Weekly Vulnerabilities Reports > March 22 to 28, 2010

Overview

137 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 50 high severity vulnerabilities. This weekly summary report vulnerabilities in 109 products from 80 vendors including Mozilla, Cisco, Microsoft, Phpkobo, and Apple. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 135 reported vulnerabilities are remotely exploitables.
  • 35 reported vulnerabilities have public exploit available.
  • 73 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 133 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-26 CVE-2009-4741 Skype
Microsoft
Unspecified vulnerability in EasyBits Extras Manager

Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.

10.0
2010-03-25 CVE-2010-1122 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028.

10.0
2010-03-25 CVE-2010-1121 Mozilla Code Injection vulnerability in Mozilla Firefox 3.6/3.6.1/3.6.2

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

10.0
2010-03-25 CVE-2010-1120 Apple Code Injection vulnerability in Apple Safari 4.0

Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.

10.0
2010-03-25 CVE-2010-1119 Apple
Microsoft
Resource Management Errors vulnerability in Apple products

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.

10.0
2010-03-25 CVE-2010-1118 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 8

Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.

10.0
2010-03-25 CVE-2010-0581 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."

10.0
2010-03-25 CVE-2010-0580 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."

10.0
2010-03-23 CVE-2010-1041 IBM Unspecified vulnerability in IBM DB2 Content Manager 8.3

Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors.

10.0
2010-03-27 CVE-2010-1132 Georg Greve OS Command Injection vulnerability in Georg Greve Spamassassin Milter Plugin 0.3.1

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

9.3
2010-03-25 CVE-2010-0167 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.

9.3
2010-03-25 CVE-2010-0165 Mozilla Buffer Errors vulnerability in Mozilla Firefox 3.6

The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function.

9.3
2010-03-25 CVE-2010-0164 Mozilla Resource Management Errors vulnerability in Mozilla Firefox 3.6

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.

9.3

50 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-26 CVE-2010-1124 IBM Remote Denial of Service vulnerability in IBM AIX 'getaddrinfo()'

bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses."

7.8
2010-03-25 CVE-2010-0586 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability."

7.8
2010-03-25 CVE-2010-0585 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."

7.8
2010-03-25 CVE-2010-0584 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.

7.8
2010-03-25 CVE-2010-0583 Cisco Resource Management Errors vulnerability in Cisco IOS 12.1Xu/12.1Yd/12.2B

Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.

7.8
2010-03-25 CVE-2010-0582 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.

7.8
2010-03-25 CVE-2010-0579 Cisco Unspecified vulnerability in Cisco IOS

The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."

7.8
2010-03-25 CVE-2010-0578 Cisco Cryptographic Issues vulnerability in Cisco IOS

The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.

7.8
2010-03-25 CVE-2010-0576 Cisco Denial of Service vulnerability in Cisco IOS Multiprotocol Label Switching (MPLS) Malformed Packet

Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893.

7.8
2010-03-25 CVE-2010-1117 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 8.0.6001

Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.

7.6
2010-03-25 CVE-2010-0168 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox 3.6/3.6.1

The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.

7.6
2010-03-27 CVE-2010-1136 Tiki Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

7.5
2010-03-27 CVE-2010-1135 Tiki Credentials Management vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

7.5
2010-03-27 CVE-2010-1134 Tiki SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware

SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.

7.5
2010-03-27 CVE-2010-1133 Tiki SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1

Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.

7.5
2010-03-26 CVE-2010-1129 PHP Improper Input Validation vulnerability in PHP

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.

7.5
2010-03-26 CVE-2009-4752 Phppower Code Injection vulnerability in PHPpower Swinger Club Portal

PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.

7.5
2010-03-26 CVE-2009-4751 Phppower SQL Injection vulnerability in PHPpower Swinger Club Portal

SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.

7.5
2010-03-26 CVE-2009-4749 Phplivesupport SQL Injection vulnerability in PHPlivesupport PHP Live! 3.2.1/3.2.2

Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.

7.5
2010-03-26 CVE-2009-4748 Andrew Charlton
Wordpress
SQL Injection vulnerability in Andrew Charlton MY Category Order

SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.

7.5
2010-03-26 CVE-2009-4747 Tecnick Code Injection vulnerability in Tecnick Aiocp 1.4.001

PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220.

7.5
2010-03-26 CVE-2009-4745 Dreamlevels SQL Injection vulnerability in Dreamlevels Dreampoll 3.1

Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action.

7.5
2010-03-26 CVE-2009-4742 Docebo SQL Injection vulnerability in Docebo 3.6.0.3

Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php.

7.5
2010-03-26 CVE-2009-4740 Typo3 Path Traversal vulnerability in Typo3 WS Ecard 1.0.2

Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.

7.5
2010-03-26 CVE-2010-0731 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Gnutls

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

7.5
2010-03-25 CVE-2010-1114 Comscripts Code Injection vulnerability in Comscripts web Server Creator web Portal 0.1

Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.

7.5
2010-03-25 CVE-2010-1106 Advertisementmanager Code Injection vulnerability in Advertisementmanager 3.1.0

PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter.

7.5
2010-03-24 CVE-2010-1096 Scriptsfeed SQL Injection vulnerability in Scriptsfeed Dating Software

Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters.

7.5
2010-03-24 CVE-2010-1094 Miethner Scripting SQL Injection vulnerability in Miethner-Scripting DZ Erotik Auktionshaus V4Rgo

SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-03-24 CVE-2010-1092 Scriptsfeed SQL Injection vulnerability in Scriptsfeed Business Directory Software

Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.

7.5
2010-03-24 CVE-2010-1090 Phpmysite SQL Injection vulnerability in PHPmysite

SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.

7.5
2010-03-24 CVE-2010-1089 Phptroubleticket SQL Injection vulnerability in PHPtroubleticket PHP Trouble Ticket 2.2

SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-03-23 CVE-2010-1078 Sphere Xlentprojects SQL Injection vulnerability in Sphere.Xlentprojects Spherecms 1.1

SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.

7.5
2010-03-23 CVE-2010-1075 Entrylevelcms SQL Injection vulnerability in Entrylevelcms EL CMS

SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter.

7.5
2010-03-23 CVE-2010-1073 Joshprakash
Joomla
SQL Injection vulnerability in Joshprakash COM Jembed

SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php.

7.5
2010-03-23 CVE-2010-1071 Phpmdj SQL Injection vulnerability in PHPmdj 1.0.3

SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-03-23 CVE-2010-1070 Imagoscripts SQL Injection vulnerability in Imagoscripts Deviant ART Clone

SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action.

7.5
2010-03-23 CVE-2010-1069 Proarcadescript SQL Injection vulnerability in Proarcadescript

SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-03-23 CVE-2010-1054 Parscms SQL Injection vulnerability in Parscms

Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.

7.5
2010-03-23 CVE-2010-1051 Alexandre Dubus SQL Injection vulnerability in Alexandre Dubus Audistat 1.3

Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters.

7.5
2010-03-23 CVE-2010-1050 Alexandre Dubus SQL Injection vulnerability in Alexandre Dubus Audistat 1.3

SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.

7.5
2010-03-23 CVE-2010-1049 Uiga SQL Injection vulnerability in Uiga Business Portal

Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.

7.5
2010-03-23 CVE-2010-1047 Masa2El SQL Injection vulnerability in Masa2El Music City 1.0/1.1

SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.

7.5
2010-03-23 CVE-2010-1046 Ryan Marshall SQL Injection vulnerability in Ryan Marshall Rostermain

Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.

7.5
2010-03-23 CVE-2010-1045 Design Cars
Joomla
SQL Injection vulnerability in Design-Cars COM Productbook 1.0.4

SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

7.5
2010-03-23 CVE-2010-1044 Manageengine SQL Injection vulnerability in Manageengine Oputils 5.0

SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.

7.5
2010-03-23 CVE-2010-1043 Jaxcms Path Traversal vulnerability in Jaxcms 1.0

Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.

7.5
2010-03-24 CVE-2010-0619 Lexmark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lexmark X94X

Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command.

7.3
2010-03-25 CVE-2010-0577 Cisco Resource Management Errors vulnerability in Cisco IOS

Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.

7.1
2010-03-23 CVE-2009-3385 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Seamonkey

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

7.1

71 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-26 CVE-2010-0439 Chip Salzenberg Link Following vulnerability in Chip Salzenberg Deliver 2.1.14

Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.

6.9
2010-03-26 CVE-2009-4750 Phppower Code Injection vulnerability in PHPpower TOP Paidmailer

PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

6.8
2010-03-26 CVE-2009-4739 Skadate Code Injection vulnerability in Skadate Online Dating Software

PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter.

6.8
2010-03-25 CVE-2010-1109 Djayp SQL Injection vulnerability in Djayp PHPmysport 1.4

Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action.

6.8
2010-03-24 CVE-2010-1097 Dedecms Improper Authentication vulnerability in Dedecms 5.5

include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.

6.8
2010-03-24 CVE-2010-1093 1024Cms SQL Injection vulnerability in 1024Cms 1024 CMS 2.1.1

SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.

6.8
2010-03-23 CVE-2010-1077 Vbseo
Vbulletin
Path Traversal vulnerability in Vbseo 3.1.0

Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.

6.8
2010-03-23 CVE-2010-1063 Phpkobo Path Traversal vulnerability in PHPkobo Free Real Estate Contact Form Script 1.09

Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php.

6.8
2010-03-23 CVE-2010-1062 Phpkobo Path Traversal vulnerability in PHPkobo Free Real Estate Contact Form Script 1.09

Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-03-23 CVE-2010-1061 Phpkobo Path Traversal vulnerability in PHPkobo Short URL 1.01

Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php.

6.8
2010-03-23 CVE-2010-1060 Phpkobo Path Traversal vulnerability in PHPkobo Short URL 1.01

Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-03-23 CVE-2010-1059 Phpkobo Path Traversal vulnerability in PHPkobo Address Book Script 1.09

Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter.

6.8
2010-03-23 CVE-2010-1058 Phpkobo Path Traversal vulnerability in PHPkobo Address Book Script 1.09

Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-03-23 CVE-2010-1057 Phpkobo Path Traversal vulnerability in PHPkobo Adfreely 1.01

Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php.

6.8
2010-03-23 CVE-2010-1056 Rockettheme
Joomla
Path Traversal vulnerability in Rockettheme COM Rokdownloads

Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

6.8
2010-03-23 CVE-2010-1053 Zentracking SQL Injection vulnerability in Zentracking ZEN Time Tracking

Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php.

6.8
2010-03-26 CVE-2010-1128 PHP Cryptographic Issues vulnerability in PHP

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

6.4
2010-03-26 CVE-2010-0988 Pulsecms Code Injection vulnerability in Pulsecms Pulse CMS

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.

6.0
2010-03-26 CVE-2010-1126 Apple Information Exposure vulnerability in Apple Webkit

The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.

5.8
2010-03-26 CVE-2010-1125 Mozilla Information Exposure vulnerability in Mozilla Firefox and Seamonkey

The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.

5.8
2010-03-23 CVE-2010-1040 Tejimaya Improper Authentication vulnerability in Tejimaya Openpne

The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.

5.8
2010-03-26 CVE-2010-0989 Pulsecms Path Traversal vulnerability in Pulsecms Pulse CMS

Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.

5.5
2010-03-25 CVE-2010-0166 Mozilla
Apple
Buffer Errors vulnerability in Mozilla Firefox 3.6

The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.

5.1
2010-03-23 CVE-2010-1055 Tufat Code Injection vulnerability in Tufat Osdate 2.1.9/2.5.4

Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php.

5.1
2010-03-26 CVE-2010-1130 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a ..

5.0
2010-03-26 CVE-2010-1127 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.

5.0
2010-03-25 CVE-2010-0628 MIT Denial Of Service vulnerability in MIT Kerberos 'gss_accept_sec_context()'

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.

5.0
2010-03-25 CVE-2010-0169 Mozilla Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.

5.0
2010-03-25 CVE-2010-1116 Aspindir Permissions, Privileges, and Access Controls vulnerability in Aspindir Lookmer Muzik Portal

LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb.

5.0
2010-03-25 CVE-2010-1115 Comscripts Path Traversal vulnerability in Comscripts web Server Creator web Portal 0.1

Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a ..

5.0
2010-03-25 CVE-2010-1110 Djayp Path Traversal vulnerability in Djayp PHPmysport 1.4

Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a ..

5.0
2010-03-24 CVE-2010-1103 Mesadynamics Numeric Errors vulnerability in Mesadynamics Stainless

Integer overflow in Stainless allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

5.0
2010-03-24 CVE-2010-1102 Omnigroup Numeric Errors vulnerability in Omnigroup Omniweb

Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

5.0
2010-03-24 CVE-2010-1101 Icab Numeric Errors vulnerability in Icab

Integer overflow in Alexander Clauss iCab allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

5.0
2010-03-24 CVE-2010-1100 Arora Browser Numeric Errors vulnerability in Arora-Browser Arora

Integer overflow in Arora allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

5.0
2010-03-24 CVE-2010-1099 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

5.0
2010-03-24 CVE-2010-0618 Lexmark Remote Denial of Service vulnerability in Multiple Lexmark Laser Printers FTP Service

The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections.

5.0
2010-03-23 CVE-2010-1081 Corejoomla
Joomla
Path Traversal vulnerability in Corejoomla COM Communitypolls

Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2010-03-23 CVE-2010-1067 Hasmir Alic Permissions, Privileges, and Access Controls vulnerability in Hasmir Alic E-Membres 1.0

E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.

5.0
2010-03-23 CVE-2010-1066 THE Ghost Permissions, Privileges, and Access Controls vulnerability in The-Ghost AR web Content Manager 2.1

AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.

5.0
2010-03-23 CVE-2010-1065 Lebisoft Permissions, Privileges, and Access Controls vulnerability in Lebisoft Ziyaretci Defteri 7.4/7.5

Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb.

5.0
2010-03-23 CVE-2010-1064 Aspindir Permissions, Privileges, and Access Controls vulnerability in Aspindir Erolife Ajxgaleri VT

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.

5.0
2010-03-27 CVE-2010-1131 Apple
Microsoft
Remote Denial Of Service vulnerability in Apple Safari 4.0.5

JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.

4.3
2010-03-26 CVE-2009-4746 Dreamlevels Cross-Site Scripting vulnerability in Dreamlevels Dreampoll 3.1

Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action.

4.3
2010-03-26 CVE-2009-4744 Oicgroup Cross-Site Scripting vulnerability in Oicgroup Exponent CMS 0.97Ga20090213

Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

4.3
2010-03-26 CVE-2009-4743 Afterlogic Cross-Site Scripting vulnerability in Afterlogic Webmail PRO 4.5

Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.

4.3
2010-03-26 CVE-2009-4505 Alkacon Cross-Site Scripting vulnerability in Alkacon Oamp Comments 1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.

4.3
2010-03-25 CVE-2010-0172 Mozilla Multiple vulnerability in Mozilla Firefox 3.6

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.

4.3
2010-03-25 CVE-2010-0171 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object.

4.3
2010-03-25 CVE-2010-0170 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox 3.6

Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.

4.3
2010-03-25 CVE-2010-1113 Comscripts Cross-Site Scripting vulnerability in Comscripts web Server Creator web Portal 0.1

Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.

4.3
2010-03-25 CVE-2010-1112 Tristan Barczyk Cross-Site Scripting vulnerability in Tristan Barczyk Klonews 2.0

Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2010-03-25 CVE-2010-1111 Easysitenetwork Cross-Site Scripting vulnerability in Easysitenetwork Jokes Complete Website

Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.

4.3
2010-03-25 CVE-2010-1105 Advertisementmanager Cross-Site Scripting vulnerability in Advertisementmanager 3.1.0/3.6

Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter.

4.3
2010-03-25 CVE-2010-1104 Zope Cross-Site Scripting vulnerability in Zope

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

4.3
2010-03-24 CVE-2009-2907 Springsource Cross-Site Scripting vulnerability in Springsource Application Management Suite, Hyperic HQ and TC Server

Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields." Per: http://www.springsource.com/security/cve-2009-2907 'Mitigation: * Hyperic HQ Open Source users should upgrade to Hyperic HQ 4.2.x * Hyperic HQ 4.0 Enterprise users should upgrade to 4.2.x or 4.0.3.2 * Hyperic HQ 4.1 Enterprise users should upgrade to 4.2.x or 4.1.2.1 * Users of any earlier Enterprise version should upgrade to 4.2.x * AMS users should upgrade to 2.0.0.SR4 * tc Server users should upgrade to AMS 2.0.0.SR4 To protect against this issue until systems have been upgraded and/or patches have been applied, system administrators should ensure untrusted users do not have the necessary privileges to create alerts.'

4.3
2010-03-24 CVE-2010-1095 JAN Schutze Cross-Site Scripting vulnerability in JAN Schutze Truc 0.10.0/0.11.0/0.9.0

Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2010-03-24 CVE-2010-1091 Phpmysite Cross-Site Scripting vulnerability in PHPmysite

Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.

4.3
2010-03-23 CVE-2010-1082 Openinferno Path Traversal vulnerability in Openinferno Oi.Blogs 1.0.0

Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter to javascript/loadScripts.php.

4.3
2010-03-23 CVE-2010-1080 Pulsecms Cross-Site Scripting vulnerability in Pulsecms Pulse CMS 1.2.2

Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.

4.3
2010-03-23 CVE-2010-1079 Sawmill Cross-Site Scripting vulnerability in Sawmill

Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-23 CVE-2010-1076 Entrylevelcms Cross-Site Scripting vulnerability in Entrylevelcms EL CMS

Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message.

4.3
2010-03-23 CVE-2010-1074 2Bits
Drupal
Cross-Site Scripting vulnerability in 2Bits Currency

Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.

4.3
2010-03-23 CVE-2010-1072 Sniggabo Cross-Site Scripting vulnerability in Sniggabo CMS 2.21

Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2010-03-23 CVE-2010-1068 Netwin Cross-Site Scripting vulnerability in Netwin Surgeftp 2.3A6

Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.

4.3
2010-03-23 CVE-2009-4736 Sensesites Cross-Site Scripting vulnerability in Sensesites Commonsense CMS 5.0

Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2010-03-23 CVE-2010-1052 Alexandre Dubus Cross-Site Scripting vulnerability in Alexandre Dubus Audistat 1.3

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters.

4.3
2010-03-23 CVE-2010-1048 Uiga Cross-Site Scripting vulnerability in Uiga Business Portal

Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action.

4.3
2010-03-23 CVE-2010-1042 Microsoft Remote Memory Corruption vulnerability in Microsoft Windows Media Player AVI File Colorspace Conversion

Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file.

4.3
2010-03-23 CVE-2010-0163 Mozilla Denial of Service vulnerability in Mozilla Seamonkey and Thunderbird

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.

4.3
2010-03-23 CVE-2010-0161 Mozilla
Microsoft
Resource Management Errors vulnerability in Mozilla Seamonkey and Thunderbird

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-25 CVE-2010-1108 Hashmarkconsulting
Drupal
Cross-Site Scripting vulnerability in Hashmarkconsulting Controlpanel

Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.

3.5
2010-03-25 CVE-2010-1107 Fourkitchens
Drupal
Cross-Site Scripting vulnerability in Fourkitchens Recent Comments

Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."

3.5
2010-03-26 CVE-2010-1123 Chip Salzenberg Race Condition vulnerability in Chip Salzenberg Deliver 2.1.14

Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes.

2.1