Weekly Vulnerabilities Reports > March 7 to 13, 2011

Overview

78 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 49 products from 21 vendors including Google, Apple, IBM, Microsoft, and Gplhost. Vulnerabilities are notably categorized as "Improper Input Validation", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 73 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 73 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 24 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-11 CVE-2011-1290 Apple
RIM
Numeric Errors vulnerability in multiple products

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

10.0
2011-03-09 CVE-2011-0464 Novell Remote Code Execution vulnerability in Novell Vibe Onprem 3.0

Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2011-03-08 CVE-2011-1306 Google Unspecified vulnerability in Google Chrome OS

Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors.

10.0
2011-03-10 CVE-2011-1346 Microsoft Remote Code Execution vulnerability in Microsoft IE 8

Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.

9.3
2011-03-10 CVE-2011-1345 Microsoft Remote Code Execution vulnerability in Microsoft IE 8

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."

9.3
2011-03-09 CVE-2011-0042 Microsoft Improper Input Validation vulnerability in Microsoft products

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

9.3
2011-03-09 CVE-2011-0032 Microsoft DLL Loading Arbitrary Code Execution vulnerability in Microsoft DirectShow

Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS11-015.mspx 'For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a media file (such as .wtv, .drv-ms, or .mpg files).' FAQ: 'This is a remote code execution vulnerability.

9.3
2011-03-09 CVE-2011-0029 Microsoft Unspecified vulnerability in Microsoft products

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx 'For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open an .rdp file.' FAQ: 'This is a remote code execution vulnerability.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

9.3

21 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-10 CVE-2011-1347 Microsoft Remote Code Execution vulnerability in Microsoft IE 8

Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.

8.8
2011-03-11 CVE-2011-0162 Apple Improper Input Validation vulnerability in Apple TV, Iphone OS and Tvos

Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.

7.8
2011-03-11 CVE-2011-0157 Apple Buffer Errors vulnerability in Apple Iphone OS and Webkit

WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.

7.5
2011-03-11 CVE-2011-0456 Otrs OS Command Injection vulnerability in Otrs

webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."

7.5
2011-03-11 CVE-2011-1286 Google Multiple Security vulnerability in Google Chrome

Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.

7.5
2011-03-11 CVE-2011-1285 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5
2011-03-11 CVE-2011-1203 Google
Apple
Multiple Security vulnerability in Google Chrome

Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5
2011-03-11 CVE-2011-1201 Google Multiple Security vulnerability in Google Chrome

The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5
2011-03-11 CVE-2011-1199 Google Multiple Security vulnerability in Google Chrome

Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5
2011-03-11 CVE-2011-1198 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."

7.5
2011-03-11 CVE-2011-1197 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5
2011-03-11 CVE-2011-1196 Google Multiple Security vulnerability in Google Chrome

The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

7.5
2011-03-11 CVE-2011-1195 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."

7.5
2011-03-11 CVE-2011-1193 Google Multiple Security vulnerability in Google Chrome prior to 10.0.648.127

Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5
2011-03-11 CVE-2011-1191 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.

7.5
2011-03-11 CVE-2011-1189 Google Multiple Security vulnerability in Google Chrome

Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

7.5
2011-03-11 CVE-2011-1188 Google
Apple
Multiple Security vulnerability in Google Chrome

Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5
2011-03-11 CVE-2011-1185 Google Multiple Security vulnerability in Google Chrome prior to 10.0.648.127

Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.

7.5
2011-03-09 CVE-2011-1343 IBM SQL Injection vulnerability in IBM Tivoli Netcool/Omnibus

SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."

7.5
2011-03-08 CVE-2011-1309 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

7.5
2011-03-07 CVE-2011-0434 Gplhost SQL Injection vulnerability in Gplhost Domain Technologie Control

Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.

7.5

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-11 CVE-2011-1417 Apple Numeric Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.

6.8
2011-03-11 CVE-2011-1204 Google
Apple
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.

6.8
2011-03-11 CVE-2011-1200 Google Incorrect Type Conversion OR Cast vulnerability in Google Chrome

Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8
2011-03-10 CVE-2011-1344 Apple Resource Management Errors vulnerability in Apple Iphone OS and Safari

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

6.8
2011-03-08 CVE-2011-1320 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.

6.8
2011-03-07 CVE-2011-0064 Mozilla
Pango
Buffer Overflow vulnerability in Pango 'hb_buffer_ensure()'

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

6.8
2011-03-07 CVE-2009-3028 Symantec Unspecified vulnerability in Symantec products

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

6.8
2011-03-08 CVE-2011-1321 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).

6.5
2011-03-08 CVE-2011-1311 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

6.0
2011-03-11 CVE-2011-0166 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content.

5.8
2011-03-11 CVE-2010-4651 GNU Path Traversal vulnerability in GNU Patch

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a ..

5.8
2011-03-09 CVE-2011-1099 Focalmedia NET Path Traversal vulnerability in Focalmedia.Net Quick Polls

Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a ..

5.8
2011-03-08 CVE-2011-0344 Alcatel Lucent Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel-Lucent Omnipcx

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers.

5.8
2011-03-11 CVE-2011-1418 Apple Information Exposure vulnerability in Apple TV, Iphone OS and Tvos

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

5.0
2011-03-11 CVE-2011-0160 Apple Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5.0
2011-03-11 CVE-2011-0159 Apple Improper Input Validation vulnerability in Apple Iphone OS 4.0/4.1/4.2

The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.

5.0
2011-03-11 CVE-2011-1416 RIM Information Exposure vulnerability in RIM products

The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

5.0
2011-03-11 CVE-2011-1137 Proftpd Numeric Errors vulnerability in Proftpd

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

5.0
2011-03-11 CVE-2010-3609 Openslp
Vmware
Remote Denial Of Service vulnerability in OpenSLP Extension Parser

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension.

5.0
2011-03-11 CVE-2011-1413 Google Multiple Security vulnerability in Google Chrome prior to 10.0.648.127

Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.

5.0
2011-03-11 CVE-2011-1194 Google Multiple Security vulnerability in Google Chrome prior to 10.0.648.127

Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.

5.0
2011-03-11 CVE-2011-1192 Google
Linux
Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2011-03-11 CVE-2011-1190 Google
Apple
Information Exposure vulnerability in Google Chrome

The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

5.0
2011-03-11 CVE-2011-1187 Google
Mozilla
Information Exposure vulnerability in Google Chrome

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

5.0
2011-03-11 CVE-2011-1186 Google
Linux
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code.

5.0
2011-03-08 CVE-2011-1322 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.

5.0
2011-03-08 CVE-2011-1318 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.

5.0
2011-03-08 CVE-2011-1317 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses.

5.0
2011-03-08 CVE-2011-1316 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

5.0
2011-03-08 CVE-2011-1315 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.

5.0
2011-03-08 CVE-2011-1314 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.

5.0
2011-03-08 CVE-2011-1313 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call.

5.0
2011-03-07 CVE-2011-0436 Gplhost Cryptographic Issues vulnerability in Gplhost Domain Technologie Control

The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5.0
2011-03-07 CVE-2011-0435 Gplhost Improper Authentication vulnerability in Gplhost Domain Technologie Control

Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.

5.0
2011-03-11 CVE-2011-0715 Apache Denial Of Service vulnerability in Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.

4.3
2011-03-11 CVE-2011-0167 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3
2011-03-11 CVE-2011-0163 Apple Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3
2011-03-11 CVE-2011-0161 Apple Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

4.3
2011-03-11 CVE-2011-0158 Apple Improper Input Validation vulnerability in Apple Iphone OS

MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.

4.3
2011-03-11 CVE-2011-1202 Google
Xmlsoft
Information Exposure vulnerability in Google Chrome

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

4.3
2011-03-08 CVE-2011-1308 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-03-08 CVE-2011-1319 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication.

4.0
2011-03-08 CVE-2011-1312 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.

4.0
2011-03-07 CVE-2011-0437 Gplhost Permissions, Privileges, and Access Controls vulnerability in Gplhost Domain Technologie Control

shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-08 CVE-2011-0345 Alcatel Lucent Path Traversal vulnerability in Alcatel-Lucent Omnivista 4760R5.0.07.05

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.

3.3
2011-03-11 CVE-2011-0169 Apple Cross-Site Scripting vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

2.6
2011-03-08 CVE-2011-1307 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

2.1
2011-03-07 CVE-2011-0279 HP Improper Authentication vulnerability in HP Multifunction Peripheral Digital Sending Software 4.91.00

HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication.

2.1
2011-03-08 CVE-2011-1310 IBM Information Exposure vulnerability in IBM Websphere Application Server

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.

1.9