04-05 CVE-2011-1559 IBM Remote Security vulnerability in IBM Webi 1.0.4

Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors.

10.0
2011-04-04 CVE-2010-4235 Realnetworks USE of Externally-Controlled Format String vulnerability in Realnetworks Helix Mobile Server and Helix Server

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

10.0
2011-04-08 CVE-2011-0465 Matthias Hopf
X
Improper Input Validation vulnerability in multiple products

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

9.3
2011-04-06 CVE-2011-1525 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer

Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.

9.3
2011-04-05 CVE-2011-1560 IBM Credentials Management vulnerability in IBM Soliddb

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

9.3
2011-04-04 CVE-2010-4596 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Helix Mobile Server and Helix Server

Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request.

9.3

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-04-10 CVE-2011-1667 Xmedien SQL Injection vulnerability in Xmedien Anzeigenmarkt 2011

SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action.

7.5
2011-04-10 CVE-2011-1663 Icanlocalize
Drupal
SQL Injection vulnerability in Icanlocalize Translation Management

SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2011-04-08 CVE-2011-0997 ISC
Debian
Canonical
Improper Input Validation vulnerability in multiple products

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

7.5
2011-04-07 CVE-2010-4782 Softwebsnepal SQL Injection vulnerability in Softwebsnepal Ananda Real Estate 3.4

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.

7.5
2011-04-07 CVE-2010-4780 Enanocms SQL Injection vulnerability in Enanocms Enano CMS

SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php.

7.5
2011-04-05 CVE-2011-1562 Ecava SQL Injection vulnerability in Ecava Integraxor 3.5.3900.10/3.5.3900.5/3.6.4000.0

Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request.

7.5
2011-04-04 CVE-2011-1557 Icloudcenter SQL Injection vulnerability in Icloudcenter Icjobsite 1.1

SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546.

7.5
2011-04-04 CVE-2011-1546 Aphpkb SQL Injection vulnerability in Aphpkb

Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php.

7.5
2011-04-10 CVE-2011-0765 Pwhois Privilege Escalation vulnerability in Pwhois Layer Four Traceroute 3.0/3.1/3.2

Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) 3.x before 3.3 allows local users to gain privileges via a crafted command line.

7.2

47 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-04-08 CVE-2011-0536 GNU
Redhat
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library.
6.9
2011-04-04 CVE-2011-1126 Vmware
Linux
Permissions, Privileges, and Access Controls vulnerability in VMWare VIX API and Workstation

VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.

6.9
2011-04-04 CVE-2011-0468 Opensuse Permissions, Privileges, and Access Controls vulnerability in Opensuse 11.3/11.4

The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.

6.9
2011-04-10 CVE-2011-1674 Netgear Improper Authentication vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware

The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.

6.8
2011-04-10 CVE-2011-1664 Icanlocalize
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Icanlocalize Translation Management

Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2011-04-07 CVE-2010-4784 Phpwebscripts SQL Injection vulnerability in PHPwebscripts Easy Banner Free 2009.05.18

Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

6.8
2011-04-05 CVE-2011-1561 IBM Improper Authentication vulnerability in IBM AIX 6.1

The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password.

6.8
2011-04-04 CVE-2011-1556 Aphpkb SQL Injection vulnerability in Aphpkb 0.95.4

SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.

6.8
2011-04-04 CVE-2011-1555 Aphpkb SQL Injection vulnerability in Aphpkb

SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546.

6.8
2011-04-10 CVE-2011-0466 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Opensuse Build Service

The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors.

6.4
2011-04-04 CVE-2011-0461 Opensuse Link Following vulnerability in Opensuse 11.2/11.3

/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.

6.3
2011-04-10 CVE-2011-1095 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Glibc

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

6.2
2011-04-08 CVE-2011-1183 Apache Unspecified vulnerability in Apache Tomcat 7.0.11

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application.

5.8
2011-04-08 CVE-2011-1492 Roundcube Improper Input Validation vulnerability in Roundcube Webmail

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

5.5
2011-04-04 CVE-2011-0894 HP Unspecified vulnerability in HP Operations 9.10

Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors.

5.5
2011-04-08 CVE-2011-1071 GNU Resource Management Errors vulnerability in GNU Eglibc and Glibc

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

5.1
2011-04-04 CVE-2011-1425 Aleksey
Apple
Permissions, Privileges, and Access Controls vulnerability in multiple products

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

5.1
2011-04-10 CVE-2011-1673 Netgear Cryptographic Issues vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware

BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file.

5.0
2011-04-10 CVE-2011-1672 Dell Information Exposure vulnerability in Dell Kace K2000 Systems Deployment Appliance

The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password.

5.0
2011-04-10 CVE-2011-1669 Mikoviny
Wordpress
Path Traversal vulnerability in Mikoviny WP Custom Pages 0.5.0.1

Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.

5.0
2011-04-10 CVE-2011-1666 Metaways Information Exposure vulnerability in Metaways Tine 2.0

Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path.

5.0
2011-04-10 CVE-2011-1665 Phpboost Permissions, Privileges, and Access Controls vulnerability in PHPboost 3.0

PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/.

5.0
2011-04-10 CVE-2011-1661 Nicholas Thompson
Drupal
Permissions, Privileges, and Access Controls vulnerability in Nicholas Thompson Node Quick Find 6.X1.1

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

5.0
2011-04-08 CVE-2011-1659 GNU Numeric Errors vulnerability in GNU Glibc

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

5.0
2011-04-08 CVE-2011-1475 Apache Improper Input Validation vulnerability in Apache Tomcat

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

5.0
2011-04-07 CVE-2010-4781 Enanocms Information Exposure vulnerability in Enanocms Enano CMS

index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.

5.0
2011-04-06 CVE-2011-1652 Microsoft Configuration vulnerability in Microsoft Windows 7

** DISPUTED ** The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems.

5.0
2011-04-05 CVE-2011-1569 Douran Information Exposure vulnerability in Douran Portal 3.9.7.8

download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.

5.0
2011-04-04 CVE-2011-0951 Cisco Credentials Management vulnerability in Cisco Secure Access Control System

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

5.0
2011-04-04 CVE-2011-1083 Linux
Suse
Redhat
Resource Exhaustion vulnerability in multiple products

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

4.9
2011-04-04 CVE-2011-1082 Linux Resource Exhaustion vulnerability in Linux Kernel

fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

4.9
2011-04-10 CVE-2011-1677 Linux Unspecified vulnerability in Linux Util-Linux

mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.

4.6
2011-04-10 CVE-2011-1680 Ncpfs Permissions, Privileges, and Access Controls vulnerability in Ncpfs

ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.

4.4
2011-04-04 CVE-2011-0891 HP Local Denial Of Service vulnerability in HP Hp-Ux B.11.23/B.11.31

Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.

4.4
2011-04-10 CVE-2011-1671 Getontracks Cross-Site Scripting vulnerability in Getontracks Tracks 1.7.2/2.0

Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/.

4.3
2011-04-10 CVE-2011-1670 A Kulikov Cross-Site Scripting vulnerability in A.Kulikov Interra Blog Machine 1.84

Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.

4.3
2011-04-10 CVE-2011-1668 Awcm CMS Cross-Site Scripting vulnerability in Awcm-Cms AR web Content Manager 2.1/2.2

Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2011-04-10 CVE-2011-1662 Icanlocalize
Drupal
Cross-Site Scripting vulnerability in Icanlocalize Translation Management

Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-04-10 CVE-2011-1660 Grapecity Cross-Site Scripting vulnerability in Grapecity Data Dynamics Reports

Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.

4.3
2011-04-10 CVE-2011-0462 Novell Cross-Site Scripting vulnerability in Novell Opensuse Build Service

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-04-07 CVE-2010-4779 Bravenewcode
Wordpress
Cross-Site Scripting vulnerability in Bravenewcode Wptouch 1.9.19.4/1.9.20

Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php.

4.3
2011-04-05 CVE-2011-1558 IBM Cross-Site Scripting vulnerability in IBM Webi 1.0.4

Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242.

4.3
2011-04-04 CVE-2011-0893 HP Cross-Site Scripting vulnerability in HP Operations 9.10

Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-04-04 CVE-2010-4778 Horde Cross-Site Scripting vulnerability in Horde Groupware and IMP

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695.

4.3
2011-04-04 CVE-2010-3693 Horde Cross-Site Scripting vulnerability in Horde Dynamic IMP and Groupware

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

4.3
2011-04-04 CVE-2010-3447 Horde Cross-Site Scripting vulnerability in Horde Gollem

Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.

4.3
2011-04-06 CVE-2011-0895 HP Information Disclosure vulnerability in HP Network Node Manager i

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-04-08 CVE-2011-1658 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Glibc

ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536.

3.7
2011-04-08 CVE-2011-1491 Roundcube Improper Input Validation vulnerability in Roundcube Webmail

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.

3.5
2011-04-10 CVE-2011-1681 Vmware Configuration vulnerability in VMWare Open-Vm-Tools

vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

3.3
2011-04-10 CVE-2011-1679 Ncpfs Improper Input Validation vulnerability in Ncpfs

ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

3.3
2011-04-10 CVE-2011-1678 Samba Improper Input Validation vulnerability in Samba

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

3.3
2011-04-10 CVE-2011-1676 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Util-Linux

mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.

3.3
2011-04-10 CVE-2011-1675 Linux Resource Management Errors vulnerability in Linux Util-Linux

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

3.3
2011-04-10 CVE-2011-1089 GNU Configuration vulnerability in GNU Glibc

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

3.3
2011-04-07 CVE-2010-4783 Phpwebscripts Cross-Site Scripting vulnerability in PHPwebscripts Easy Banner Free 2009.05.18

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.

2.6
2011-04-10 CVE-2011-1163 Linux
Suse
Redhat
Improper Input Validation vulnerability in multiple products

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

2.1
2011-04-10 CVE-2011-0463 Linux
Canonical
Improper Input Validation vulnerability in multiple products

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

2.1