US Cyber Security Bulletin | Managing Technology for Better Business Outcomes

Managing Technology for Better Business Outcomes

Home US-Cert Cyber Security Bulletin Send Quote Expertise About Service Plans SEO Local

National Cyber Alert System
US Cyber Security Bulletin SB10-242

Vulnerability Summary for the Week of August 23, 2010

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities
Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
3dftp -- 3d-ftp_client	Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.	2010-08-20	9.3	CVE-2010-3102 MISC
adobe -- photoshop	Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information.	2010-08-26	9.3	CVE-2010-3127 VUPEN SECUNIA MISC
adobe -- dreamweaver	Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.	2010-08-26	9.3	CVE-2010-3132 VUPEN EXPLOIT-DB SECUNIA
adobe -- shockwave_player	Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.	2010-08-26	10.0	CVE-2010-2863 CONFIRM
adobe -- shockwave_player	IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file.	2010-08-26	9.3	CVE-2010-2864 CONFIRM BUGTRAQ
adobe -- shockwave_player	Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.	2010-08-26	9.3	CVE-2010-2866 CONFIRM BUGTRAQ MISC
adobe -- shockwave_player	DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability."	2010-08-26	9.3	CVE-2010-2867 CONFIRM BUGTRAQ MISC
adobe -- shockwave_player	IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file.	2010-08-26	9.3	CVE-2010-2868 CONFIRM BUGTRAQ
adobe -- shockwave_player	IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file.	2010-08-26	9.3	CVE-2010-2869 CONFIRM BUGTRAQ
adobe -- shockwave_player	DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.	2010-08-26	9.3	CVE-2010-2870 CONFIRM BUGTRAQ MISC
adobe -- shockwave_player	Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.	2010-08-26	9.3	CVE-2010-2871 CONFIRM MISC BUGTRAQ
adobe -- shockwave_player	Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.	2010-08-26	9.3	CVE-2010-2872 CONFIRM MISC BUGTRAQ
adobe -- shockwave_player	Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.	2010-08-26	9.3	CVE-2010-2873 CONFIRM MISC BUGTRAQ
adobe -- shockwave_player	Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.	2010-08-26	9.3	CVE-2010-2875 CONFIRM IDEFENSE
adobe -- shockwave_player	Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.	2010-08-26	9.3	CVE-2010-2876 CONFIRM MISC BUGTRAQ
adobe -- shockwave_player	Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.	2010-08-26	9.3	CVE-2010-2877 CONFIRM BUGTRAQ MISC
adobe -- shockwave_player	DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.	2010-08-26	9.3	CVE-2010-2878 CONFIRM BUGTRAQ MISC
adobe -- shockwave_player	Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.	2010-08-26	9.3	CVE-2010-2879 CONFIRM BUGTRAQ MISC
adobe -- shockwave_player	DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.	2010-08-26	9.3	CVE-2010-2880 CONFIRM BUGTRAQ
adobe -- shockwave_player	IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.	2010-08-26	9.3	CVE-2010-2881 CONFIRM BUGTRAQ
adobe -- shockwave_player	DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.	2010-08-26	9.3	CVE-2010-2882 CONFIRM BUGTRAQ
apple -- itunes	Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.	2010-08-20	9.3	CVE-2010-1795 XF BID BUGTRAQ MISC CONFIRM
artifex -- afpl_ghostscript	Off-by-one error in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document.	2010-08-26	9.3	CVE-2009-3743 MISC CERT-VN
avast -- avast_antivirus_free	Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.	2010-08-26	9.3	CVE-2010-3126 VUPEN EXPLOIT-DB SECUNIA
cisco -- packet_tracer	Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file.	2010-08-26	9.3	CVE-2010-3135 EXPLOIT-DB
cisco -- unified_communications_manager	The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.	2010-08-26	7.8	CVE-2010-2837 CISCO
cisco -- unified_communications_manager	The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.	2010-08-26	7.8	CVE-2010-2838 CISCO
cisco -- unified_presence_server	SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.	2010-08-26	7.8	CVE-2010-2839 CISCO
cisco -- unified_presence_server	The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.	2010-08-26	7.8	CVE-2010-2840 CISCO
deskshare -- auto_ftp_manager	Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.	2010-08-20	9.3	CVE-2010-3104 MISC
devonit -- thin-client_management_tool	Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors.	2010-08-25	7.5	CVE-2010-3121 CERT-VN
ftpgetter -- ftpgetter	Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.	2010-08-20	9.3	CVE-2010-3103 MISC
ftprush -- ftprush	Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.	2010-08-20	9.3	CVE-2010-3098 MISC SECUNIA
ftpx -- ftp_explorer	Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.	2010-08-20	9.3	CVE-2010-3101 MISC SECUNIA
google -- chrome	Google Chrome before 5.0.375.127 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.	2010-08-24	10.0	CVE-2010-3111 CONFIRM CONFIRM
google -- chrome	Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.	2010-08-24	10.0	CVE-2010-3112 CONFIRM CONFIRM
google -- chrome	Google Chrome before 5.0.375.127 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.	2010-08-24	10.0	CVE-2010-3113 CONFIRM CONFIRM
google -- chrome	The text-editing implementation in Google Chrome before 5.0.375.127 does not properly perform casts, which has unspecified impact and attack vectors.	2010-08-24	10.0	CVE-2010-3114 CONFIRM CONFIRM
google -- chrome	Google Chrome before 5.0.375.127 does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.	2010-08-24	10.0	CVE-2010-3115 CONFIRM CONFIRM
google -- chrome	Google Chrome before 5.0.375.127 does not properly process MIME types, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.	2010-08-24	10.0	CVE-2010-3116 CONFIRM CONFIRM CONFIRM
google -- chrome	Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.	2010-08-24	10.0	CVE-2010-3117 CONFIRM CONFIRM
google -- chrome	Google Chrome before 5.0.375.127 does not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.	2010-08-24	10.0	CVE-2010-3119 CONFIRM CONFIRM
google -- chrome	Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.	2010-08-24	10.0	CVE-2010-3120 CONFIRM CONFIRM
google -- earth	Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file.	2010-08-26	9.3	CVE-2010-3134 EXPLOIT-DB
hp -- openview_network_node_manager	Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.	2010-08-20	10.0	CVE-2010-2710 HP
ibm -- tivoli_storage_manager_fastback	The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors.	2010-08-20	7.5	CVE-2010-3058 BID CONFIRM SECUNIA
ibm -- tivoli_storage_manager_fastback	Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command.	2010-08-20	7.5	CVE-2010-3059 BID CONFIRM SECUNIA
isamu_kaneko -- winny	Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007.	2010-08-25	7.5	CVE-2010-2360 XF XF JVNDB JVNDB JVN JVN
jan_engelhardt -- libhx	Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.	2010-08-24	10.0	CVE-2010-2947 CONFIRM BID MLIST MLIST CONFIRM
jens_vagelpohl -- zope-ldapuserfolder	The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges.	2010-08-20	7.5	CVE-2010-2944 CONFIRM MLIST MLIST SECUNIA
keil-software -- photokorn_gallery	Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters.	2010-08-25	7.5	CVE-2009-4979 BID SECUNIA MISC
mozilla -- firefox	Untrusted search path vulnerability in Mozilla Firefox 3.6.8 and earlier, and Thunderbird 3.1.2, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.	2010-08-26	9.3	CVE-2010-3131 VUPEN BUGTRAQ EXPLOIT-DB SECUNIA
novell -- iprint	Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.	2010-08-23	9.3	CVE-2010-1527 XF BID CONFIRM MISC SECUNIA
novell -- iprint	The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	2010-08-23	9.3	CVE-2010-3105 BID SECUNIA
novell -- iprint	The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.	2010-08-23	9.3	CVE-2010-3106 MISC CONFIRM
novell -- iprint	A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.	2010-08-23	7.1	CVE-2010-3107 MISC CONFIRM
novell -- iprint	Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.	2010-08-23	9.3	CVE-2010-3108 MISC CONFIRM
novell -- iprint	Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.	2010-08-23	9.3	CVE-2010-3109 MISC CONFIRM
nullsoft -- winamp	Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.	2010-08-26	9.3	CVE-2010-3137 EXPLOIT-DB
openoffice -- openoffice.org	simpress.bin in the Impress module in OpenOffice.org (OOo) 3.2.1 on Windows does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."	2010-08-25	9.3	CVE-2010-2935 CONFIRM VUPEN VUPEN REDHAT MLIST MLIST MLIST MISC SECUNIA SECUNIA
openoffice -- openoffice.org	Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 3.2.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.	2010-08-25	9.3	CVE-2010-2936 CONFIRM CONFIRM VUPEN VUPEN REDHAT MLIST MLIST MLIST MISC SECUNIA SECUNIA
phpmyadmin -- phpmyadmin	The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.	2010-08-24	7.5	CVE-2010-3055 BID CONFIRM CONFIRM CONFIRM SECUNIA
portaplus -- porta+_ftp_client	Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.	2010-08-20	9.3	CVE-2010-3100 OSVDB SECUNIA
sap -- business_one_2005-a	Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.	2010-08-25	10.0	CVE-2009-4988 XF VUPEN SECTRACK BID BUGTRAQ SECUNIA
script-shop24 -- lm_starmail_paidmail	SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.	2010-08-25	7.5	CVE-2009-4992 MILW0RM
script-shop24 -- lm_starmail_paidmail	PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.	2010-08-25	7.5	CVE-2009-4993 MILW0RM
scripteen -- free_image_hosting_script	admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.	2010-08-25	7.5	CVE-2009-4987 XF BID OSVDB SECUNIA
skype -- skype	Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.	2010-08-26	9.3	CVE-2010-3136 EXPLOIT-DB
smartftp -- smartftp	Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.	2010-08-20	9.3	CVE-2010-3099 MISC MISC SECUNIA
softx -- ftp_client	Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.	2010-08-20	9.3	CVE-2010-3096 BUGTRAQ MISC SECUNIA
strongswan -- strongswan	The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.	2010-08-20	7.5	CVE-2010-2628 MLIST VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM VUPEN SECTRACK CONFIRM SECUNIA MLIST
teamviewer -- teamviewer	Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.	2010-08-26	9.3	CVE-2010-3128 VUPEN BUGTRAQ EXPLOIT-DB SECUNIA
techsmith -- snagit	Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.	2010-08-26	9.3	CVE-2010-3130 EXPLOIT-DB SECUNIA
utorrent -- utorrent	Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll that is located in the same folder as a .torrent or .btsearch file.	2010-08-26	9.3	CVE-2010-3129 VUPEN EXPLOIT-DB SECUNIA
videolan -- vlc_media_player	Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.	2010-08-26	9.3	CVE-2010-3124 MLIST CONFIRM VUPEN MLIST EXPLOIT-DB SECUNIA
websitesrus -- accessories_me_php_affiliate_script	SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.	2010-08-25	7.5	CVE-2009-4985 MILW0RM
winfrigate -- frigate_3	Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.	2010-08-20	9.3	CVE-2010-3097 MISC SECUNIA
winny -- winny	Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.	2010-08-25	10.0	CVE-2010-2361 XF JVNDB JVN
winny -- winny	Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.	2010-08-25	10.0	CVE-2010-2362 XF JVNDB JVN
wireshark -- wireshark	Untrusted search path vulnerability in Wireshark 1.2.10 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.	2010-08-26	9.3	CVE-2010-3133 VUPEN EXPLOIT-DB SECUNIA
wolterskluwer -- teammate_audit_management_software_suite	Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx file.	2010-08-26	9.3	CVE-2010-3125 EXPLOIT-DB
Back to top

Medium Vulnerabilities
Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- shockwave_player	Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors.	2010-08-26	5.0	CVE-2010-2865 CONFIRM
ajsquare -- aj_auction_pro-oopd	Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action.	2010-08-25	4.3	CVE-2009-4989 BID SECUNIA MISC
apple -- itunes	Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.	2010-08-20	6.9	CVE-2010-1768 XF BID CONFIRM
apple -- cfnetwork	CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.	2010-08-25	5.0	CVE-2010-1800 CONFIRM SECTRACK APPLE
apple -- coregraphics	Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.	2010-08-25	6.8	CVE-2010-1801 CONFIRM SECTRACK APPLE
apple -- libsecurity	libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com.	2010-08-25	6.4	CVE-2010-1802 CONFIRM SECTRACK APPLE
apple -- apple_type_services	Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.	2010-08-25	6.8	CVE-2010-1808 CONFIRM SECTRACK APPLE
cacti -- cacti	Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.	2010-08-23	4.3	CVE-2010-1644 VUPEN REDHAT CONFIRM BID BUGTRAQ CONFIRM CONFIRM SECUNIA
cacti -- cacti	Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.	2010-08-23	6.5	CVE-2010-1645 REDHAT CONFIRM CONFIRM MISC CONFIRM CONFIRM CONFIRM SECUNIA
cacti -- cacti	Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.	2010-08-23	4.3	CVE-2010-2543 CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM
cacti -- cacti	Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.	2010-08-23	4.3	CVE-2010-2544 REDHAT CONFIRM XF BID CONFIRM CONFIRM SECUNIA MLIST MLIST CONFIRM
cacti -- cacti	Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.	2010-08-23	4.3	CVE-2010-2545 REDHAT CONFIRM BID CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA MLIST MLIST CONFIRM
devonit -- thin-client_management_tool	The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network.	2010-08-25	5.0	CVE-2010-3122 CERT-VN
google -- chrome	The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.	2010-08-24	5.0	CVE-2010-3118 CONFIRM CONFIRM
hp -- magcloud	Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors.	2010-08-25	6.4	CVE-2010-2711 XF SECTRACK SECUNIA HP HP
ibm -- tivoli_storage_manager_fastback	Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors.	2010-08-20	5.0	CVE-2010-3060 BID CONFIRM SECUNIA
ibm -- tivoli_storage_manager_fastback	Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors.	2010-08-20	5.0	CVE-2010-3061 BID CONFIRM AIXAPAR SECUNIA
in-portal -- in-portal	Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.	2010-08-25	6.8	CVE-2009-4986 VUPEN SECUNIA
irokez -- irokez_cms	SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI.	2010-08-25	6.8	CVE-2009-4982 VUPEN BID SECUNIA
jrbcs -- webform_report	Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.	2010-08-25	4.3	CVE-2009-4990 BID SECUNIA CONFIRM
keil-software -- photokorn_gallery	Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php.	2010-08-25	4.3	CVE-2009-4980 BID SECUNIA MISC
keil-software -- photokorn_gallery	Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators.	2010-08-25	6.8	CVE-2009-4981 SECUNIA MISC
linux -- kernel	Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.	2010-08-20	4.7	CVE-2010-3015 MLIST CONFIRM CONFIRM XF BID CONFIRM MLIST MLIST
lynx -- lynx	Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.	2010-08-20	6.8	CVE-2010-2810 CONFIRM XF VUPEN MLIST MLIST
mono-project -- libgdiplus	Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.	2010-08-24	6.8	CVE-2010-1526 MISC SECUNIA
omnistaretools -- omnistar_recruiting	Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter.	2010-08-25	4.3	CVE-2009-4991 SECUNIA MISC
php -- php	mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.	2010-08-20	5.0	CVE-2010-3062 CONFIRM CONFIRM MISC MISC
php -- php	The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.	2010-08-20	5.0	CVE-2010-3063 CONFIRM CONFIRM MISC
php -- php	Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.	2010-08-20	6.8	CVE-2010-3064 CONFIRM CONFIRM MISC
php -- php	The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.	2010-08-20	5.0	CVE-2010-3065 DEBIAN MISC
php -- php	The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.	2010-08-20	5.0	CVE-2010-2484 CONFIRM CONFIRM
php -- php	The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.	2010-08-20	4.3	CVE-2010-2531 CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM
phpmyadmin -- phpmyadmin	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.	2010-08-24	4.3	CVE-2010-3056 BID CONFIRM CONFIRM MISC SECUNIA FEDORA FEDORA
redhat -- enterprise_virtualization	libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.	2010-08-24	6.6	CVE-2010-0428 REDHAT REDHAT CONFIRM
redhat -- enterprise_virtualization	libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.	2010-08-24	6.6	CVE-2010-0429 REDHAT REDHAT CONFIRM
redhat -- enterprise_virtualization	QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.	2010-08-24	6.6	CVE-2010-0431 REDHAT CONFIRM REDHAT
redhat -- enterprise_virtualization	The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation.	2010-08-24	4.6	CVE-2010-0435 REDHAT REDHAT CONFIRM
redhat -- enterprise_virtualization	The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.	2010-08-24	6.6	CVE-2010-2784 REDHAT REDHAT CONFIRM MLIST
redhat -- enterprise_virtualization	Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.	2010-08-24	5.7	CVE-2010-2811 REDHAT REDHAT CONFIRM BID SECTRACK
smartertools -- smartertrack	Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.	2010-08-25	4.3	CVE-2009-4994 CONFIRM SECUNIA MISC
smartertools -- smartertrack	Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	2010-08-25	4.3	CVE-2009-4995 SECUNIA
snowhall -- silurus_system	Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.	2010-08-25	4.3	CVE-2009-4983 SECUNIA MISC
tufat -- mybackup	PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.	2010-08-25	6.5	CVE-2009-4977 VUPEN SECUNIA
tufat -- mybackup	Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.	2010-08-25	5.0	CVE-2009-4978 VUPEN SECUNIA
videolan -- vlc_media_player	The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.	2010-08-20	5.0	CVE-2010-2937 VUPEN CONFIRM BID CONFIRM CONFIRM
websitesrus -- accessories_me_php_affiliate_script	Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.	2010-08-25	4.3	CVE-2009-4984 SECUNIA
Back to top

Low Vulnerabilities
Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
anibal_monsalve_salaz -- ssmtp	DISPUTED The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact.	2010-08-20	2.1	CVE-2008-7258 CONFIRM MISC CONFIRM CONFIRM BID MLIST SECUNIA MLIST MLIST MLIST FEDORA FEDORA
freebsd -- freebsd	The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.	2010-08-20	1.2	CVE-2010-3014 CONFIRM CONFIRM MISC BUGTRAQ
freedesktop -- dbus-glib	DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.	2010-08-20	3.6	CVE-2010-1172 CONFIRM XF VUPEN REDHAT SECUNIA SECUNIA CONFIRM
Back to top

Last updated August 30, 2010

Get Adobe Reader

Voice 949-614-6425 or 949-297-4188

Computer Servers in Orange County | Computer Networking in Orange County | Computer Service Orange County | Network Support O.C.

This site is optimized by www.SEOLocalSearch.com - Computer Network Support in Orange County and the following areas:

Orange County, Los Angeles, Riverside, San Bernardino, Aliso Viejo, Anaheim, Brea, Buena Park, Costa Mesa, Cypress, Dana Point, Fountain Valley, Fullerton, Garden Grove, Huntington Beach,

Irvine, La Habra, La Palma , Laguna Beach, Laguna Hills, Laguna Niguel, Laguna Woods, Lake Forest, Los Alamitos, Mission Viejo, Newport Beach, Orange, Placentia, Rancho Santa Margarita,

San Clemente, San Juan Capistrano, Santa Ana, Seal Beach, Stanton, Tustin, Villa Park, Westminster, Yorba Linda, Long Beach, Signal Hill, Los Alamitos,