Weekly Vulnerabilities Reports > March 29 to April 4, 2010

Overview

149 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 63 products from 35 vendors including Apple, SUN, Microsoft, Google, and HP. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Code Injection", and "Improper Input Validation".

  • 140 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 140 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 57 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

34 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-01 CVE-2010-1233 Google Numeric Errors vulnerability in Google Chrome

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.

10.0
2010-04-01 CVE-2010-1230 Google Information Exposure vulnerability in Google Chrome

Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.

10.0
2010-04-01 CVE-2010-1229 Google Resource Management Errors vulnerability in Google Chrome

The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.

10.0
2010-04-01 CVE-2010-1228 Google Race Condition vulnerability in Google Chrome

Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.

10.0
2010-03-30 CVE-2010-0508 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.

10.0
2010-03-30 CVE-2010-0055 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.

10.0
2010-03-29 CVE-2010-1185 SAP Buffer Errors vulnerability in SAP Maxdb 7.4.3.32/7.6.0.37/7.6.06

Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210.

10.0
2010-04-01 CVE-2010-1225 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Virtual PC, Virtual Server and Windows Virtual PC

The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application.

9.3
2010-03-31 CVE-2010-0807 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 5.01 Service Pack 4, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 8 are not affected by this vulnerability.'

9.3
2010-03-31 CVE-2010-0805 Microsoft Code Injection vulnerability in Microsoft IE, Windows 2000 and Windows XP

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 7 and Internet Explorer 8 are not affected by this vulnerability.'

9.3
2010-03-31 CVE-2010-0492 Microsoft Code Injection vulnerability in Microsoft products

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 6 and Internet Explorer 7 are not affected by this vulnerability.'

9.3
2010-03-31 CVE-2010-0491 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 7 and Internet Explorer 8 are not affected by this vulnerability.'

9.3
2010-03-31 CVE-2010-0490 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 5.01 Service Pack 4 is not affected by this vulnerability.'

9.3
2010-03-31 CVE-2010-0489 Microsoft Race Condition vulnerability in Microsoft products

Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 8 is not affected by this vulnerability.'

9.3
2010-03-31 CVE-2010-0267 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 are not affected by this vulnerability.'

9.3
2010-03-31 CVE-2010-0536 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.

9.3
2010-03-31 CVE-2010-0529 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.

9.3
2010-03-31 CVE-2010-0528 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.

9.3
2010-03-31 CVE-2010-0527 Apple
Microsoft
Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

9.3
2010-03-30 CVE-2010-0512 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.

9.3
2010-03-29 CVE-2010-1180 Apple Code Injection vulnerability in Apple Safari

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.

9.3
2010-03-29 CVE-2010-1179 Apple Numeric Errors vulnerability in Apple Safari

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.

9.3
2010-03-29 CVE-2010-1177 Apple Code Injection vulnerability in Apple Safari

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.

9.3
2010-03-29 CVE-2010-1176 Apple Code Injection vulnerability in Apple Safari

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.

9.3
2010-03-29 CVE-2010-1175 Microsoft Unspecified vulnerability in Microsoft IE 7.0

Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."

9.3
2010-03-29 CVE-2009-4761 Mini Stream Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mini-Stream RM Downloader

Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.

9.3
2010-03-29 CVE-2009-4759 Joric Buffer Errors vulnerability in Joric Bmxplay 0.4.4B

Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.

9.3
2010-03-29 CVE-2009-4758 Dicas Buffer Errors vulnerability in Dicas Mpegable Player 2.12

Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.

9.3
2010-03-29 CVE-2009-4757 Evils World Buffer Errors vulnerability in Evils-World Ew-Musicplayer 0.8

Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file.

9.3
2010-03-29 CVE-2009-4756 Beatport Buffer Errors vulnerability in Beatport Player 1.0.0.0

Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.

9.3
2010-03-29 CVE-2009-4755 Mercuryaudio Buffer Errors vulnerability in Mercuryaudio Audio Player 1.21

Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.

9.3
2010-03-29 CVE-2009-4754 Mercuryaudio Buffer Errors vulnerability in Mercuryaudio Audio Player 1.21

Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.

9.3
2010-03-30 CVE-2010-0522 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 10.5.8

Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.

9.0
2010-03-30 CVE-2010-0510 Apple Credentials Management vulnerability in Apple mac OS X Server

Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-31 CVE-2010-0450 HP Privilege Escalation vulnerability in HP SOA Registry Foundation 6.63/6.64

Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors.

8.5
2010-03-30 CVE-2010-0500 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."

7.8
2010-03-29 CVE-2010-1184 Microsoft Cryptographic Issues vulnerability in Microsoft 27Mhz Wireless Keyboard

The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.

7.6
2010-04-01 CVE-2010-1237 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.

7.5
2010-04-01 CVE-2010-1234 Google Remote Security vulnerability in Chrome

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.

7.5
2010-04-01 CVE-2010-1231 Google Remote Security vulnerability in Chrome

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.

7.5
2010-04-01 CVE-2010-0686 Vmware Improper Input Validation vulnerability in VMWare ESX Server, Server and Virtualcenter

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."

7.5
2010-04-01 CVE-2010-0850 SUN Remote Java 2D vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0849 SUN Unspecified vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0848 SUN Remote Java 2D vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0847 SUN Remote Java 2D vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0846 SUN Remote Heap Buffer Overflow vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0844 SUN Unspecified vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0843 SUN Remote Code Execution vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0842 SUN Remote Code Execution vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0841 SUN Remote Code Execution vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0840 SUN Remote Code Execution vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0839 SUN Remote Sound vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0838 SUN Remote Stack Buffer Overflow vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0837 SUN Remote vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0094 SUN Remote Java Runtime Environment vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-04-01 CVE-2010-0087 SUN Remote vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-03-30 CVE-2010-0524 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.

7.5
2010-03-30 CVE-2010-0504 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Server

Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5
2010-03-30 CVE-2010-0533 Apple Path Traversal vulnerability in Apple mac OS X and mac OS X Server

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

7.5
2010-03-30 CVE-2010-0057 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

7.5
2010-03-29 CVE-2010-1182 IBM Unspecified vulnerability in IBM Websphere Application Server

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors.

7.5
2010-03-29 CVE-2009-4762 Moinmo Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

7.5
2010-03-30 CVE-2010-0509 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.

7.2
2010-03-30 CVE-2010-0498 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.

7.2
2010-03-31 CVE-2010-1188 Linux Resource Management Errors vulnerability in Linux Kernel

Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed.

7.1
2010-03-29 CVE-2009-4753 NAS Adapter Buffer Errors vulnerability in NAS Adapter Nasu2Fw41 1.17

Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command.

7.1

79 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-04-01 CVE-2010-1031 HP Local Privilege Escalation vulnerability in HP Insight Control for Linux

Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors.

6.9
2010-03-31 CVE-2010-0532 Apple
Microsoft
Race Condition vulnerability in Apple Itunes

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

6.9
2010-03-30 CVE-2010-0064 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.

6.9
2010-04-01 CVE-2010-0095 SUN Remote Java Runtime Environment vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.

6.8
2010-04-01 CVE-2010-0088 SUN Remote Java Runtime Environme vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.

6.8
2010-03-31 CVE-2010-1194 Stafford Uklinux Cryptographic Issues vulnerability in Stafford.Uklinux Libesmtp

The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.

6.8
2010-03-31 CVE-2010-1192 Stafford Uklinux Cryptographic Issues vulnerability in Stafford.Uklinux Libesmtp

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

6.8
2010-03-30 CVE-2010-1219 COM Janews
Joomla
Path Traversal vulnerability in COM Janews COM Janews 1.0

Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a ..

6.8
2010-03-30 CVE-2010-1216 Notsopureedit Code Injection vulnerability in Notsopureedit

PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.

6.8
2010-03-30 CVE-2009-4763 Phpmyvisites Security vulnerability in phpMyVisites ClickHeat Plugin

Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors.

6.8
2010-03-30 CVE-2010-0520 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.

6.8
2010-03-30 CVE-2010-0519 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.

6.8
2010-03-30 CVE-2010-0518 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.

6.8
2010-03-30 CVE-2010-0517 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.

6.8
2010-03-30 CVE-2010-0516 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.

6.8
2010-03-30 CVE-2010-0515 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.

6.8
2010-03-30 CVE-2010-0514 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.

6.8
2010-03-30 CVE-2010-0513 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.

6.8
2010-03-30 CVE-2010-0507 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.

6.8
2010-03-30 CVE-2010-0506 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.

6.8
2010-03-30 CVE-2010-0505 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.

6.8
2010-03-30 CVE-2010-0501 Apple Path Traversal vulnerability in Apple mac OS X Server

Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.

6.8
2010-03-30 CVE-2010-0497 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

6.8
2010-03-30 CVE-2010-0065 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.

6.8
2010-03-30 CVE-2010-0063 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.

6.8
2010-03-30 CVE-2010-0062 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.

6.8
2010-03-30 CVE-2010-0060 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.

6.8
2010-03-30 CVE-2010-0059 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.

6.8
2010-03-30 CVE-2010-0056 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

6.8
2010-03-30 CVE-2010-0535 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

6.5
2010-03-30 CVE-2010-0503 Apple Resource Management Errors vulnerability in Apple mac OS X Server

Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

6.5
2010-03-31 CVE-2010-1191 Sahanafoundation Improper Authentication vulnerability in Sahanafoundation Sahana 0.6.2.2

Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module.

6.4
2010-03-30 CVE-2010-0058 Apple Configuration vulnerability in Apple mac OS X and mac OS X Server

freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.

6.4
2010-03-30 CVE-2009-2801 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."

6.4
2010-04-01 CVE-2010-0090 SUN Remote Java Web Start vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.

5.8
2010-04-01 CVE-2010-0845 SUN Remote HotSpot Server vulnerability in SUN JDK and JRE

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.1
2010-04-01 CVE-2010-0093 SUN Remote vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.

5.1
2010-04-01 CVE-2010-0092 SUN Remote vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.1
2010-04-01 CVE-2010-0085 SUN Remote Java Runtime Environment vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.

5.1
2010-04-01 CVE-2010-0082 SUN HotSpot Server Remote vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.1
2010-04-01 CVE-2010-1232 Google Resource Management Errors vulnerability in Google Chrome

Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.

5.0
2010-04-01 CVE-2010-1226 Apple Improper Input Validation vulnerability in Apple Iphone OS 3.1/3.1.3

The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.

5.0
2010-04-01 CVE-2010-0089 SUN Remote Java Web Start vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.

5.0
2010-04-01 CVE-2010-0084 SUN Remote vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.

5.0
2010-03-31 CVE-2010-1189 Mediawiki Improper Input Validation vulnerability in Mediawiki

MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."

5.0
2010-03-31 CVE-2010-0448 HP Information Disclosure vulnerability in HP SOA Registry Foundation 6.63/6.64

Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors.

5.0
2010-03-30 CVE-2010-0525 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message.

5.0
2010-03-30 CVE-2010-0523 Apple Information Exposure vulnerability in Apple mac OS X Server 10.5.8

Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.

5.0
2010-03-30 CVE-2010-0521 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.

5.0
2010-03-30 CVE-2010-0511 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 10.6.0/10.6.1/10.6.2

Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors.

5.0
2010-03-29 CVE-2010-1174 Cisco Improper Input Validation vulnerability in Cisco Tftp Server 1.1

Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet.

5.0
2010-03-29 CVE-2009-4760 Winn Permissions, Privileges, and Access Controls vulnerability in Winn ASP Guestbook 1.01

Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb.

5.0
2010-03-31 CVE-2010-1187 Linux
Canonical
Debian
Null Pointer Dereference vulnerability in multiple products

The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference.

4.9
2010-03-31 CVE-2010-1030 HP Local Denial Of Service vulnerability in HP Hp-Ux B.11.31

Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.

4.4
2010-04-01 CVE-2010-1236 Google
Flock
Cross-Site Scripting vulnerability in multiple products

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

4.3
2010-04-01 CVE-2010-1235 Google Improper Input Validation vulnerability in Google Chrome

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.

4.3
2010-04-01 CVE-2010-1227 SUN Cross-Site Scripting vulnerability in SUN Java System Communications Express

Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.

4.3
2010-04-01 CVE-2010-1224 Digium Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

4.3
2010-04-01 CVE-2010-1193 Vmware Cross-Site Scripting vulnerability in VMWare Server 2.0.0

Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.

4.3
2010-04-01 CVE-2010-1137 Vmware Cross-Site Scripting vulnerability in VMWare ESX Server, Server and Virtualcenter

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.

4.3
2010-04-01 CVE-2010-0768 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2010-04-01 CVE-2009-2277 Vmware Cross-Site Scripting vulnerability in VMWare ESX Server and Virtualcenter

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."

4.3
2010-04-01 CVE-2010-0091 SUN Remote Java Runtime Environment vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.

4.3
2010-03-31 CVE-2010-0494 Microsoft Information Exposure vulnerability in Microsoft products

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 5.01 Service Pack 4 is not affected by this vulnerability.'

4.3
2010-03-31 CVE-2010-0488 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx 'Internet Explorer 8 is not affected by this vulnerability.'

4.3
2010-03-31 CVE-2010-0531 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.

4.3
2010-03-31 CVE-2010-1195 Ikiwiki Cross-Site Scripting vulnerability in Ikiwiki

Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.

4.3
2010-03-31 CVE-2010-1190 Mediawiki Permissions, Privileges, and Access Controls vulnerability in Mediawiki

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

4.3
2010-03-31 CVE-2010-0449 HP Cross-Site Scripting vulnerability in HP SOA Registry Foundation 6.63/6.64

Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2010-03-30 CVE-2010-1218 MM Forum
Typo3
Cross-Site Scripting vulnerability in MM Forum Mmforum

Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-03-30 CVE-2010-1217 JE Form Creator
Joomla
Path Traversal vulnerability in JE Form Creator JE Form Creator

Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php.

4.3
2010-03-30 CVE-2010-0526 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.

4.3
2010-03-30 CVE-2010-0502 Apple Unspecified vulnerability in Apple mac OS X Server

iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type.

4.3
2010-03-29 CVE-2010-1181 Apple Improper Input Validation vulnerability in Apple Iphone OS 3.1.3

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.

4.3
2010-03-29 CVE-2010-1178 Apple Unspecified vulnerability in Apple Safari

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.

4.3
2010-03-29 CVE-2010-0452 HP Cross-Site Scripting vulnerability in HP Project and Portfolio Management Center

Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-04-01 CVE-2010-0770 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.

4.0
2010-03-30 CVE-2010-0534 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests.

4.0
2010-03-29 CVE-2010-0451 HP Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.31/B.11.31

The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-03-29 CVE-2010-1183 SUN Link Following vulnerability in SUN Solaris

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

3.3
2010-03-31 CVE-2010-0132 Viewvc Cross-Site Scripting vulnerability in Viewvc

Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.

2.6
2010-03-30 CVE-2010-0537 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.

2.6
2010-04-01 CVE-2010-0769 IBM Credentials Management vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

1.9