U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-088)

Vulnerability Summary for the Week of March 22, 2010

Original release date: March 29, 2010 | Last revised: November 02, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advertisementmanager -- advertisementmanager
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. 2010-03-25 7.5 CVE-2010-1106
XF
MISC
alexandre_dubus -- audistat
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter. 2010-03-22 7.5 CVE-2010-1050
MISC
SECUNIA
MISC
alexandre_dubus -- audistat
Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-22 7.5 CVE-2010-1051
SECUNIA
apple -- safari
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. 2010-03-25 10.0 CVE-2010-1120
MISC
MISC
MISC
cisco -- ios
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893. 2010-03-25 7.8 CVE-2010-0576
CISCO
cisco -- ios
Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186. 2010-03-25 7.1 CVE-2010-0577
CISCO
cisco -- 7200_router
The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. 2010-03-25 7.8 CVE-2010-0578
CISCO
cisco -- ios
The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability." 2010-03-25 7.8 CVE-2010-0579
CISCO
CONFIRM
cisco -- ios
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability." 2010-03-25 10.0 CVE-2010-0580
CISCO
CONFIRM
cisco -- ios
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability." 2010-03-25 10.0 CVE-2010-0581
CISCO
CONFIRM
cisco -- ios
Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. 2010-03-25 7.8 CVE-2010-0582
CISCO
cisco -- ios
Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855. 2010-03-25 7.8 CVE-2010-0583
CISCO
cisco -- ios
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250. 2010-03-25 7.8 CVE-2010-0584
CISCO
cisco -- ios
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability." 2010-03-25 7.8 CVE-2010-0585
CISCO
CONFIRM
cisco -- ios
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability." 2010-03-25 7.8 CVE-2010-0586
CISCO
CONFIRM
comscripts -- web_server_creator_web_portal
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php. 2010-03-25 7.5 CVE-2010-1114
XF
BID
MISC
design-cars -- com_productbook
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information. 2010-03-22 7.5 CVE-2010-1045
VUPEN
MISC
SECUNIA
entrylevelcms -- el_cms
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter. 2010-03-23 7.5 CVE-2010-1075
SECUNIA
MISC
OSVDB
ibm -- db2_content_manager
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. 2010-03-22 10.0 CVE-2010-1041
AIXAPAR
VUPEN
BID
OSVDB
CONFIRM
SECTRACK
SECUNIA
imagoscripts -- deviant_art_clone
SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action. 2010-03-23 7.5 CVE-2010-1070
XF
VUPEN
MISC
SECUNIA
MISC
OSVDB
jaxcms -- jaxcms
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. 2010-03-22 7.5 CVE-2010-1043
MISC
SECUNIA
OSVDB
joshprakash -- com_jembed
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. 2010-03-23 7.5 CVE-2010-1073
XF
VUPEN
MISC
SECUNIA
OSVDB
lexmark -- x94x
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command. 2010-03-24 7.3 CVE-2010-0619
BID
BUGTRAQ
CONFIRM
linux -- kernel
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. 2010-03-24 7.8 CVE-2010-0437
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
manageengine -- oputils
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. 2010-03-22 7.5 CVE-2010-1044
XF
BID
MISC
MISC
masa2el -- music_city
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action. 2010-03-22 7.5 CVE-2010-1047
XF
MISC
SECUNIA
MISC
OSVDB
microsoft -- windows_vista
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. 2010-03-24 7.1 CVE-2010-1098
XF
BID
MISC
MISC
microsoft -- ie
Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. 2010-03-25 7.6 CVE-2010-1117
MISC
MISC
MISC
MISC
microsoft -- internet_explorer
Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. 2010-03-25 10.0 CVE-2010-1118
MISC
MISC
MISC
MISC
miethner-scripting -- dz_erotik_auktionshaus_v4rgo
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-03-24 7.5 CVE-2010-1094
XF
MISC
SECUNIA
OSVDB
MISC
mozilla -- firefox
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. 2010-03-19 9.3 CVE-2010-1028
CERT-VN
MISC
CONFIRM
CONFIRM
MISC
MISC
SECUNIA
MISC
CONFIRM
MISC
mozilla -- seamonkey
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation. 2010-03-22 7.1 CVE-2009-3385
VUPEN
CONFIRM
BID
CONFIRM
SECUNIA
mozilla -- firefox
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. 2010-03-25 9.3 CVE-2010-0164
CONFIRM
BID
CONFIRM
mozilla -- firefox
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. 2010-03-25 9.3 CVE-2010-0165
CONFIRM
BID
CONFIRM
mozilla -- firefox
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. 2010-03-25 9.3 CVE-2010-0167
CONFIRM
CONFIRM
CONFIRM
BID
mozilla -- firefox
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. 2010-03-25 7.6 CVE-2010-0168
BID
CONFIRM
CONFIRM
mozilla -- firefox
Unspecified vulnerability in Mozilla Firefox 3 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. 2010-03-25 10.0 CVE-2010-1121
MISC
MISC
MISC
mozilla -- firefox
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028. 2010-03-25 10.0 CVE-2010-1122
CONFIRM
parscms -- parscms
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp. 2010-03-23 7.5 CVE-2010-1054
BID
BUGTRAQ
SECUNIA
MISC
OSVDB
OSVDB
phpmdj -- phpmdj
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-03-23 7.5 CVE-2010-1071
XF
BID
MISC
SECUNIA
MISC
phpmysite -- phpmysite
SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter. 2010-03-24 7.5 CVE-2010-1090
XF
VUPEN
MISC
MISC
phptroubleticket -- php_trouble_ticket
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-03-24 7.5 CVE-2010-1089
SECUNIA
MISC
proarcadescript -- proarcadescript
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-03-23 7.5 CVE-2010-1069
BID
MISC
SECUNIA
MISC
ryan_marshall -- rostermain
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters. 2010-03-22 7.5 CVE-2010-1046
VUPEN
MISC
SECUNIA
OSVDB
scriptsfeed -- business_directory_software
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters. 2010-03-24 7.5 CVE-2010-1092
XF
VUPEN
BID
MISC
SECUNIA
OSVDB
scriptsfeed -- dating_software
Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-24 7.5 CVE-2010-1096
VUPEN
SECUNIA
OSVDB
sphere.xlentprojects -- spherecms
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism. 2010-03-23 7.5 CVE-2010-1078
XF
BID
BUGTRAQ
MISC
MISC
uiga -- business_portal
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php. 2010-03-22 7.5 CVE-2010-1049
VUPEN
MISC
SECUNIA
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
awcm AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. 2010-03-23 5.0 CVE-2010-1066
XF
MISC
SECUNIA
MISC
1024cms -- 1024_cms
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action. 2010-03-24 6.8 CVE-2010-1093
BID
MISC
SECUNIA
2bits -- currency
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. 2010-03-23 4.3 CVE-2010-1074
CONFIRM
CONFIRM
XF
VUPEN
BID
SECUNIA
OSVDB
advertisementmanager -- advertisementmanager
Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter. 2010-03-25 4.3 CVE-2010-1105
XF
MISC
SECUNIA
OSVDB
alexandre_dubus -- audistat
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-22 4.3 CVE-2010-1052
SECUNIA
apple -- safari
Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. 2010-03-24 5.0 CVE-2010-1099
BUGTRAQ
apple -- safari
Unspecified vulnerability in Safari on Apple iPhone OS allows remote attackers to read the SMS database or other data via unknown vectors, as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. 2010-03-25 5.0 CVE-2010-1119
MISC
MISC
MISC
arora-browser -- arora
Integer overflow in Arora allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. 2010-03-24 5.0 CVE-2010-1100
BUGTRAQ
aspindir -- erolife_ajxgaleri_vt
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. 2010-03-23 5.0 CVE-2010-1064
XF
MISC
SECUNIA
MISC
aspindir -- lookmer_muzik_portal
LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. 2010-03-25 5.0 CVE-2010-1116
XF
MISC
SECUNIA
OSVDB
comscripts -- web_server_creator_web_portal
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php. 2010-03-25 4.3 CVE-2010-1113
XF
BID
MISC
comscripts -- web_server_creator_web_portal
Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. 2010-03-25 5.0 CVE-2010-1115
XF
BID
MISC
corejoomla -- com_communitypolls
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-03-23 5.0 CVE-2010-1081
BID
MISC
SECUNIA
MISC
OSVDB
curl -- libcurl
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. 2010-03-19 6.8 CVE-2010-0734
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
VUPEN
VUPEN
SECUNIA
SECUNIA
FEDORA
FEDORA
CONFIRM
CONFIRM
dedecms -- dedecms
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. 2010-03-24 6.8 CVE-2010-1097
BID
SECUNIA
OSVDB
MISC
djayp -- phpmysport
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action. 2010-03-25 6.8 CVE-2010-1109
XF
BID
SECUNIA
MISC
MISC
djayp -- phpmysport
Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. (dot dot) in the current_folder parameter. 2010-03-25 5.0 CVE-2010-1110
XF
BID
MISC
MISC
easysitenetwork -- jokes_complete_website
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php. 2010-03-25 4.3 CVE-2010-1111
XF
BID
MISC
entrylevelcms -- el_cms
Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-23 4.3 CVE-2010-1076
SECUNIA
hasmir_alic -- e-membres
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. 2010-03-23 5.0 CVE-2010-1067
XF
MISC
SECUNIA
icab -- icab
Integer overflow in Alexander Clauss iCab allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. 2010-03-24 5.0 CVE-2010-1101
BUGTRAQ
jan_schutze -- truc
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-24 4.3 CVE-2010-1095
VUPEN
lebisoft -- ziyaretci_defteri_7.4
Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. 2010-03-23 5.0 CVE-2010-1065
XF
MISC
SECUNIA
lexmark -- z2420
The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections. 2010-03-24 5.0 CVE-2010-0618
BID
BUGTRAQ
CONFIRM
mesadynamics -- stainless
Integer overflow in Stainless allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. 2010-03-24 5.0 CVE-2010-1103
BUGTRAQ
microsoft -- windows_media_player
Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-22 4.3 CVE-2010-1042
BID
mit -- kerberos
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token. 2010-03-25 5.0 CVE-2010-0628
BID
CONFIRM
UBUNTU
BUGTRAQ
CONFIRM
mozilla -- seamonkey
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. 2010-03-22 4.3 CVE-2010-0161
CONFIRM
VUPEN
CONFIRM
XF
BID
SECUNIA
mozilla -- seamonkey
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. 2010-03-22 4.3 CVE-2010-0163
CONFIRM
CONFIRM
XF
VUPEN
UBUNTU
BID
SECUNIA
mozilla -- firefox
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. 2010-03-25 5.1 CVE-2010-0166
CONFIRM
BID
CONFIRM
mozilla -- firefox
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. 2010-03-25 5.0 CVE-2010-0169
CONFIRM
BID
CONFIRM
mozilla -- firefox
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. 2010-03-25 4.3 CVE-2010-0170
CONFIRM
BID
CONFIRM
mozilla -- firefox
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. 2010-03-25 4.3 CVE-2010-0171
BID
CONFIRM
CONFIRM
mozilla -- firefox
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. 2010-03-25 4.3 CVE-2010-0172
CONFIRM
CONFIRM
BID
netwin -- surgeftp
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. 2010-03-23 4.3 CVE-2010-1068
XF
MISC
SECUNIA
MISC
omnigroup -- omniweb
Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. 2010-03-24 5.0 CVE-2010-1102
BUGTRAQ
openinferno -- oi.blogs
Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter to javascript/loadScripts.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-23 4.3 CVE-2010-1082
SECUNIA
phpkobo -- adfreely
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information. 2010-03-23 6.8 CVE-2010-1057
XF
XF
VUPEN
BID
MISC
SECUNIA
OSVDB
phpkobo -- address_book_script
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. 2010-03-23 6.8 CVE-2010-1058
XF
BID
MISC
SECUNIA
MISC
OSVDB
phpkobo -- address_book_script
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-23 6.8 CVE-2010-1059
BID
SECUNIA
OSVDB
phpkobo -- short_url
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. 2010-03-23 6.8 CVE-2010-1060
BID
MISC
SECUNIA
MISC
phpkobo -- short_url
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-23 6.8 CVE-2010-1061
BID
SECUNIA
phpkobo -- free_real_estate_contact_form_script
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information. 2010-03-23 6.8 CVE-2010-1062
BID
MISC
SECUNIA
MISC
phpkobo -- free_real_estate_contact_form_script
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-03-23 6.8 CVE-2010-1063
BID
SECUNIA
phpmysite -- phpmysite
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters. 2010-03-24 4.3 CVE-2010-1091
XF
VUPEN
MISC
MISC
pulsecms -- pulse_cms
Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. 2010-03-23 4.3 CVE-2010-1080
XF
BID
SECUNIA
MISC
OSVDB
rockettheme -- com_rokdownloads
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. 2010-03-23 6.8 CVE-2010-1056
BID
CONFIRM
XF
MISC
SECUNIA
MISC
OSVDB
sawmill -- sawmill
Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-03-23 4.3 CVE-2010-1079
BID
CONFIRM
SECUNIA
sensesites -- commonsense_cms
Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. 2010-03-23 4.3 CVE-2009-4736
XF
BID
OSVDB
SECUNIA
MISC
sniggabo -- sniggabo_cms
Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter. 2010-03-23 4.3 CVE-2010-1072
XF
MISC
SECUNIA
MISC
MISC
springsource -- application_management_suite
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields." 2010-03-24 4.3 CVE-2009-2907
CONFIRM
BID
tejimaya -- openpne
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing. 2010-03-23 5.8 CVE-2010-1040
CONFIRM
MISC
SECUNIA
JVNDB
JVN
tristan_barczyk -- klonews
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. 2010-03-25 4.3 CVE-2010-1112
SECUNIA
MISC
tufat -- osdate
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information. 2010-03-23 5.1 CVE-2010-1055
XF
BID
MISC
SECUNIA
OSVDB
OSVDB
MISC
uiga -- business_portal
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information. 2010-03-22 4.3 CVE-2010-1048
VUPEN
MISC
SECUNIA
vbseo -- vbseo
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. 2010-03-23 6.8 CVE-2010-1077
XF
VUPEN
MISC
MISC
zentracking -- zen_time_tracking
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information. 2010-03-22 6.8 CVE-2010-1053
XF
MISC
SECUNIA
zope -- zope
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. 2010-03-25 4.3 CVE-2010-1104
MLIST
VUPEN
XF
BID
OSVDB
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
fourkitchens -- recent_comments
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." 2010-03-253.5 CVE-2010-1107
BID
CONFIRM
CONFIRM
CONFIRM
XF
SECUNIA
hashmarkconsulting -- controlpanel
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. 2010-03-253.5 CVE-2010-1108
CONFIRM
CONFIRM
XF
BID
SECUNIA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top