![]() ![]() The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. Vulnerability Summary for the Week of April 26, 2010 Note:there may be multiple issues for each product link. Apache Tomcat Authentication Header Information Disclosure.KV AntiVirus 2010 Local Denial of Service Vulnerabilities.Internet Explorer XSS Filter Cross-Site Scripting Weakness.360 Anti-Virus / Security Guard profos.sys Denial of Service.360 Anti-Virus / Security Guard 360FkAdv.sys Denial of Service.e107 "click_url" SQL Injection Vulnerability.Microsoft Windows "SfnLOGONNOTIFY()" and "SfnINSTRING()" Denial of Service.Cacti "export_item_id" SQL Injection Vulnerability.Rising Antivirus 2010 RsAssist.sys Privilege Escalation Vulnerability.Apache OFBiz Cross-Site Scripting and Script Insertion Vulnerabilities.Palm Pre WebOS SMS Client Script Execution Vulnerability.Apache Tomcat Web Application Manager / Host Manager Cross-Site Request Forgery.RJ-iTop Network Vulnerabilities Scan System "id" SQL Injection Vulnerability.NolaPro Cross-Site Scripting and SQL Injection Vulnerabilities.Video Battle Script "cat" SQL Injection Vulnerability.Joomla GBU Facebook Component "face_id" SQL Injection Vulnerability.JobPost "iType" SQL Injection Vulnerability.MusicBox "id" SQL Injection Vulnerability.CLScript "hpId" SQL Injection Vulnerability.Joomla ABC Component "sectionid" SQL Injection Vulnerability.Joomla! AWDwall Components SQL Injection and Local File Inclusion Vulnerabilities.CMScout "album" SQL Injection Vulnerability.Joomla JoltCard Component "cardID" SQL Injection Vulnerability.AJ Shopping Cart "maincatid" SQL Injection Vulnerability.Joomla Media Mall Factory Component "category" SQL Injection Vulnerability.Joomla Online News Paper Manager Two SQL Injection Vulnerabilities. ![]() Infocus Real Estate Enterprise Edition Two SQL Injection Vulnerabilities.Campsite "article_id" SQL Injection Vulnerability.CMS Ariadna SQL Injection Vulnerabilities.B2B Gold Script "id" SQL Injection Vulnerability.NKInFoWeb "id_sp" SQL Injection Vulnerability.Joomla! Intellectual Property Component "id" SQL Injection Vulnerability.2daybiz Auction Script "username" SQL Injection Vulnerability.Apache ActiveMQ Cross-Site Scripting and Source Code Disclosure.Alstrasoft EPay Enterprise "cid" SQL Injection.NCT Jobs Portal Script SQL Injection Vulnerabilities.dl_stats SQL Injection and Cross-Site Scripting Vulnerabilities.Wireshark DOCSIS Dissector Denial of Service Vulnerability.ClanSphere Captcha Generator SQL Injection Vulnerability.Adobe Photoshop CS3 TIFF File Processing Vulnerabilities.Adobe Photoshop CS4 TIFF File Processing Vulnerabilities.VLC Media Player Multiple Vulnerabilities.Avaya Products Wireshark Multiple Vulnerabilities.Adobe Download Manager Remote Code Execution VulnerabilityĬhecked reports from: 6th May, 2010 to 19th Apr, 2010 (partial).Microsoft Windows Media Buffer Overflow Vulnerability.Tip: highlight any link below to reveal the criticality or priority. Section contains very detailed information and many newly discovered vulnerabilities Well structured bulletins avaiable as external links. Next, review Secunia for a more complete listing with Click theĪt a very minimum, look at the SANS bulletins as they include the top issues The CERT index lists vulnerabilities with and without solutions. Wording is original with some "back" links added where needed. This report combines relevant bulletins from SANS, Secunia and CERT. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |