Weekly Vulnerabilities Reports > March 15 to 21, 2010

Overview

119 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 50 high severity vulnerabilities. This weekly summary report vulnerabilities in 118 products from 93 vendors including Typo3, Apple, Microsoft, Joomla, and Linux. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".

  • 114 reported vulnerabilities are remotely exploitables.
  • 41 reported vulnerabilities have public exploit available.
  • 80 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 118 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 34 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-18 CVE-2010-0104 Broadcom
HP
Remote Code Execution vulnerability in Broadcom NetXtreme ASF Packet Handling

Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2010-03-19 CVE-2010-1028 Mozilla
Microsoft
Numeric Errors vulnerability in Mozilla Firefox 3.6/3.6.1/3.7

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

9.3
2010-03-19 CVE-2010-0688 Orbitals Buffer Errors vulnerability in Orbitals Orbital Viewer 1.04

Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.

9.3
2010-03-15 CVE-2010-0054 Apple Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.

9.3
2010-03-15 CVE-2010-0053 Apple Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.

9.3
2010-03-15 CVE-2010-0052 Apple Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html CVE-ID: CVE-2010-0052 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in WebKit's handling of callbacks for HTML elements.

9.3
2010-03-15 CVE-2010-0049 Apple Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

9.3
2010-03-15 CVE-2010-0046 Apple Code Injection vulnerability in Apple Safari

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

9.3
2010-03-15 CVE-2010-0045 Apple
Microsoft
Improper Input Validation vulnerability in Apple Safari

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

9.3
2010-03-15 CVE-2010-0043 Apple
Microsoft
Code Injection vulnerability in Apple Safari

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

9.3
2010-03-15 CVE-2010-0040 Apple
Microsoft
Numeric Errors vulnerability in Apple Safari

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

9.3
2010-03-15 CVE-2009-4001 Xnview Numeric Errors vulnerability in Xnview

Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.

9.3

50 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-15 CVE-2010-0050 Apple
Fedoraproject
Canonical
Opensuse
Use After Free vulnerability in multiple products

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

8.8
2010-03-19 CVE-2010-1027 Dietmar Schffer
Typo3
SQL Injection vulnerability in Dietmar Schffer Travelmate

SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1026 Mathon Nicolas
Typo3
SQL Injection vulnerability in Mathon Nicolas Tmsw Cleandb 2.0.1

SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1024 Chris Wederka
Typo3
SQL Injection vulnerability in Chris Wederka TGM Newsletter 0.0.2

SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1022 Marcus Krause
Typo3
Improper Authentication vulnerability in Marcus Krause T3Sec Saltedpw

The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.

7.5
2010-03-19 CVE-2010-1019 SK Typo3
Typo3
SQL Injection vulnerability in Sk-Typo3 SK Simplegallery 0.0.1

SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1018 Jochen RAU
Typo3
SQL Injection vulnerability in Jochen RAU SK Bookreview

SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1017 Laurent Foulloy
Typo3
SQL Injection vulnerability in Laurent Foulloy SAV Filter Months

SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1016 Laurent Foulloy
Typo3
SQL Injection vulnerability in Laurent Foulloy SAV Filter Selectors 1.0.1/1.0.2/1.0.3

SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1015 Laurent Foulloy
Typo3
SQL Injection vulnerability in Laurent Foulloy SAV Filter ABC

SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1013 FR Simon Rundell
Typo3
SQL Injection vulnerability in Fr.Simon Rundell PD Diocesedatabase

SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1012 Mathias Schreiber
Typo3
SQL Injection vulnerability in Mathias Schreiber NF Cleandb

SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1010 Matthias Kall
Typo3
SQL Injection vulnerability in Matthias Kall MK Wastebasket

SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1009 Joachim Ruhs
Typo3
SQL Injection vulnerability in Joachim-Ruhs Educator 0.1.5

SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1006 Typo3 SQL Injection vulnerability in Typo3 Brainstorming

SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-19 CVE-2010-1004 Mischa Heimann
Typo3
SQL Injection vulnerability in Mischa Heimann Yatse

SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-18 CVE-2009-4735 Allomani SQL Injection vulnerability in Allomani Audio & Video Library 2.7.0

SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

7.5
2010-03-18 CVE-2009-4734 Allomani SQL Injection vulnerability in Allomani Movies Library 2.7.0

SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

7.5
2010-03-18 CVE-2009-4731 Boldfx SQL Injection vulnerability in Boldfx Model Agency Manager PRO

SQL injection vulnerability in photos.php in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allows remote attackers to execute arbitrary SQL commands via the album parameter.

7.5
2010-03-18 CVE-2009-4730 X10Media SQL Injection vulnerability in X10Media Adult Script 1.7

SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-03-18 CVE-2009-4728 Questions Answered SQL Injection vulnerability in Questions Answered Questions Answered 1.3

SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2010-03-18 CVE-2009-4727 Junglescripts SQL Injection vulnerability in Junglescripts Ajax Short URL Script

SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2010-03-18 CVE-2009-4724 Paymentprocessorscript SQL Injection vulnerability in Paymentprocessorscript Ppscript

SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2010-03-18 CVE-2009-4723 Netpet Path Traversal vulnerability in Netpet CMS 1.9

Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-03-18 CVE-2009-4721 Andrews WEB SQL Injection vulnerability in Andrews-Web Aw-Bannerad 1.0

Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.

7.5
2010-03-18 CVE-2009-4720 Gnudip SQL Injection vulnerability in Gnudip 2.1.1

SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2010-03-18 CVE-2009-4719 BOB Jewell SQL Injection vulnerability in BOB Jewell Discloser 0.0.4

SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.

7.5
2010-03-16 CVE-2010-0985 Chris Simon
Joomla
Path Traversal vulnerability in Chris Simon COM Abbrev 1.1

Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-03-16 CVE-2010-0981 Templateplazza
Joomla
SQL Injection vulnerability in Templateplazza COM Tpjobs

SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.

7.5
2010-03-16 CVE-2010-0980 Mitchell Sleeper SQL Injection vulnerability in Mitchell Sleeper L4D Stats 1.1

SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.

7.5
2010-03-16 CVE-2010-0976 Acidcat Permissions, Privileges, and Access Controls vulnerability in Acidcat CMS

Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts.

7.5
2010-03-16 CVE-2010-0793 Barnowl Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Barnowl

Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.

7.5
2010-03-16 CVE-2010-0975 Phpcityportal Code Injection vulnerability in PHPcityportal

PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.

7.5
2010-03-16 CVE-2010-0974 Phpcityportal SQL Injection vulnerability in PHPcityportal

Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.

7.5
2010-03-16 CVE-2010-0973 Scripteverkauf SQL Injection vulnerability in Scripteverkauf Domain Verkaus and Auktions Portal

SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-03-16 CVE-2010-0972 G4J Laoneo
Joomla
Path Traversal vulnerability in G4J.Laoneo COM Gcalendar 2.1.5

Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-03-16 CVE-2010-0970 Jorik Berkepas SQL Injection vulnerability in Jorik Berkepas PHPmylogon 2.0

SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2010-03-16 CVE-2010-0968 Geekhelps SQL Injection vulnerability in Geekhelps Admp 1.01

SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter.

7.5
2010-03-16 CVE-2010-0964 Media Products SQL Injection vulnerability in Media-Products Eros Webkatalog

SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.

7.5
2010-03-15 CVE-2009-4718 Gonafish SQL Injection vulnerability in Gonafish Webstatcaffe

SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter.

7.5
2010-03-15 CVE-2009-4712 Tukanas SQL Injection vulnerability in Tukanas Easyclassifieds Script 1.0

SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.

7.5
2010-03-15 CVE-2009-4711 JAN Bednarik
Typo3
SQL Injection vulnerability in JAN Bednarik Cooluri

SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.

7.5
2010-03-15 CVE-2009-4710 Robert Heel
Typo3
SQL Injection vulnerability in Robert Heel CWT Resetbepassword

SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-15 CVE-2009-4709 Dirk Maiwert
Typo3
SQL Injection vulnerability in Dirk Maiwert Datamints Newsticker

SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-15 CVE-2009-4708 Maximo Cuadros
Typo3
SQL Injection vulnerability in Maximo Cuadros GB Fenewssubmit

SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-15 CVE-2009-4703 Typo3 SQL Injection vulnerability in Typo3 WS Gallery

SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-15 CVE-2009-4702 Markus Barchfeld
Typo3
SQL Injection vulnerability in Markus Barchfeld PM Tour

SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-15 CVE-2009-4701 Liviu Mitrofan
Typo3
SQL Injection vulnerability in Liviu Mitrofan Myth Download 0.1.0

SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-03-15 CVE-2009-4698 Alexandre Amaral
Xoops
SQL Injection vulnerability in Alexandre Amaral Xoops Celepar 1.0.1

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.

7.5
2010-03-15 CVE-2010-0122 Timeclock Software SQL Injection vulnerability in Timeclock-Software Employee Timeclock Software 0.99

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

7.5

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-16 CVE-2010-0729 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 4

A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.

6.9
2010-03-19 CVE-2010-1003 Efrontlearning Path Traversal vulnerability in Efrontlearning Efront

Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-03-19 CVE-2010-0734 Curl Permissions, Privileges, and Access Controls vulnerability in Curl Libcurl

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

6.8
2010-03-18 CVE-2009-4733 Supercrackmunkey SQL Injection vulnerability in Supercrackmunkey Simpleloginsys 0.5

SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2010-03-18 CVE-2009-4732 Technotoad SQL Injection vulnerability in Technotoad TT web Site Manager 0.5

SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter.

6.8
2010-03-18 CVE-2009-4722 Limny SQL Injection vulnerability in Limny 1.01

SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2010-03-16 CVE-2010-0983 Utilo Code Injection vulnerability in Utilo Rezervi

PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.

6.8
2010-03-16 CVE-2010-0966 Dzcp Code Injection vulnerability in Dzcp Dev!L'Z Clanportal 1.5.2

PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.

6.8
2010-03-15 CVE-2010-0624 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Cpio and TAR

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

6.8
2010-03-15 CVE-2010-0396 Debian Path Traversal vulnerability in Debian Dpkg

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

5.8
2010-03-18 CVE-2009-4725 Arabportal Path Traversal vulnerability in Arabportal Arab Portal

Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2010-03-16 CVE-2010-0967 Geekhelps Path Traversal vulnerability in Geekhelps Admp 1.01

Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/.

5.1
2010-03-19 CVE-2010-1029 Apple
Google
Resource Management Errors vulnerability in multiple products

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.

5.0
2010-03-19 CVE-2010-1007 CHI Hoang
Typo3
Information Exposure vulnerability in CHI Hoang CH Lightem

Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2010-03-18 CVE-2009-4726 Olivier Michaud Pierre Yves Path Traversal vulnerability in Olivier Michaud Pierre-Yves Quickdev4PHP

Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a ..

5.0
2010-03-16 CVE-2010-0984 Acidcat Permissions, Privileges, and Access Controls vulnerability in Acidcat CMS

Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.

5.0
2010-03-16 CVE-2010-0978 Kmsoft Permissions, Privileges, and Access Controls vulnerability in Kmsoft Guestbook 1.0

KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.

5.0
2010-03-16 CVE-2010-0977 Pordus Permissions, Privileges, and Access Controls vulnerability in Pordus PD Portal 4.0

PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.

5.0
2010-03-16 CVE-2010-0397 PHP Remote Denial of Service vulnerability in PHP 5.3.1

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.

5.0
2010-03-16 CVE-2010-0969 Nlnetlabs Resource Management Errors vulnerability in Nlnetlabs Unbound

Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

5.0
2010-03-16 CVE-2010-0965 Jevci NET Permissions, Privileges, and Access Controls vulnerability in Jevci.Net Jevci Siparis Formu Scripti

Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb.

5.0
2010-03-15 CVE-2009-4704 Typo3 Information Disclosure vulnerability in Ws Ecard

Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2010-03-15 CVE-2009-4700 Skadate Path Traversal vulnerability in Skadate Online Dating Software 5.0/6.0/6.482

Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a ..

5.0
2010-03-15 CVE-2010-0123 Timeclock Software Permissions, Privileges, and Access Controls vulnerability in Timeclock-Software Employee Timeclock Software 0.99

The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name."

5.0
2010-03-16 CVE-2010-0727 Linux
Debian
Redhat
Resource Management Errors vulnerability in multiple products

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.

4.9
2010-03-19 CVE-2009-4271 Linux Unspecified vulnerability in Linux Kernel

The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.

4.7
2010-03-16 CVE-2007-6733 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.9

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file's permissions, a related issue to CVE-2010-0727.

4.7
2010-03-19 CVE-2010-0736 Viewvc Cross-Site Scripting vulnerability in Viewvc

Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."

4.3
2010-03-19 CVE-2010-0465 Sugarcrm Cross-Site Scripting vulnerability in Sugarcrm

Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.

4.3
2010-03-19 CVE-2010-1025 Chris Wederka
Typo3
Cross-Site Scripting vulnerability in Chris Wederka TGM Newsletter 0.0.2

Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-19 CVE-2010-1023 Taskcenter Recent Project Cross-Site Scripting vulnerability in Taskcenter Recent Project Taskcenter Recent 0.0.6/0.0.7/0.1.0

Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-19 CVE-2010-1021 Mads Brunn
Typo3
Cross-Site Scripting vulnerability in Mads Brunn T3Quixplorer

Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-19 CVE-2010-1020 SK Typo3
Typo3
Cross-Site Scripting vulnerability in Sk-Typo3 SK Simplegallery 0.0.1

Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-19 CVE-2010-1014 Steffen Kamper
Typo3
Cross-Site Scripting vulnerability in Steffen Kamper Reports Logview

Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-19 CVE-2010-1011 TIM Lochmueller
Typo3
Cross-Site Scripting vulnerability in TIM Lochmueller Mydashboard

Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-19 CVE-2010-1008 Christian Hennecke
Typo3
Cross-Site Scripting vulnerability in Christian Hennecke Chsellector 0.1.0

Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-19 CVE-2010-1005 Mischa Heimann
Typo3
Cross-Site Scripting vulnerability in Mischa Heimann Yatse

Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-18 CVE-2009-4729 X10Media Cross-Site Scripting vulnerability in X10Media Adult Script 1.7

Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.

4.3
2010-03-18 CVE-2010-0421 Gnome Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Pango

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

4.3
2010-03-16 CVE-2010-0982 Joomlamo
Joomla
Path Traversal vulnerability in Joomlamo COM Cartweberp 1.56.75

Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a ..

4.3
2010-03-16 CVE-2010-0979 Obsession Design Cross-Site Scripting vulnerability in Obsession-Design Image-Gallery 1.1

Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.

4.3
2010-03-16 CVE-2010-0963 Yuri D Elia Cross-Site Scripting vulnerability in Yuri D'Elia DL

Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID.

4.3
2010-03-15 CVE-2009-4717 Gonafish Cross-Site Scripting vulnerability in Gonafish Webstatcaffe

Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.

4.3
2010-03-15 CVE-2009-4716 Edgephp Cross-Site Scripting vulnerability in Edgephp Ezwebsearch

Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.

4.3
2010-03-15 CVE-2009-4715 Phpscriptsnow Cross-Site Scripting vulnerability in PHPscriptsnow Real Time Currency Exchange

Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.

4.3
2010-03-15 CVE-2009-4714 Alexandre Amaral Cross-Site Scripting vulnerability in Alexandre Amaral Xoops Celepar 1.0.1

Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.

4.3
2010-03-15 CVE-2009-4713 Alexandre Amaral Cross-Site Scripting vulnerability in Alexandre Amaral Xoops Celepar 1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.

4.3
2010-03-15 CVE-2009-4707 Maximo Cuadros
Typo3
Cross-Site Scripting vulnerability in Maximo Cuadros GB Fenewssubmit

Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-15 CVE-2009-4706 Sebastian Winterhalder
Typo3
Cross-Site Scripting vulnerability in Sebastian Winterhalder Mailform

Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-15 CVE-2009-4705 Thomas Loeffler
Typo3
Cross-Site Scripting vulnerability in Thomas Loeffler Twittersearch 0.0.1/0.0.2

Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-15 CVE-2009-4699 Skadate Cross-Site Scripting vulnerability in Skadate Online Dating Software 5.0/6.0/6.482

Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.

4.3
2010-03-15 CVE-2010-0051 Apple Improper Input Validation vulnerability in Apple Safari

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document.

4.3
2010-03-15 CVE-2010-0044 Apple Configuration vulnerability in Apple Safari

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

4.3
2010-03-15 CVE-2010-0042 Apple
Microsoft
Information Exposure vulnerability in Apple Safari

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

4.3
2010-03-15 CVE-2010-0041 Apple
Microsoft
Information Exposure vulnerability in Apple Safari

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-16 CVE-2010-0971 Atutor Cross-Site Scripting vulnerability in Atutor 1.6.4

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php.

2.1
2010-03-15 CVE-2010-0124 Timeclock Software Credentials Management vulnerability in Timeclock-Software Employee Timeclock Software 0.99

Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

2.1