Weekly Vulnerabilities Reports > July 26 to August 1, 2010
Overview
88 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 73 products from 54 vendors including Apple, Microsoft, Mozilla, Typo3, and Joomla. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".
- 87 reported vulnerabilities are remotely exploitables.
- 27 reported vulnerabilities have public exploit available.
- 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 85 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 18 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-30 | CVE-2010-2755 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox 3.6.7 layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. | 10.0 |
| 2010-07-28 | CVE-2010-2902 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
| 2010-07-28 | CVE-2010-2901 | Google Debian | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 10.0 |
| 2010-07-28 | CVE-2010-2900 | Unspecified vulnerability in Google Chrome Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors. | 10.0 | |
| 2010-07-28 | CVE-2010-2898 | Unspecified vulnerability in Google Chrome Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. | 10.0 | |
| 2010-07-28 | CVE-2010-2897 | Remote Security vulnerability in Chrome Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors. | 10.0 | |
| 2010-07-28 | CVE-2010-2704 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe. | 10.0 |
| 2010-07-28 | CVE-2010-2703 | HP Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. | 10.0 |
| 2010-07-28 | CVE-2010-0211 | Openldap Vmware Opensuse Apple | Unchecked Return Value vulnerability in multiple products The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | 9.8 |
| 2010-07-30 | CVE-2010-2752 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. | 9.3 |
| 2010-07-30 | CVE-2010-1793 | Apple Microsoft | Resource Management Errors vulnerability in Apple Safari and Webkit Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. | 9.3 |
| 2010-07-30 | CVE-2010-1792 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. | 9.3 |
| 2010-07-30 | CVE-2010-1791 | Apple Microsoft | Numeric Errors vulnerability in Apple Safari and Webkit Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. | 9.3 |
| 2010-07-30 | CVE-2010-1790 | Apple Microsoft | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0.1 and 4.1.1 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." | 9.3 |
| 2010-07-30 | CVE-2010-1789 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. | 9.3 |
| 2010-07-30 | CVE-2010-1788 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. | 9.3 |
| 2010-07-30 | CVE-2010-1787 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. | 9.3 |
| 2010-07-30 | CVE-2010-1786 | Apple Microsoft | Resource Management Errors vulnerability in Apple Safari and Webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. | 9.3 |
| 2010-07-30 | CVE-2010-1785 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | 9.3 |
| 2010-07-30 | CVE-2010-1784 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
| 2010-07-30 | CVE-2010-1783 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
| 2010-07-30 | CVE-2010-1782 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. | 9.3 |
| 2010-07-30 | CVE-2010-1780 | Apple Microsoft | Resource Management Errors vulnerability in Apple Safari and Webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. | 9.3 |
| 2010-07-30 | CVE-2010-1214 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox and Seamonkey Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. | 9.3 |
| 2010-07-30 | CVE-2010-1212 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox and Thunderbird js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function. | 9.3 |
| 2010-07-30 | CVE-2010-1211 | Mozilla | Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
| 2010-07-30 | CVE-2010-1209 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. | 9.3 |
| 2010-07-30 | CVE-2010-1777 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. | 9.3 |
| 2010-07-28 | CVE-2009-4964 | Ksplayer | Buffer Errors vulnerability in Ksplayer KSP Sound Player 2006 Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file. | 9.3 |
| 2010-07-28 | CVE-2009-4962 | Adammo | Buffer Errors vulnerability in Adammo FAT Player 0.6 Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. | 9.3 |
| 2010-07-28 | CVE-2010-0833 | Likewise | Improper Authentication vulnerability in Likewise Cifs and Likewise Open The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. | 9.3 |
32 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-30 | CVE-2010-2753 | Mozilla Suse Opensuse | Use After Free vulnerability in multiple products Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. | 8.8 |
| 2010-07-30 | CVE-2010-1208 | Mozilla | Use After Free vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. | 8.8 |
| 2010-07-28 | CVE-2010-1577 | Cisco | Path Traversal vulnerability in Cisco Content Delivery System and Internet Streamer Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL. | 7.8 |
| 2010-07-30 | CVE-2010-2926 | Solucija | SQL Injection vulnerability in Solucija Snews 1.7 SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
| 2010-07-30 | CVE-2010-2925 | Openfreeway | SQL Injection vulnerability in Openfreeway Freeway 1.4.3.210 SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter. | 7.5 |
| 2010-07-30 | CVE-2010-2924 | Silvercover Wordpress | SQL Injection vulnerability in Silvercover Mylinksdump Plugin 1.2 SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. | 7.5 |
| 2010-07-30 | CVE-2010-2923 | Prasanna Joomla | SQL Injection vulnerability in Prasanna COM Youtube 1.5 SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. | 7.5 |
| 2010-07-30 | CVE-2010-2922 | ALI Kenan | SQL Injection vulnerability in ALI Kenan AKY Blog SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-07-30 | CVE-2010-2921 | Photoindochina Joomla | SQL Injection vulnerability in Photoindochina COM Golfcourseguide 0.9.6.0 SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. | 7.5 |
| 2010-07-30 | CVE-2010-2919 | Joomlaxt Joomla | SQL Injection vulnerability in Joomlaxt COM Staticxt SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2010-07-30 | CVE-2010-2918 | Visocrea Joomla | Code Injection vulnerability in Visocrea COM Joomla Visites 1.1 PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2010-07-30 | CVE-2010-2916 | Ajsquare | SQL Injection vulnerability in Ajsquare AJ Hyip Meridian SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-07-30 | CVE-2010-2915 | Ajsquare | SQL Injection vulnerability in Ajsquare AJ Hyip Prime SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-07-28 | CVE-2010-2912 | Kayako | SQL Injection vulnerability in Kayako Esupport 3.70.02 SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action. | 7.5 |
| 2010-07-28 | CVE-2010-2911 | Kayako | SQL Injection vulnerability in Kayako Esupport 3.70.02 SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action. | 7.5 |
| 2010-07-28 | CVE-2010-2910 | Joomla Alexred | SQL Injection vulnerability in Alexred COM Oziogallery SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
| 2010-07-28 | CVE-2010-2908 | Joomdle Joomla | SQL Injection vulnerability in Joomdle COM Joomdle SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php. | 7.5 |
| 2010-07-28 | CVE-2010-2907 | Huruhelpdesk Joomla | SQL Injection vulnerability in Huruhelpdesk COM Huruhelpdesk SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php. | 7.5 |
| 2010-07-28 | CVE-2010-2906 | Brotherscripts Scriptsfeed | SQL Injection vulnerability in multiple products SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905. | 7.5 |
| 2010-07-28 | CVE-2010-2905 | Brotherscripts Scriptsfeed | SQL Injection vulnerability in multiple products SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-07-28 | CVE-2010-2903 | Unspecified vulnerability in Google Chrome Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors. | 7.5 | |
| 2010-07-28 | CVE-2009-4974 | Sweetphp | Path Traversal vulnerability in Sweetphp Totalcalendar 2.4 Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
| 2010-07-28 | CVE-2009-4973 | Sweetphp | SQL Injection vulnerability in Sweetphp Totalcalendar 2.4 SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. | 7.5 |
| 2010-07-28 | CVE-2009-4971 | Vincent Tietz Typo3 | SQL Injection vulnerability in Vincent Tietz Vjchat SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4970 | Typo3 Macher Typo3 | SQL Injection vulnerability in Typo3-Macher T3M Affiliate 0.5.0 SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4969 | Typo3 | SQL Injection vulnerability in Typo3 Sbanner 1.0.1 SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4968 | Christian Ehmann Typo3 | SQL Injection vulnerability in Christian Ehmann Event Registr SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4967 | Jochen Rieger Typo3 | SQL Injection vulnerability in Jochen Rieger CAR SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4966 | Elemente Typo3 | SQL Injection vulnerability in Elemente AST Addresszipsearch 0.5.4 SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4965 | Thomas Waggershauser Typo3 | SQL Injection vulnerability in Thomas Waggershauser AIR Lexicon 0.0.1 SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4959 | Stefan Koch Typo3 | SQL Injection vulnerability in Stefan Koch T3M SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-07-28 | CVE-2009-4958 | Emophp | SQL Injection vulnerability in Emophp EMO Breeder Manager SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter. | 7.5 |
20 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-30 | CVE-2010-2920 | Foobla Joomla | Path Traversal vulnerability in Foobla COM Foobla Suggestions 1.5.1.2 Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | 6.8 |
| 2010-07-30 | CVE-2010-1215 | Mozilla | Code Injection vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope." | 6.8 |
| 2010-07-28 | CVE-2010-2337 | RSA | Improper Input Validation vulnerability in RSA Federated Identity Manager 4.0/4.1 Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. | 6.0 |
| 2010-07-30 | CVE-2010-2754 | Mozilla | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | 5.0 |
| 2010-07-28 | CVE-2010-2899 | Unspecified vulnerability in Google Chrome Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors. | 5.0 | |
| 2010-07-28 | CVE-2009-4961 | Lanai Core | Information Exposure vulnerability in Lanai-Core 0.6 Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function. | 5.0 |
| 2010-07-28 | CVE-2009-4960 | Lanai Core | Path Traversal vulnerability in Lanai-Core 0.6 Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-07-28 | CVE-2010-2534 | Openttd | Resource Management Errors vulnerability in Openttd The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue. | 5.0 |
| 2010-07-28 | CVE-2010-2529 | Skbuff Mandriva | Remote Denial Of Service vulnerability in iputils 'ping.c' Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. | 5.0 |
| 2010-07-28 | CVE-2010-0212 | Openldap | Permissions, Privileges, and Access Controls vulnerability in Openldap 2.4.22 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | 5.0 |
| 2010-07-30 | CVE-2010-2917 | Ajsquare | Cross-Site Scripting vulnerability in Ajsquare AJ Article 3.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. | 4.3 |
| 2010-07-30 | CVE-2010-2914 | Nessus | Cross-Site Scripting vulnerability in Nessus web Server Plugin 1.2.4 Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-07-30 | CVE-2010-1778 | Apple Microsoft | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | 4.3 |
| 2010-07-30 | CVE-2010-1213 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. | 4.3 |
| 2010-07-30 | CVE-2010-1210 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox and Thunderbird intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. | 4.3 |
| 2010-07-30 | CVE-2010-1207 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. | 4.3 |
| 2010-07-28 | CVE-2010-2904 | SAP | Cross-Site Scripting vulnerability in SAP Netweaver and System Landscape Directory Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. | 4.3 |
| 2010-07-28 | CVE-2010-2896 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet Content Manager IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors. | 4.3 |
| 2010-07-28 | CVE-2009-4972 | Kelvin MO | Cross-Site Scripting vulnerability in Kelvin MO Simpleid 0.6.1/0.6.2/0.6.3 Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
| 2010-07-30 | CVE-2010-2528 | Pidgin | Resource Management Errors vulnerability in Pidgin The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. | 4.0 |
5 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-07-28 | CVE-2009-4963 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Commerce Extension Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2010-07-30 | CVE-2010-2751 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. | 2.6 |
| 2010-07-30 | CVE-2010-1796 | Apple Microsoft | Information Exposure vulnerability in Apple Safari and Webkit The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. | 2.6 |
| 2010-07-28 | CVE-2010-0213 | ISC | Data Processing Errors vulnerability in ISC Bind 9.7.1 BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. | 2.6 |
| 2010-07-30 | CVE-2010-2913 | Citibank Apple | Information Exposure vulnerability in Citibank Citi Mobile The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | 2.1 |