View Previous Bulletins

Bulletin (SB11-276)

Vulnerability Summary for the Week of September 26, 2011

Original Release date: Oct 3, 2011 | Last revised: -

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		 Description Published CVSS Score Source & Patch Info
alibabaclone -- alibaba_clone_b2b
 SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter. 2011-09-27 7.5 CVE-2010-4849
cisco -- telepresence_c_series_software
 Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496. 2011-09-23 9.0 CVE-2011-2543
eclime -- eclime
 Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php. 2011-09-27 7.5 CVE-2010-4851
ffmpeg -- ffmpeg
 The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. 2011-09-28 9.3 CVE-2011-3504
manageengine -- eventlog_analyzer
 Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. 2011-09-27 7.5 CVE-2010-4840
mhproducts -- download_center
 SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information. 2011-09-27 7.5 CVE-2010-4842
mhproducts -- easy_online_shop
 SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter. 2011-09-27 7.5 CVE-2010-4844
mhproducts -- projekt_shop
 Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php. 2011-09-27 7.5 CVE-2010-4845
mhproducts -- pay_pal_shop_digital
 SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. 2011-09-27 7.5 CVE-2010-4846
mhproducts -- mhp_downloadshop
 SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. 2011-09-27 7.5 CVE-2010-4847
mozilla -- firefox
 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2011-09-28 10.0 CVE-2011-2995
mozilla -- firefox
 Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2011-09-28 10.0 CVE-2011-2996
mozilla -- firefox
 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2011-09-28 10.0 CVE-2011-2997
mozilla -- firefox
 Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. 2011-09-30 10.0 CVE-2011-2998
mozilla -- firefox
 Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. 2011-09-28 9.3 CVE-2011-3002
mozilla -- firefox
 Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. 2011-09-28 10.0 CVE-2011-3003
mozilla -- firefox
 Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. 2011-09-28 9.3 CVE-2011-3005
mozilla -- firefox
 YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. 2011-09-28 9.3 CVE-2011-3232
newgensoft -- omnidocs
 Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user. 2011-09-27 7.5 CVE-2011-3645
phpwebscripts -- ad_manager_pro
 SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. 2011-09-27 7.5 CVE-2010-4843
sonexis -- conferencemanager
 Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp. 2011-09-27 7.5 CVE-2011-3688
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product		 Description Published CVSS Score Source & Patch Info
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin. 2011-09-30 4.3 CVE-2011-3010
phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files. 2011-09-23 5.0 CVE-2011-3789
53x11 -- wow_server_status
 WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.php and certain other files. 2011-09-23 5.0 CVE-2011-3819
adazing -- morning_coffee
 Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. 2011-09-28 4.3 CVE-2011-3862
antisocialmediallc -- antisnews
 Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3857
atastypixel -- elegant_grunge
 Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3856
axscripts -- axslinks
 Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter. 2011-09-27 4.3 CVE-2010-4848
basic-cms -- sweetrice
 SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php. 2011-09-23 5.0 CVE-2011-3804
betella -- podcast_generator
 Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files. 2011-09-23 5.0 CVE-2011-3795
bishop_bettini -- phpesp
 php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files. 2011-09-23 5.0 CVE-2011-3774
blondish -- phpads
 PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php. 2011-09-23 5.0 CVE-2011-3769
bytesforall -- atahualpa
 Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3850
devpress -- news
 Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. 2011-09-28 4.3 CVE-2011-3851
diferior -- diferior
 Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php. 2011-09-27 4.3 CVE-2010-4850
eclime -- eclime
 Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action. 2011-09-27 4.3 CVE-2010-4852
elazos -- reos
 ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files. 2011-09-23 5.0 CVE-2011-3799
foxitsoftware -- reader
 Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory. 2011-09-27 6.9 CVE-2011-3691
getpixie -- pixie
 Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files. 2011-09-23 5.0 CVE-2011-3793
gnu -- phpbook
 phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. 2011-09-23 5.0 CVE-2011-3771
graphpaperpress -- f8_lite
 Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3855
idevspot -- phphostbot
 PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files. 2011-09-23 5.0 CVE-2011-3779
k5n -- webcalendar
 WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files. 2011-09-23 5.0 CVE-2011-3814
litoweb -- phpfilenavigator
 PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other files. 2011-09-23 5.0 CVE-2011-3775
manageengine -- eventlog_analyzer
 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. 2011-09-27 4.3 CVE-2010-4841
mozilla -- firefox
 Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. 2011-09-28 4.3 CVE-2011-2999
mozilla -- firefox
 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. 2011-09-28 4.3 CVE-2011-3000
mozilla -- firefox
 Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. 2011-09-28 4.3 CVE-2011-3001
mozilla -- firefox
 The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. 2011-09-28 4.3 CVE-2011-3004
mozilla -- firefox
 Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. 2011-09-28 4.3 CVE-2011-3866
musawir_ali -- phpformgenerator
 phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php. 2011-09-23 5.0 CVE-2011-3776
netsaro -- enterprise_messenger_server
 The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL. 2011-09-27 5.0 CVE-2011-3694
nick_korbel -- phpscheduleit
 phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files. 2011-09-23 5.0 CVE-2011-3787
onedesigns -- cover_wp
 Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3860
open-realty -- open-realty
 Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files. 2011-09-23 5.0 CVE-2011-3765
orangehrm -- orangehrm
 OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files. 2011-09-23 5.0 CVE-2011-3766
oscommerce -- oscommerce
 osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php. 2011-09-23 5.0 CVE-2011-3767
phorum -- phorum
 Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files. 2011-09-23 5.0 CVE-2011-3768
php-collab -- phpcollab
 phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files. 2011-09-23 5.0 CVE-2011-3772
phpalbum -- phpalbum
 phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files. 2011-09-23 5.0 CVE-2011-3770
phpdevshell -- phpdevshell
 PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by gzip.php. 2011-09-23 5.0 CVE-2011-3773
phpfreechat -- phpfreechat
 phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files. 2011-09-23 5.0 CVE-2011-3777
phpgedview -- phpgedview
 PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files. 2011-09-23 5.0 CVE-2011-3778
phpicalendar -- php_icalendar
 PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files. 2011-09-23 5.0 CVE-2011-3780
phpids -- phpids
 PHPIDS 0.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/IDS/VersionTest.php and certain other files. 2011-09-23 5.0 CVE-2011-3781
phplinkdirectory -- phpld
 phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files. 2011-09-23 5.0 CVE-2011-3782
phpmyfaq -- phpmyfaq
 phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. 2011-09-23 5.0 CVE-2011-3783
phpnuke -- php-nuke
 Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files. 2011-09-23 5.0 CVE-2011-3784
phppointofsale -- php_point_of_sale
 PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. 2011-09-23 5.0 CVE-2011-3785
phprojekt -- phprojekt
 PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php. 2011-09-23 5.0 CVE-2011-3786
phpsec -- phpsecinfo
 PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suhosin.php and certain other files. 2011-09-23 5.0 CVE-2011-3788
piwigo -- piwigo
 Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files. 2011-09-23 5.0 CVE-2011-3790
piwik -- piwik
 Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files. 2011-09-23 5.0 CVE-2011-3791
pixelpost -- pixelpost
 Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files. 2011-09-23 5.0 CVE-2011-3792
pligg -- pligg_cms
 Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files. 2011-09-23 5.0 CVE-2011-3794
plotsoft -- pdfill_pdf_editor
 Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 allows local users to gain privileges via a Trojan horse mfc70enu.dll or mfc80loc.dll in the current working directory. 2011-09-27 6.9 CVE-2011-3690
post-scriptum -- redline
 Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3863
prestashop -- prestashop
 PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. 2011-09-23 5.0 CVE-2011-3796
projectpier -- projectpier
 ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. 2011-09-23 5.0 CVE-2011-3797
quirm -- zenlite
 Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3854
rapidleech -- rapid_leech
 Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files. 2011-09-23 5.0 CVE-2011-3798
s9y -- serendipity
 Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. 2011-09-23 5.0 CVE-2011-3800
simpletest -- simpletest
 SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files. 2011-09-23 5.0 CVE-2011-3801
somadesign -- the_erudite
 Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. 2011-09-28 4.3 CVE-2011-3864
sonexis -- conferencemanager
 Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter. 2011-09-27 4.3 CVE-2011-3686
sonexis -- conferencemanager
 Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp parameter to ForgotPIN.asp, or the (4) Description, (5) title, or (6) Heading parameter to Error.asp. 2011-09-27 4.3 CVE-2011-3687
status -- statusnet
 StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. 2011-09-23 5.0 CVE-2011-3802
sugarcrm -- sugarcrm
 SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files. 2011-09-23 5.0 CVE-2011-3803
taskfreak -- taskfreak!_multi-mysql
 TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files. 2011-09-23 5.0 CVE-2011-3805
tecnick -- tcexam
 TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. 2011-09-23 5.0 CVE-2011-3806
tembria -- server_monitor
 Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp. 2011-09-27 4.3 CVE-2011-3684
textpattern -- textpattern
 Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files. 2011-09-23 5.0 CVE-2011-3807
thebuggenie -- the_bug_genie
 The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files. 2011-09-23 5.0 CVE-2011-3808
thehostingtool -- thehostingtool
 TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files. 2011-09-23 5.0 CVE-2011-3809
theme4press -- evolve
 Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3852
themehybrid -- hybrid
 Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. 2011-09-28 4.3 CVE-2011-3853
themehybrid -- trending
 Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. 2011-09-28 4.3 CVE-2011-3859
tinywebgallery -- tinywebgallery
 TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php. 2011-09-23 5.0 CVE-2011-3810
tomatocart -- tomatocart
 TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files. 2011-09-23 5.0 CVE-2011-3811
ulyssesonline -- black-letterhead
 Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. 2011-09-28 4.3 CVE-2011-3865
vanillaforums -- vanilla
 Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. 2011-09-23 5.0 CVE-2011-3812
vwar -- virtual_war
 Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files. 2011-09-23 5.0 CVE-2011-3813
webidsupport -- webid
 WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files. 2011-09-23 5.0 CVE-2011-3815
webinsta -- mailing_list_manager
 WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files. 2011-09-23 5.0 CVE-2011-3816
webmastersite -- wsn_software
 WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/prestart.php and certain other files. 2011-09-23 5.0 CVE-2011-3820
webminimalist -- web_minimalist_200901
 Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. 2011-09-28 4.3 CVE-2011-3861
websitebaker2 -- website_baker
 Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436. 2011-09-23 5.0 CVE-2011-3817
wibu -- codemeter_webadmin
 Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. 2011-09-27 4.3 CVE-2011-3689
wordpress -- wordpress
 WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. 2011-09-23 5.0 CVE-2011-3818
xajax-project -- xajax
 xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plugin_layer/xajaxScriptPlugin.inc.php and certain other files. 2011-09-23 5.0 CVE-2011-3821
xoops -- xoops
 XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files. 2011-09-23 5.0 CVE-2011-3822
yamamah -- yamamah
 Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files. 2011-09-23 5.0 CVE-2011-3823
yourls -- yourls
 Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files. 2011-09-23 5.0 CVE-2011-3824
zend -- framework
 Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files. 2011-09-23 5.0 CVE-2011-3825
zespia -- pixiv_custom
 Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2011-09-28 4.3 CVE-2011-3858
zikula -- zikula
 Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files. 2011-09-23 5.0 CVE-2011-3826
Back to top
Low Vulnerabilities
Primary
Vendor -- Product		 Description Published CVSS Score Source & Patch Info
cisco -- telepresence_mxp_software
 Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. 2011-09-23 3.5 CVE-2011-2544
mozilla -- firefox
 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. 2011-09-28 3.5 CVE-2011-2372
netsaro -- enterprise_messenger_server
 NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step. 2011-09-27 1.9 CVE-2011-3692
netsaro -- enterprise_messenger_server
 NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. 2011-09-27 1.9 CVE-2011-3693
tembria -- server_monitor
 Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory. 2011-09-27 1.9 CVE-2011-3685
Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Document Feedback

Was this document helpful?  Yes  |   Somewhat  |   No