Weekly Vulnerabilities Reports > July 26 to August 1, 2010

Overview

88 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 73 products from 54 vendors including Apple, Microsoft, Mozilla, Typo3, and Joomla. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".

  • 87 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities have public exploit available.
  • 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 85 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

31 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-30 CVE-2010-2755 Mozilla Resource Management Errors vulnerability in Mozilla Firefox 3.6.7

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element.

10.0
2010-07-28 CVE-2010-2902 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2010-07-28 CVE-2010-2901 Google
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2010-07-28 CVE-2010-2900 Google Unspecified vulnerability in Google Chrome

Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.

10.0
2010-07-28 CVE-2010-2898 Google Unspecified vulnerability in Google Chrome

Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.

10.0
2010-07-28 CVE-2010-2897 Google Remote Security vulnerability in Chrome

Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.

10.0
2010-07-28 CVE-2010-2704 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.

10.0
2010-07-28 CVE-2010-2703 HP
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.

10.0
2010-07-28 CVE-2010-0211 Openldap
Vmware
Opensuse
Apple
Unchecked Return Value vulnerability in multiple products

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

9.8
2010-07-30 CVE-2010-2752 Mozilla Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.

9.3
2010-07-30 CVE-2010-1793 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.

9.3
2010-07-30 CVE-2010-1792 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.

9.3
2010-07-30 CVE-2010-1791 Apple
Microsoft
Numeric Errors vulnerability in Apple Safari and Webkit

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

9.3
2010-07-30 CVE-2010-1790 Apple
Microsoft
Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0.1 and 4.1.1

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."

9.3
2010-07-30 CVE-2010-1789 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

9.3
2010-07-30 CVE-2010-1788 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.

9.3
2010-07-30 CVE-2010-1787 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.

9.3
2010-07-30 CVE-2010-1786 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.

9.3
2010-07-30 CVE-2010-1785 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

9.3
2010-07-30 CVE-2010-1784 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3
2010-07-30 CVE-2010-1783 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3
2010-07-30 CVE-2010-1782 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.

9.3
2010-07-30 CVE-2010-1780 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.

9.3
2010-07-30 CVE-2010-1214 Mozilla Numeric Errors vulnerability in Mozilla Firefox and Seamonkey

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.

9.3
2010-07-30 CVE-2010-1212 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Thunderbird

js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.

9.3
2010-07-30 CVE-2010-1211 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2010-07-30 CVE-2010-1209 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.

9.3
2010-07-30 CVE-2010-1777 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes

Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.

9.3
2010-07-28 CVE-2009-4964 Ksplayer Buffer Errors vulnerability in Ksplayer KSP Sound Player 2006

Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file.

9.3
2010-07-28 CVE-2009-4962 Adammo Buffer Errors vulnerability in Adammo FAT Player 0.6

Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file.

9.3
2010-07-28 CVE-2010-0833 Likewise Improper Authentication vulnerability in Likewise Cifs and Likewise Open

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

9.3

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-30 CVE-2010-2753 Mozilla
Suse
Opensuse
Use After Free vulnerability in multiple products

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.

8.8
2010-07-30 CVE-2010-1208 Mozilla Use After Free vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.

8.8
2010-07-28 CVE-2010-1577 Cisco Path Traversal vulnerability in Cisco Content Delivery System and Internet Streamer

Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.

7.8
2010-07-30 CVE-2010-2926 Solucija SQL Injection vulnerability in Solucija Snews 1.7

SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2010-07-30 CVE-2010-2925 Openfreeway SQL Injection vulnerability in Openfreeway Freeway 1.4.3.210

SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.

7.5
2010-07-30 CVE-2010-2924 Silvercover
Wordpress
SQL Injection vulnerability in Silvercover Mylinksdump Plugin 1.2

SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter.

7.5
2010-07-30 CVE-2010-2923 Prasanna
Joomla
SQL Injection vulnerability in Prasanna COM Youtube 1.5

SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.

7.5
2010-07-30 CVE-2010-2922 ALI Kenan SQL Injection vulnerability in ALI Kenan AKY Blog

SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-07-30 CVE-2010-2921 Photoindochina
Joomla
SQL Injection vulnerability in Photoindochina COM Golfcourseguide 0.9.6.0

SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.

7.5
2010-07-30 CVE-2010-2919 Joomlaxt
Joomla
SQL Injection vulnerability in Joomlaxt COM Staticxt

SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2010-07-30 CVE-2010-2918 Visocrea
Joomla
Code Injection vulnerability in Visocrea COM Joomla Visites 1.1

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2010-07-30 CVE-2010-2916 Ajsquare SQL Injection vulnerability in Ajsquare AJ Hyip Meridian

SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-07-30 CVE-2010-2915 Ajsquare SQL Injection vulnerability in Ajsquare AJ Hyip Prime

SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-07-28 CVE-2010-2912 Kayako SQL Injection vulnerability in Kayako Esupport 3.70.02

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.

7.5
2010-07-28 CVE-2010-2911 Kayako SQL Injection vulnerability in Kayako Esupport 3.70.02

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

7.5
2010-07-28 CVE-2010-2910 Joomla
Alexred
SQL Injection vulnerability in Alexred COM Oziogallery

SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

7.5
2010-07-28 CVE-2010-2908 Joomdle
Joomla
SQL Injection vulnerability in Joomdle COM Joomdle

SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.

7.5
2010-07-28 CVE-2010-2907 Huruhelpdesk
Joomla
SQL Injection vulnerability in Huruhelpdesk COM Huruhelpdesk

SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.

7.5
2010-07-28 CVE-2010-2906 Brotherscripts
Scriptsfeed
SQL Injection vulnerability in multiple products

SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.

7.5
2010-07-28 CVE-2010-2905 Brotherscripts
Scriptsfeed
SQL Injection vulnerability in multiple products

SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-07-28 CVE-2010-2903 Google Unspecified vulnerability in Google Chrome

Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.

7.5
2010-07-28 CVE-2009-4974 Sweetphp Path Traversal vulnerability in Sweetphp Totalcalendar 2.4

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2010-07-28 CVE-2009-4973 Sweetphp SQL Injection vulnerability in Sweetphp Totalcalendar 2.4

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

7.5
2010-07-28 CVE-2009-4971 Vincent Tietz
Typo3
SQL Injection vulnerability in Vincent Tietz Vjchat

SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4970 Typo3 Macher
Typo3
SQL Injection vulnerability in Typo3-Macher T3M Affiliate 0.5.0

SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4969 Typo3 SQL Injection vulnerability in Typo3 Sbanner 1.0.1

SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4968 Christian Ehmann
Typo3
SQL Injection vulnerability in Christian Ehmann Event Registr

SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4967 Jochen Rieger
Typo3
SQL Injection vulnerability in Jochen Rieger CAR

SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4966 Elemente
Typo3
SQL Injection vulnerability in Elemente AST Addresszipsearch 0.5.4

SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4965 Thomas Waggershauser
Typo3
SQL Injection vulnerability in Thomas Waggershauser AIR Lexicon 0.0.1

SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4959 Stefan Koch
Typo3
SQL Injection vulnerability in Stefan Koch T3M

SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-07-28 CVE-2009-4958 Emophp SQL Injection vulnerability in Emophp EMO Breeder Manager

SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter.

7.5

20 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-30 CVE-2010-2920 Foobla
Joomla
Path Traversal vulnerability in Foobla COM Foobla Suggestions 1.5.1.2

Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

6.8
2010-07-30 CVE-2010-1215 Mozilla Code Injection vulnerability in Mozilla Firefox and Thunderbird

Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."

6.8
2010-07-28 CVE-2010-2337 RSA Improper Input Validation vulnerability in RSA Federated Identity Manager 4.0/4.1

Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.

6.0
2010-07-30 CVE-2010-2754 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

5.0
2010-07-28 CVE-2010-2899 Google Unspecified vulnerability in Google Chrome

Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.

5.0
2010-07-28 CVE-2009-4961 Lanai Core Information Exposure vulnerability in Lanai-Core 0.6

Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.

5.0
2010-07-28 CVE-2009-4960 Lanai Core Path Traversal vulnerability in Lanai-Core 0.6

Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a ..

5.0
2010-07-28 CVE-2010-2534 Openttd Resource Management Errors vulnerability in Openttd

The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.

5.0
2010-07-28 CVE-2010-2529 Skbuff
Mandriva
Remote Denial Of Service vulnerability in iputils 'ping.c'

Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.

5.0
2010-07-28 CVE-2010-0212 Openldap Permissions, Privileges, and Access Controls vulnerability in Openldap 2.4.22

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

5.0
2010-07-30 CVE-2010-2917 Ajsquare Cross-Site Scripting vulnerability in Ajsquare AJ Article 3.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action.

4.3
2010-07-30 CVE-2010-2914 Nessus Cross-Site Scripting vulnerability in Nessus web Server Plugin 1.2.4

Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-07-30 CVE-2010-1778 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

4.3
2010-07-30 CVE-2010-1213 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.

4.3
2010-07-30 CVE-2010-1210 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Thunderbird

intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.

4.3
2010-07-30 CVE-2010-1207 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird

Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.

4.3
2010-07-28 CVE-2010-2904 SAP Cross-Site Scripting vulnerability in SAP Netweaver and System Landscape Directory

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

4.3
2010-07-28 CVE-2010-2896 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Filenet Content Manager

IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.

4.3
2010-07-28 CVE-2009-4972 Kelvin MO Cross-Site Scripting vulnerability in Kelvin MO Simpleid 0.6.1/0.6.2/0.6.3

Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3
2010-07-30 CVE-2010-2528 Pidgin Resource Management Errors vulnerability in Pidgin

The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-07-28 CVE-2009-4963 Typo3 Cross-Site Scripting vulnerability in Typo3 Commerce Extension

Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2010-07-30 CVE-2010-2751 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.

2.6
2010-07-30 CVE-2010-1796 Apple
Microsoft
Information Exposure vulnerability in Apple Safari and Webkit

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.

2.6
2010-07-28 CVE-2010-0213 ISC Data Processing Errors vulnerability in ISC Bind 9.7.1

BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.

2.6
2010-07-30 CVE-2010-2913 Citibank
Apple
Information Exposure vulnerability in Citibank Citi Mobile

The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.

2.1