Vulnerability Summary for the Week of May 31, 2010

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bartels-schoene — conpresso SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-06-01 7.5 CVE-2010-2124
XF
BID
MISC
MISC
danny_ho — oes Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. 2010-06-02 7.5 CVE-2010-2132
XF
BID
MISC
emc — avamar Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP. 2010-05-28 7.1 CVE-2010-1919
VUPEN
BID
MISC
SECTRACK
SECUNIA
BUGTRAQ
giaard — proman PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. 2010-06-02 7.5 CVE-2010-2137
XF
MISC
MISC
gnu — glibc The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. 2010-06-01 7.2 CVE-2010-0296
CONFIRM
VUPEN
UBUNTU
CONFIRM
SECTRACK
SECUNIA
CONFIRM
google — chrome Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification’s requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors. 2010-05-28 10.0 CVE-2010-2105
CONFIRM
CONFIRM
google — chrome Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers. 2010-05-28 10.0 CVE-2010-2106
CONFIRM
CONFIRM
google — chrome Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality. 2010-05-28 10.0 CVE-2010-2107
CONFIRM
CONFIRM
google — chrome Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. 2010-05-28 10.0 CVE-2010-2108
CONFIRM
CONFIRM
google — chrome Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the “drag + drop” functionality. 2010-05-28 9.3 CVE-2010-2109
CONFIRM
CONFIRM
google — chrome Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. 2010-05-28 10.0 CVE-2010-2110
CONFIRM
CONFIRM
graviton-mediatech — visitor_logger PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. 2010-06-03 7.5 CVE-2010-2146
VUPEN
BID
MISC
harmistechnology — com_jequoteform Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. 2010-06-01 7.5 CVE-2010-2128
XF
BID
OSVDB
MISC
SECUNIA
hazelpress — hazelpress Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields. 2010-06-02 7.5 CVE-2010-2135
XF
MISC
MISC
http-solution — project_man Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. 2010-06-02 7.5 CVE-2010-2134
XF
MISC
intervations — filecopa Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-05-28 8.8 CVE-2010-2112
SECUNIA
OSVDB
justsystems — ichitaro Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to “product character attribute processing” for a document. 2010-06-03 9.3 CVE-2010-2152
CONFIRM
XF
VUPEN
BID
MISC
SECUNIA
OSVDB
JVNDB
JVN
jv2design — jv2_folder_gallery PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. 2010-06-01 7.5 CVE-2010-2127
XF
BID
MISC
MISC
mario_matzulla — cal SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. 2010-06-02 7.5 CVE-2010-2131
CONFIRM
CONFIRM
BID
SECUNIA
OSVDB
multishopcms — multishop_cms SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-06-02 7.5 CVE-2010-2139
SECUNIA
multishopcms — multishop_cms SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-06-02 7.5 CVE-2010-2140
SECUNIA
murat_ersoy — cyberhost SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-06-02 7.5 CVE-2010-2142
XF
BID
MISC
mylittleforum — my_little_forum SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942. 2010-06-02 7.5 CVE-2010-2133
XF
BID
MISC
MISC
nitropowered — nitro_web_gallery SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. 2010-06-02 7.5 CVE-2010-2141
XF
BID
MISC
MISC
nrl — opie Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. 2010-05-28 9.3 CVE-2010-1938
BID
MISC
SECTRACK
SREASON
SREASONRES
FREEBSD
SECUNIA
SECUNIA
MISC
openssl — openssl The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. 2010-06-03 7.5 CVE-2010-0742
VUPEN
CONFIRM
BID
CONFIRM
SECUNIA
SECUNIA
CONFIRM
CONFIRM
CONFIRM
richrumble — clearsite Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error. 2010-06-03 7.5 CVE-2010-2145
BID
BUGTRAQ
snipegallery — snipe_gallery Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php. 2010-06-01 7.5 CVE-2010-2126
XF
BID
MISC
MISC
symphony-cms — symphony_cms Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter. 2010-06-03 7.5 CVE-2010-2143
VUPEN
BID
MISC
MISC
unisoft — com_mycar SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. 2010-06-03 7.5 CVE-2010-2148
XF
MISC
VUPEN
BID
MISC
SECUNIA
OSVDB

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arisglobal — arisg Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. 2010-06-02 4.3 CVE-2010-2130
BID
BUGTRAQ
BUGTRAQ
SECUNIA
MISC
OSVDB
articlefriendly — article_friendly Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. 2010-06-02 6.8 CVE-2010-2136
XF
BID
MISC
SECUNIA
OSVDB
cmscout — cmscout Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information. 2010-06-03 4.3 CVE-2010-2154
XF
VUPEN
MISC
SECUNIA
OSVDB
freebsd — freebsd sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request. 2010-05-28 6.9 CVE-2010-2020
SECTRACK
FREEBSD
fujitsu — e-pares Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. 2010-06-03 4.0 CVE-2010-2149
BID
CONFIRM
SECUNIA
JVNDB
JVN
fujitsu — e-pares Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-06-03 4.3 CVE-2010-2150
BID
CONFIRM
SECUNIA
JVNDB
JVN
giaard — proman Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php. 2010-06-02 6.8 CVE-2010-2138
XF
MISC
MISC
gnu — glibc Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. 2010-06-01 5.0 CVE-2009-4880
BID
MISC
VUPEN
UBUNTU
CONFIRM
CONFIRM
SREASONRES
SECUNIA
gnu — glibc Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. 2010-06-01 5.0 CVE-2009-4881
CONFIRM
CONFIRM
gnu — glibc Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the –verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. 2010-06-01 5.1 CVE-2010-0830
BID
XF
VUPEN
UBUNTU
CONFIRM
SECTRACK
SECUNIA
CONFIRM
MISC
google — chrome Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. 2010-06-01 4.3 CVE-2010-2120
BUGTRAQ
MISC
harmistechnology — com_jeajaxeventcalendar Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. 2010-06-01 6.8 CVE-2010-2129
XF
MISC
BID
OSVDB
MISC
SECUNIA
MISC
joelrowley — com_simpledownload Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. 2010-06-01 6.8 CVE-2010-2122
CONFIRM
XF
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
MISC
linux — kernel The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. 2010-06-01 4.6 CVE-2010-1641
CONFIRM
MLIST
CONFIRM
XF
BID
MLIST
MLIST
MLIST
CONFIRM
mcafee — secure_mail The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. 2010-05-28 6.5 CVE-2010-2116
VUPEN
SECTRACK
MISC
SECUNIA
OSVDB
microsoft — ie Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. 2010-06-01 4.3 CVE-2010-2118
BUGTRAQ
MISC
microsoft — ie Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. 2010-06-01 4.3 CVE-2010-2119
BUGTRAQ
MISC
mozilla — firefox Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. 2010-06-01 4.3 CVE-2010-2117
BUGTRAQ
MISC
openssl — openssl RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. 2010-06-03 6.4 CVE-2010-1633
VUPEN
CONFIRM
BID
CONFIRM
SECUNIA
CONFIRM
CONFIRM
opera — opera_browser Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. 2010-06-01 4.3 CVE-2010-2121
BUGTRAQ
MISC
pacifictimesheet — pacific_timesheet Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action. 2010-05-28 4.3 CVE-2010-2111
XF
SECUNIA
OSVDB
MISC
solarwinds — tftp_server SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request. 2010-05-28 5.0 CVE-2010-2115
SECTRACK
MISC
SECUNIA
OSVDB
tecnick — tcexam Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. 2010-06-03 6.8 CVE-2010-2153
VUPEN
BID
MISC
SECUNIA
OSVDB
MISC
unisoft — com_mycar Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. 2010-06-03 4.3 CVE-2010-2147
XF
MISC
VUPEN
BID
MISC
SECUNIA
OSVDB
zeeways — ebay_clone_auction_script Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. 2010-06-03 4.3 CVE-2010-2144
VUPEN
BID
MISC
SECUNIA
MISC
OSVDB
zonecheck — zonecheck Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi. 2010-06-02 4.3 CVE-2009-4882
CONFIRM
CONFIRM
MISC
SECUNIA
CONFIRM
MISC
zonecheck — zonecheck Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882. 2010-06-03 4.3 CVE-2010-2155
CONFIRM
CONFIRM
CONFIRM
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
brekeke — pbx Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. 2010-05-28 2.6 CVE-2010-2114
SECUNIA
OSVDB
MISC
freebsd — freebsd jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the “-l -U root” options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations. 2010-05-28 3.3 CVE-2010-2022
VUPEN
BID
SECTRACK
FREEBSD
fujitsu — e-pares Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify “facility reservation data” via unknown vectors. 2010-06-03 2.6 CVE-2010-2151
BID
CONFIRM
SECUNIA
JVNDB
JVN
linux — kernel mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643. 2010-06-03 1.2 CVE-2008-7256
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — kernel mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. 2010-06-03 1.9 CVE-2010-1643
CONFIRM
XF
BID
MLIST
MLIST
CONFIRM
MISC
CONFIRM
speedtech — storm Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information. 2010-06-01 2.1 CVE-2010-2123
BID
CONFIRM
XF
OSVDB
SECUNIA
FULLDISC
systemseed — rotor Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with “create rotor item” or “edit any rotor item” privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. 2010-06-01 2.1 CVE-2010-2125
CONFIRM
XF
OSVDB
SECUNIA
uniformserver — uniformserver Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php. 2010-05-28 3.5 CVE-2010-2113
XF
SECUNIA
OSVDB
MISC

Back to top