Bulletin (SB11-024)
Vulnerability Summary for the Week of January 17, 2011
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
advantech -- advantech_studio |
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. | 2011-01-18 | 10.0 | CVE-2011-0488 MISC CERT-VN CONFIRM XF VUPEN VUPEN BID OSVDB MISC SECUNIA SECUNIA CONFIRM |
|
awbs -- advanced_webhost_billing_system |
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action. | 2011-01-20 | 7.5 | CVE-2011-0510 XF EXPLOIT-DB SECUNIA |
|
cakefoundation -- cakephp |
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files. | 2011-01-14 | 7.5 | CVE-2010-4335 CONFIRM OSVDB EXPLOIT-DB SREASON SECUNIA MISC MISC |
|
citrix -- access_gateway |
Unspecified vulnerability in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to bypass authentication and possibly execute arbitrary commands via unknown vectors. | 2011-01-14 | 9.3 | CVE-2010-4566 SECTRACK CONFIRM |
|
epromptc -- betmore_site_suite |
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter. | 2011-01-20 | 7.5 | CVE-2011-0516 XF BID EXPLOIT-DB SECUNIA CONFIRM |
|
fxwebdesign -- com_jradio |
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-01-20 | 7.5 | CVE-2010-4702 CONFIRM SECUNIA |
|
gallarific -- php_photo_gallery_script |
SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2011-01-20 | 7.5 | CVE-2011-0519 EXPLOIT-DB SECUNIA |
|
google -- chrome |
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2011-01-14 | 10.0 | CVE-2011-0471 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document. | 2011-01-14 | 9.3 | CVE-2011-0472 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 2011-01-14 | 10.0 | CVE-2011-0473 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 2011-01-14 | 10.0 | CVE-2011-0474 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document. | 2011-01-14 | 10.0 | CVE-2011-0475 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error. | 2011-01-14 | 10.0 | CVE-2011-0476 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors. | 2011-01-14 | 10.0 | CVE-2011-0477 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 2011-01-14 | 10.0 | CVE-2011-0478 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Multiple buffer overflows in the Vorbis decoder in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2011-01-14 | 9.3 | CVE-2011-0480 CONFIRM XF OSVDB CONFIRM |
|
google -- chrome |
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading. | 2011-01-14 | 9.3 | CVE-2011-0481 CONFIRM XF OSVDB CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | 2011-01-14 | 9.3 | CVE-2011-0482 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2011-01-14 | 10.0 | CVE-2011-0483 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node." | 2011-01-14 | 10.0 | CVE-2011-0484 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer." | 2011-01-14 | 10.0 | CVE-2011-0485 XF XF OSVDB CONFIRM CONFIRM |
|
hotwebscripts -- hotweb_rentals |
SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2011-01-20 | 7.5 | CVE-2010-4703 BID BUGTRAQ SECUNIA |
|
hp -- loadrunner |
Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature. | 2011-01-18 | 10.0 | CVE-2011-0272 XF VUPEN BID HP HP SECTRACK SECUNIA OSVDB |
|
hp -- linux_imaging_and_printing_project |
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. | 2011-01-20 | 7.5 | CVE-2010-4267 CONFIRM MISC XF VUPEN SECTRACK BID REDHAT SECUNIA SECUNIA |
|
hp -- data_protector_manager |
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530. | 2011-01-20 | 7.8 | CVE-2011-0514 VUPEN EXPLOIT-DB |
|
ibm -- tivoli_access_manager_for_e-business |
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622. | 2011-01-19 | 7.5 | CVE-2011-0494 XF VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM AIXAPAR AIXAPAR AIXAPAR AIXAPAR SECUNIA |
|
joomla -- joomla! |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. | 2011-01-18 | 7.5 | CVE-2010-4166 MISC MISC MISC SECUNIA MLIST MLIST CONFIRM FULLDISC |
|
joomla -- joomla! |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2011-01-18 | 7.5 | CVE-2010-4696 SECUNIA MLIST MLIST MISC |
|
joomtraders -- com_allcinevid |
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 2011-01-20 | 7.5 | CVE-2011-0511 BID EXPLOIT-DB SECUNIA MISC |
|
linux -- kernel |
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. | 2011-01-18 | 7.1 | CVE-2010-4263 CONFIRM CONFIRM MLIST MLIST CONFIRM BID CONFIRM |
|
microsoft -- windows_2003_server |
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. | 2011-01-20 | 7.2 | CVE-2010-2743 MS |
|
musanim -- music_animation_machine_midi_player |
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file. | 2011-01-20 | 9.3 | CVE-2011-0501 EXPLOIT-DB SECUNIA |
|
musanim -- music_animation_machine_midi_player |
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file. | 2011-01-20 | 9.3 | CVE-2011-0502 EXPLOIT-DB |
|
nokia -- multimedia_player |
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file. | 2011-01-20 | 9.3 | CVE-2011-0498 VUPEN EXPLOIT-DB SECUNIA OSVDB |
|
objectivity -- objectivity/db |
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information. | 2011-01-18 | 7.5 | CVE-2011-0489 CERT-VN XF VUPEN BID EXPLOIT-DB SECUNIA OSVDB |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager. | 2011-01-19 | 10.0 | CVE-2010-3510 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. | 2011-01-19 | 9.3 | CVE-2010-3591 VUPEN SECTRACK BID CONFIRM |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Internal Operations. | 2011-01-19 | 8.5 | CVE-2010-3592 VUPEN SECTRACK BID CONFIRM |
|
oracle -- argus_safety |
Unspecified vulnerability in the Health Sciences - Oracle Argus Safety component in Oracle Industry Applications 5.0, 5.0.1, 5.0.2, and 5.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Login and LDAP. | 2011-01-19 | 7.5 | CVE-2010-3593 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. | 2011-01-19 | 7.8 | CVE-2010-3595 VUPEN SECTRACK BID CONFIRM |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Import Export Utility. | 2011-01-19 | 7.1 | CVE-2010-3598 VUPEN SECTRACK BID CONFIRM |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. | 2011-01-19 | 9.4 | CVE-2010-3599 VUPEN SECTRACK BID CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2011-01-19 | 7.5 | CVE-2010-3600 VUPEN SECTRACK CONFIRM SECUNIA |
|
oracle -- beehive |
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code. | 2011-01-19 | 7.5 | CVE-2010-4417 MISC VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.11 through 8.50.15 and 8.51GA through 8.51.05 allows remote attackers to affect confidentiality, integrity, and availability, related to PIA Core Technology. | 2011-01-19 | 7.5 | CVE-2010-4418 SECTRACK BID CONFIRM SECUNIA |
|
oracle -- audit_vault |
Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700. | 2011-01-19 | 7.5 | CVE-2010-4449 MISC VUPEN SECTRACK BID CONFIRM SECUNIA |
|
php -- php |
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. | 2011-01-18 | 7.5 | CVE-2010-4699 CONFIRM MLIST CONFIRM |
|
securstar -- drivecrypt |
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL. | 2011-01-20 | 7.2 | CVE-2011-0513 VUPEN BID EXPLOIT-DB SECUNIA OSVDB |
|
sielcosistemi -- winlog_pro |
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823. | 2011-01-20 | 9.3 | CVE-2011-0517 XF VUPEN BID EXPLOIT-DB SECUNIA OSVDB MISC |
|
sun -- sunos |
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP. | 2011-01-19 | 7.8 | CVE-2010-2632 CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. | 2011-01-19 | 10.0 | CVE-2010-4435 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS. | 2011-01-19 | 7.8 | CVE-2010-4457 BID CONFIRM |
|
sybase -- appeon_for_powerbuilder |
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." | 2011-01-20 | 10.0 | CVE-2011-0496 XF VUPEN CONFIRM BID SECUNIA OSVDB |
|
sybase -- appeon_for_powerbuilder |
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via unknown vectors. | 2011-01-20 | 7.8 | CVE-2011-0497 XF VUPEN CONFIRM BID SECUNIA OSVDB |
|
symantec -- web_gateway |
SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. | 2011-01-14 | 7.5 | CVE-2010-0115 XF MISC VUPEN CONFIRM SECTRACK BID SECUNIA OSVDB |
|
tor -- tor |
Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | 2011-01-19 | 10.0 | CVE-2011-0427 CONFIRM CONFIRM MLIST XF VUPEN VUPEN SECTRACK BID DEBIAN SECUNIA SECUNIA |
|
verytools -- videospirit_lite |
Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "name" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2011-01-20 | 9.3 | CVE-2011-0499 SECUNIA SECUNIA |
|
verytools -- videospirit_lite |
Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "value" attribute, as demonstrated using a valitem with the mp3 name. | 2011-01-20 | 9.3 | CVE-2011-0500 EXPLOIT-DB SECUNIA SECUNIA |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
blackmoonftpserver -- blackmoon_ftp_server |
FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | 2011-01-20 | 4.3 | CVE-2011-0507 XF BID EXPLOIT-DB SECUNIA OSVDB |
|
catb -- gif2png |
Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. | 2011-01-14 | 6.8 | CVE-2009-5018 CONFIRM MLIST MLIST FULLDISC FEDORA CONFIRM CONFIRM VUPEN VUPEN VUPEN BID MANDRIVA GENTOO SECUNIA MLIST MLIST CONFIRM |
|
catb -- gif2png |
Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | 2011-01-14 | 6.8 | CVE-2010-4694 CONFIRM MLIST MLIST FEDORA CONFIRM CONFIRM CONFIRM CONFIRM XF VUPEN VUPEN VUPEN BID MANDRIVA GENTOO SECUNIA MLIST MLIST |
|
catb -- gif2png |
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | 2011-01-14 | 5.0 | CVE-2010-4695 CONFIRM MISC BID FEDORA CONFIRM CONFIRM |
|
contao -- contao_cms |
Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php. | 2011-01-20 | 4.3 | CVE-2011-0508 CONFIRM CONFIRM XF BUGTRAQ OSVDB SECUNIA CONFIRM |
|
digium -- asterisk |
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. | 2011-01-20 | 6.0 | CVE-2011-0495 MISC BID BUGTRAQ CONFIRM |
|
gnu -- gnash |
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. | 2011-01-14 | 4.4 | CVE-2010-4337 BID OSVDB SECUNIA MISC |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 2011-01-14 | 5.0 | CVE-2011-0470 XF OSVDB CONFIRM CONFIRM |
|
google -- chrome |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. | 2011-01-14 | 5.0 | CVE-2011-0479 XF OSVDB CONFIRM CONFIRM |
|
hastymail -- hastymail2 |
Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2011-01-18 | 5.0 | CVE-2009-5051 CONFIRM |
|
hastymail -- hastymail2 |
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter. | 2011-01-18 | 4.3 | CVE-2010-4646 CONFIRM MLIST MLIST |
|
hypermail-project -- hypermail |
Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages. | 2011-01-14 | 4.3 | CVE-2010-4339 MISC |
|
ibm -- cognos_8_business_intelligence |
Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo parameter. | 2011-01-18 | 4.3 | CVE-2011-0486 XF VUPEN BID BUGTRAQ MISC SECTRACK |
|
icq -- icq |
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism. | 2011-01-18 | 6.8 | CVE-2011-0487 CERT-VN XF BID BUGTRAQ |
|
jikaka -- teams_structure_module |
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter. | 2011-01-20 | 6.8 | CVE-2011-0512 XF BID EXPLOIT-DB SECUNIA OSVDB |
|
kernel -- linux |
include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. | 2011-01-14 | 4.9 | CVE-2010-3086 CONFIRM CONFIRM CONFIRM REDHAT CONFIRM SECTRACK MLIST SUSE CONFIRM |
|
libpng -- libpng |
pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information. | 2011-01-18 | 6.8 | CVE-2011-0408 CERT-VN XF VUPEN CONFIRM SECTRACK SECUNIA OSVDB |
|
lotuscms -- fraise |
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php. | 2011-01-20 | 5.1 | CVE-2011-0518 XF VUPEN EXPLOIT-DB SECUNIA OSVDB |
|
muscle -- pcsc-lite |
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. | 2011-01-18 | 4.4 | CVE-2010-4530 CONFIRM FEDORA FEDORA MISC VUPEN MLIST MLIST |
|
muscle -- pcsc-lite |
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value. | 2011-01-18 | 4.4 | CVE-2010-4531 CONFIRM MLIST MLIST MLIST MISC CONFIRM VUPEN VUPEN BID SECUNIA FEDORA FEDORA |
|
mysql -- mysql |
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT." | 2011-01-14 | 5.0 | CVE-2010-3833 CONFIRM VUPEN UBUNTU BID REDHAT REDHAT MANDRIVA MANDRIVA DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM MISC |
|
mysql -- mysql |
Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments." | 2011-01-14 | 4.0 | CVE-2010-3834 CONFIRM VUPEN UBUNTU BID MANDRIVA MANDRIVA DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM MISC |
|
mysql -- mysql |
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table. | 2011-01-14 | 4.0 | CVE-2010-3835 CONFIRM VUPEN UBUNTU BID REDHAT REDHAT MANDRIVA MANDRIVA DEBIAN SECUNIA CONFIRM CONFIRM MISC |
|
mysql -- mysql |
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers. | 2011-01-14 | 4.0 | CVE-2010-3836 CONFIRM CONFIRM VUPEN UBUNTU BID REDHAT REDHAT MANDRIVA MANDRIVA DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM |
|
mysql -- mysql |
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object. | 2011-01-14 | 4.0 | CVE-2010-3837 CONFIRM CONFIRM VUPEN UBUNTU BID REDHAT REDHAT MANDRIVA MANDRIVA DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM |
|
mysql -- mysql |
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table." | 2011-01-14 | 4.0 | CVE-2010-3838 CONFIRM VUPEN UBUNTU BID REDHAT REDHAT MANDRIVA MANDRIVA DEBIAN SECUNIA CONFIRM CONFIRM CONFIRM MISC |
|
mysql -- mysql |
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements. | 2011-01-14 | 4.0 | CVE-2010-3839 CONFIRM UBUNTU BID REDHAT REDHAT MANDRIVA MANDRIVA CONFIRM CONFIRM CONFIRM |
|
mysql -- mysql |
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | 2011-01-14 | 4.0 | CVE-2010-3840 CONFIRM MISC CONFIRM VUPEN UBUNTU BID REDHAT REDHAT REDHAT MANDRIVA MANDRIVA DEBIAN SECUNIA CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management. | 2011-01-19 | 4.3 | CVE-2010-3587 VUPEN BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 10.1.2.3, 11.1.1.2.0, and 11.1.1.3.0 allows remote authenticated users to affect confidentiality and integrity, related to EUL Code & Schema. | 2011-01-19 | 5.5 | CVE-2010-3588 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout. | 2011-01-19 | 4.0 | CVE-2010-3589 VUPEN BID CONFIRM SECUNIA |
|
oracle -- database_server |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS. | 2011-01-19 | 4.9 | CVE-2010-3590 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- enterprise_manager_grid_control |
Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files. | 2011-01-19 | 6.4 | CVE-2010-3594 MISC SECTRACK BID CONFIRM SECUNIA |
|
oracle -- secure_backup |
Unspecified vulnerability in the mod_ssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors. | 2011-01-19 | 6.4 | CVE-2010-3596 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- database_server |
Unspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2011-01-19 | 4.3 | CVE-2010-4413 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- vm_virtualbox |
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions. | 2011-01-19 | 6.8 | CVE-2010-4414 VUPEN BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party researcher that this is a buffer overflow via a crafted XML soap request and a value that does not contain the expected 0x20 terminator character. | 2011-01-19 | 5.0 | CVE-2010-4416 MISC VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #31 and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture. | 2011-01-19 | 5.5 | CVE-2010-4419 SECTRACK BID CONFIRM SECUNIA |
|
oracle -- database_server |
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2011-01-19 | 6.8 | CVE-2010-4421 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- database_server |
Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2011-01-19 | 6.9 | CVE-2010-4423 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect availability via unknown vectors related to the Security sub-component. | 2011-01-19 | 5.0 | CVE-2010-4424 SECTRACK BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect integrity, related to PIA Core Technology. | 2011-01-19 | 5.0 | CVE-2010-4426 SECTRACK BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. | 2011-01-19 | 4.0 | CVE-2010-4428 SECTRACK BID CONFIRM |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. | 2011-01-19 | 4.0 | CVE-2010-4430 SECTRACK BID CONFIRM |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.0 through 8.50.14 and 8.51.0 through 8.51.04 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal. | 2011-01-19 | 4.0 | CVE-2010-4434 SECTRACK BID CONFIRM SECUNIA |
|
oracle -- sunmc |
Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Console. | 2011-01-19 | 5.0 | CVE-2010-4436 VUPEN BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container. | 2011-01-19 | 5.8 | CVE-2010-4437 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- java_system_message_queue |
Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). | 2011-01-19 | 5.7 | CVE-2010-4438 VUPEN BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager Desktop. | 2011-01-19 | 4.0 | CVE-2010-4439 SECTRACK BID CONFIRM |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager. | 2011-01-19 | 5.5 | CVE-2010-4441 SECTRACK BID CONFIRM |
|
oracle -- opensso |
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2011-01-19 | 6.8 | CVE-2010-4444 VUPEN BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. | 2011-01-19 | 4.0 | CVE-2010-4445 SECTRACK BID CONFIRM |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container. | 2011-01-19 | 4.3 | CVE-2010-4453 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin. | 2011-01-19 | 6.4 | CVE-2010-4455 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- peoplesoft_and_jdedwards_product_suite |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance. | 2011-01-19 | 5.5 | CVE-2010-4461 SECTRACK BID CONFIRM |
|
oracle -- sun_convergence |
Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. | 2011-01-19 | 6.4 | CVE-2010-4464 VUPEN BID CONFIRM SECUNIA |
|
php -- php |
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. | 2011-01-18 | 5.0 | CVE-2006-7243 CONFIRM CONFIRM MLIST MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM MISC MLIST |
|
php -- php |
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. | 2011-01-18 | 6.8 | CVE-2010-4697 CONFIRM CONFIRM |
|
php -- php |
Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via vectors related to the imagepstext function and invalid anti-aliasing. | 2011-01-18 | 5.0 | CVE-2010-4698 CONFIRM CONFIRM |
|
php -- php |
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. | 2011-01-18 | 6.8 | CVE-2010-4700 CONFIRM CONFIRM |
|
redhat -- icedtea |
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | 2011-01-20 | 6.8 | CVE-2010-4351 CONFIRM MISC BID CONFIRM |
|
remi_jean -- zwii |
Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set[template][value] parameter. | 2011-01-20 | 5.1 | CVE-2011-0505 XF VUPEN BID OSVDB EXPLOIT-DB SECUNIA |
|
rocomotion -- p_board |
Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2011-01-20 | 4.3 | CVE-2010-3931 XF BID SECUNIA JVNDB JVN CONFIRM |
|
seopanel -- seopanel |
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php. | 2011-01-20 | 4.3 | CVE-2010-4331 XF MISC BID BUGTRAQ EXPLOIT-DB |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc. | 2011-01-19 | 4.1 | CVE-2010-4415 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via unknown vectors related to Ethernet and the Driver sub-component. | 2011-01-19 | 5.0 | CVE-2010-4433 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. | 2011-01-19 | 4.4 | CVE-2010-4440 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. | 2011-01-19 | 4.4 | CVE-2010-4442 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS. | 2011-01-19 | 4.4 | CVE-2010-4443 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand. | 2011-01-19 | 4.6 | CVE-2010-4446 BID CONFIRM |
|
sun -- java_system_communications_express |
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail. | 2011-01-19 | 4.3 | CVE-2010-4456 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS. | 2011-01-19 | 4.1 | CVE-2010-4458 BID CONFIRM |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs. | 2011-01-19 | 4.6 | CVE-2010-4459 BID CONFIRM |
|
todd_miller -- sudo |
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | 2011-01-18 | 4.4 | CVE-2011-0010 CONFIRM CONFIRM MISC MLIST MLIST XF VUPEN CONFIRM BID OSVDB SECUNIA MLIST CONFIRM |
|
todd_miller -- sudo |
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. | 2011-01-20 | 6.9 | CVE-2011-0008 CONFIRM FEDORA |
|
tor -- tor |
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor. | 2011-01-19 | 5.0 | CVE-2011-0015 CONFIRM CONFIRM MLIST CONFIRM VUPEN VUPEN SECTRACK BID MLIST DEBIAN SECUNIA SECUNIA |
|
tor -- tor |
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages. | 2011-01-19 | 5.0 | CVE-2011-0490 CONFIRM CONFIRM MLIST CONFIRM |
|
tor -- tor |
The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors." | 2011-01-19 | 5.0 | CVE-2011-0491 CONFIRM CONFIRM MLIST CONFIRM |
|
tor -- tor |
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file. | 2011-01-19 | 5.0 | CVE-2011-0492 CONFIRM CONFIRM CONFIRM MLIST |
|
tor -- tor |
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values. | 2011-01-19 | 5.0 | CVE-2011-0493 CONFIRM CONFIRM MLIST CONFIRM |
|
tsixm -- axdcms |
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] parameter. | 2011-01-20 | 6.8 | CVE-2011-0506 XF VUPEN BID EXPLOIT-DB |
|
vaddin -- vaadin |
Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page. | 2011-01-20 | 4.3 | CVE-2011-0509 XF BID CONFIRM SECUNIA OSVDB MISC |
|
vamshop -- vam_shop |
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php. | 2011-01-20 | 4.3 | CVE-2011-0504 BUGTRAQ BUGTRAQ BUGTRAQ MISC MISC MISC EXPLOIT-DB SECUNIA OSVDB OSVDB |
|
vamsoft -- vam_shop |
Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information. | 2011-01-20 | 6.8 | CVE-2011-0503 BUGTRAQ MISC EXPLOIT-DB SECUNIA OSVDB |
|
wayneeseguin -- ruby_version_manager |
Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information. | 2011-01-20 | 6.8 | CVE-2010-3928 XF BID JVNDB JVN |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
jwilk -- ocrodjvu |
ocrodjvu 0.4.6-1 on Debian GNU/Linux, when using Cuneiform as the OCR engine, allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked. | 2011-01-20 | 3.7 | CVE-2010-4338 CONFIRM |
|
kingsoftsecurity -- kingsoft_antivirus |
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook. | 2011-01-20 | 2.1 | CVE-2011-0515 XF BID BUGTRAQ EXPLOIT-DB SECUNIA |
|
microsoft -- windows_2003_server |
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. | 2011-01-20 | 0.0 | CVE-2010-4701 SECTRACK EXPLOIT-DB SECUNIA MISC |
|
oracle -- supply_chain_products_suite |
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders, Files & Attachments, a different vulnerability than CVE-2010-4429. | 2011-01-19 | 3.5 | CVE-2010-3505 VUPEN BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK. | 2011-01-19 | 1.9 | CVE-2010-3597 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- database_server |
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors. | 2011-01-19 | 3.6 | CVE-2010-4420 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server. | 2011-01-19 | 3.5 | CVE-2010-4425 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- fusion_middleware |
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server. | 2011-01-19 | 3.5 | CVE-2010-4427 VUPEN SECTRACK BID CONFIRM SECUNIA |
|
oracle -- supply_chain_products_suite |
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505. | 2011-01-19 | 3.5 | CVE-2010-4429 VUPEN BID CONFIRM SECUNIA |
|
oracle -- supply_chain_products_suite |
Unspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure. | 2011-01-19 | 3.5 | CVE-2010-4432 VUPEN BID CONFIRM SECUNIA |
|
otrs -- otrs |
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. | 2011-01-20 | 2.6 | CVE-2010-4071 MISC OSVDB SECUNIA CONFIRM SUSE MISC |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver. | 2011-01-19 | 3.6 | CVE-2010-3586 BID CONFIRM |
|
sun -- java_system_portal_server |
Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy. | 2011-01-19 | 1.0 | CVE-2010-4431 VUPEN BID CONFIRM SECUNIA |
|
sun -- sunos |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon. | 2011-01-19 | 3.6 | CVE-2010-4460 BID CONFIRM |
|
tor -- tor |
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process. | 2011-01-19 | 2.1 | CVE-2011-0016 CONFIRM CONFIRM CONFIRM CONFIRM VUPEN VUPEN SECTRACK BID MLIST DEBIAN SECUNIA SECUNIA MLIST |
| Back to top | ||||
This product is provided subject to this Notification and this Privacy & Use policy.
