Vulnerability Summary for the Week of March 29, 2010

Released
Apr 05, 2010
Document ID
SB10-095

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
spam assassin The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.2010-03-279.3CVE-2010-1132
XF
VUPEN
VUPEN
SECTRACK
BID
MISC
DEBIAN
SECUNIA
SECUNIA
OSVDB
FULLDISC
apple -- safariSafari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.2010-03-299.3CVE-2010-1176
BID
MISC
MISC
apple -- safariSafari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.2010-03-299.3CVE-2010-1177
BID
MISC
apple -- safariSafari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.2010-03-299.3CVE-2010-1179
BID
MISC
MISC
apple -- safariSafari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.2010-03-299.3CVE-2010-1180
BID
MISC
apple -- safariSafari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.2010-03-299.3CVE-2010-1181
MISC
apple -- mac_os_xAFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.2010-03-307.5CVE-2010-0057
APPLE
apple -- mac_os_xDirectory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.2010-03-307.5CVE-2010-0533
CONFIRM
APPLE
apple -- mac_os_xxar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.2010-03-3010.0CVE-2010-0055
CONFIRM
APPLE
apple -- mac_os_xDirectory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.2010-03-307.2CVE-2010-0498
CONFIRM
APPLE
apple -- mac_os_xEvent Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."2010-03-307.8CVE-2010-0500
CONFIRM
APPLE
apple -- mac_os_x_serverMultiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.2010-03-307.5CVE-2010-0504
CONFIRM
APPLE
apple -- mac_os_xMail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.2010-03-3010.0CVE-2010-0508
CONFIRM
APPLE
apple -- mac_os_xSFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.2010-03-307.2CVE-2010-0509
CONFIRM
APPLE
apple -- mac_os_x_serverPassword Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.2010-03-309.0CVE-2010-0510
CONFIRM
APPLE
apple -- mac_os_xThe Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.2010-03-309.3CVE-2010-0512
CONFIRM
APPLE
apple -- mac_os_x_serverServer Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.2010-03-309.0CVE-2010-0522
CONFIRM
APPLE
apple -- mac_os_xThe default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.2010-03-307.5CVE-2010-0524
CONFIRM
APPLE
apple -- mac_os_xMail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message.2010-03-307.8CVE-2010-0525
CONFIRM
APPLE
apple -- quicktimeInteger overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.2010-03-319.3CVE-2010-0527
APPLE
apple -- quicktimeApple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file.2010-03-319.3CVE-2010-0528
APPLE
apple -- quicktimeHeap-based buffer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.2010-03-319.3CVE-2010-0529
APPLE
apple -- quicktimeApple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.2010-03-319.3CVE-2010-0536
APPLE
beatport -- beatport_playerStack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.2010-03-299.3CVE-2009-4756
XF
BID
MILW0RM
MILW0RM
MILW0RM
MILW0RM
dicas -- mpegable_playerStack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.2010-03-299.3CVE-2009-4758
XF
BID
MILW0RM
evils-world -- ew-musicplayerStack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information.2010-03-299.3CVE-2009-4757
BID
MILW0RM
google -- chromeMultiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.2010-04-0110.0CVE-2010-1228
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.2010-04-0110.0CVE-2010-1229
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.2010-04-0110.0CVE-2010-1230
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.2010-04-0110.0CVE-2010-1231
CONFIRM
CONFIRM
google -- chromeMultiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.2010-04-0110.0CVE-2010-1233
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 4.1.249.1036 does not properly restrict cross-origin operations, which has unspecified impact and remote attack vectors.2010-04-0110.0CVE-2010-1236
CONFIRM
CONFIRM
google -- chromeGoogle Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.2010-04-017.5CVE-2010-1237
CONFIRM
CONFIRM
hp -- soa_registry_foundationUnspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors.2010-03-318.5CVE-2010-0450
HP
HP
SECTRACK
BID
SECUNIA
hp -- insight_control_suite_for_linuxUnspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors.2010-04-017.2CVE-2010-1031
HP
HP
VUPEN
BID
SECTRACK
SECUNIA
ibm -- websphere_application_serverMultiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors.2010-03-297.5CVE-2010-1182
VUPEN
joric -- bmxplayBuffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.2010-03-299.3CVE-2009-4759
BID
MILW0RM
linux -- kernelUse-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled causes the skb structure to be freed.2010-03-317.1CVE-2010-1188
CONFIRM
MLIST
CONFIRM
mercuryaudio -- audio_playerMultiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.2010-03-299.3CVE-2009-4755
XF
BID
MILW0RM
MILW0RM
SECUNIA
OSVDB
microsoft -- ieMicrosoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."2010-03-299.3CVE-2010-1175
BUGTRAQ
microsoft -- 27mhz_wireless_keyboardThe Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.2010-03-297.6CVE-2010-1184
MISC
MISC
microsoft -- ieMicrosoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."2010-03-319.3CVE-2010-0267
VUPEN
BID
MS
SECTRACK
microsoft -- ieRace condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."2010-03-319.3CVE-2010-0489
VUPEN
BID
MS
SECTRACK
microsoft -- ieMicrosoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."2010-03-319.3CVE-2010-0490
VUPEN
BID
MS
SECTRACK
microsoft -- ieUse-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."2010-03-319.3CVE-2010-0491
VUPEN
BID
MS
SECTRACK
IDEFENSE
microsoft -- iemstime.dll in Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."2010-03-319.3CVE-2010-0492
VUPEN
BID
MS
SECTRACK
microsoft -- ieThe Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL that triggers memory corruption, aka "Memory Corruption Vulnerability."2010-03-319.3CVE-2010-0805
VUPEN
BID
MS
SECTRACK
microsoft -- ieMicrosoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."2010-03-319.3CVE-2010-0807
VUPEN
BID
MS
SECTRACK
microsoft -- virtual_pcThe memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."2010-04-019.3CVE-2010-1225
BID
BUGTRAQ
MISC
SECTRACK
mini-stream -- rm_downloaderStack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.2010-03-299.3CVE-2009-4761
XF
BID
MILW0RM
MILW0RM
moinmo -- moinmoinMoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.2010-03-297.5CVE-2009-4762
CONFIRM
CONFIRM
VUPEN
DEBIAN
CONFIRM
sap -- maxdbStack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information.2010-03-2910.0CVE-2010-1185
XF
MISC
VUPEN
SECTRACK
BID
BUGTRAQ
SECUNIA
OSVDB
sun -- jdkUnspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0087
CONFIRM
sun -- jdkUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0094
CONFIRM
sun -- jdkUnspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0837
CONFIRM
sun -- jdkUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0838
CONFIRM
sun -- jdkUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0839
CONFIRM
sun -- jdkUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0840
CONFIRM
sun -- jdkUnspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0841
CONFIRM
sun -- jdkUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0842
CONFIRM
sun -- jdkUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0843
CONFIRM
sun -- jdkUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0844
CONFIRM
sun -- jdkUnspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0846
CONFIRM
sun -- jdkUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0847
CONFIRM
sun -- jdkUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0848
CONFIRM
sun -- jdkUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0849
CONFIRM
sun -- jdkUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2010-04-017.5CVE-2010-0850
CONFIRM
sun -- java_system_communications_expressCross-site scripting (XSS) vulnerability in Sun Java System Communications Express allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.2010-04-017.5CVE-2010-1227
BUGTRAQ
vmware -- esxWebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."2010-04-017.5CVE-2010-0686
CONFIRM
MLIST
BID

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
notsoPureEdit PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information.2010-03-306.8CVE-2010-1216
VUPEN
MISC
SECUNIA
MISC
apple -- safariSafari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.2010-03-294.3CVE-2010-1178
MISC
apple -- mac_os_xThe Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."2010-03-306.4CVE-2009-2801
APPLE
apple -- mac_os_xBuffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.2010-03-306.8CVE-2010-0056
APPLE
apple -- mac_os_xfreshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.2010-03-306.4CVE-2010-0058
CONFIRM
APPLE
apple -- mac_os_xCoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding.2010-03-306.8CVE-2010-0059
CONFIRM
APPLE
APPLE
apple -- mac_os_xCoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.2010-03-306.8CVE-2010-0060
CONFIRM
APPLE
APPLE
apple -- mac_os_xHeap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.2010-03-306.8CVE-2010-0062
CONFIRM
APPLE
APPLE
apple -- mac_os_xIncomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.2010-03-306.8CVE-2010-0063
CONFIRM
APPLE
apple -- mac_os_xDesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.2010-03-306.9CVE-2010-0064
CONFIRM
APPLE
apple -- mac_os_xDisk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.2010-03-306.8CVE-2010-0065
CONFIRM
APPLE
apple -- mac_os_xDisk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.2010-03-306.8CVE-2010-0497
CONFIRM
APPLE
apple -- mac_os_x_serverDirectory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.2010-03-306.8CVE-2010-0501
CONFIRM
APPLE
apple -- mac_os_x_serveriChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type.2010-03-304.3CVE-2010-0502
CONFIRM
APPLE
apple -- mac_os_x_serverUse-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.2010-03-306.5CVE-2010-0503
CONFIRM
APPLE
apple -- mac_os_xHeap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.2010-03-306.8CVE-2010-0505
CONFIRM
APPLE
apple -- mac_os_xBuffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.2010-03-306.8CVE-2010-0506
CONFIRM
APPLE
apple -- mac_os_xBuffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.2010-03-306.8CVE-2010-0507
CONFIRM
APPLE
apple -- mac_os_x_serverPodcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors.2010-03-305.0CVE-2010-0511
CONFIRM
APPLE
apple -- mac_os_xStack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.2010-03-306.8CVE-2010-0513
CONFIRM
APPLE
apple -- mac_os_xHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.2010-03-306.8CVE-2010-0514
CONFIRM
APPLE
APPLE
apple -- mac_os_xQuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.2010-03-306.8CVE-2010-0515
CONFIRM
APPLE
APPLE
apple -- mac_os_xHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.2010-03-306.8CVE-2010-0516
CONFIRM
APPLE
APPLE
apple -- mac_os_xHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding.2010-03-306.8CVE-2010-0517
CONFIRM
APPLE
APPLE
apple -- mac_os_xQuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.2010-03-306.8CVE-2010-0518
CONFIRM
APPLE
APPLE
apple -- mac_os_xInteger overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FlashPix encoding.2010-03-306.8CVE-2010-0519
CONFIRM
APPLE
APPLE
apple -- mac_os_xHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.2010-03-306.8CVE-2010-0520
CONFIRM
APPLE
APPLE
apple -- mac_os_xServer Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.2010-03-305.0CVE-2010-0521
APPLE
CONFIRM
apple -- mac_os_xWiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.2010-03-305.0CVE-2010-0523
CONFIRM
APPLE
apple -- mac_os_xHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with MPEG encoding.2010-03-304.3CVE-2010-0526
CONFIRM
APPLE
APPLE
apple -- mac_os_xDovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.2010-03-306.5CVE-2010-0535
CONFIRM
APPLE
apple -- itunesApple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.2010-03-314.3CVE-2010-0531
APPLE
SECUNIA
apple -- itunesRace condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.2010-03-316.9CVE-2010-0532
APPLE
SECUNIA
apple -- iphone_osThe HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.2010-04-015.0CVE-2010-1226
BID
MISC
cisco -- tftp_serverCisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information.2010-03-295.0CVE-2010-1174
XF
BID
MISC
SECUNIA
com_janews -- com_janewsDirectory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.2010-03-306.8CVE-2010-1219
XF
BID
MISC
SECUNIA
digium -- asterickmain/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.2010-04-014.3CVE-2010-1224
CONFIRM
XF
VUPEN
BID
BUGTRAQ
SECUNIA
OSVDB
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.2010-04-015.0CVE-2010-1232
CONFIRM
CONFIRM
google -- chromeUnspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.2010-04-015.0CVE-2010-1234
CONFIRM
CONFIRM
google -- chromeUnspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.2010-04-014.3CVE-2010-1235
CONFIRM
CONFIRM
hp -- project_and_portfolio_management_centerMultiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-03-294.3CVE-2010-0452
BID
OSVDB
SECTRACK
SECUNIA
HP
HP
hp -- hp-uxThe installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.2010-03-294.0CVE-2010-0451
HP
HP
BID
SECTRACK
SECUNIA
hp -- soa_registry_foundationUnspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors.2010-03-315.0CVE-2010-0448
HP
HP
SECTRACK
BID
SECUNIA
hp -- soa_registry_foundationCross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.2010-03-314.3CVE-2010-0449
HP
HP
SECTRACK
BID
SECUNIA
hp -- hp-uxUnspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.2010-03-314.4CVE-2010-1030
HP
HP
SECTRACK
BID
ibm -- websphere_application_serverCross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.2010-04-014.3CVE-2010-0768
XF
BID
SECUNIA
ibm -- websphere_application_serverIBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.2010-04-014.0CVE-2010-0770
AIXAPAR
XF
BID
SECUNIA
ikiwiki -- ikiwikiCross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.2010-03-314.3CVE-2010-1195
VUPEN
DEBIAN
SECUNIA
SECUNIA
CONFIRM
je_form_creator -- je_form_creatorDirectory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.2010-03-304.3CVE-2010-1217
BID
MISC
MISC
SECUNIA
OSVDB
linux -- kernelThe Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference.2010-03-314.9CVE-2010-1187
CONFIRM
MLIST
mediawiki -- mediawikiMediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."2010-03-315.0CVE-2010-1189
MLIST
VUPEN
DEBIAN
SECUNIA
mediawiki -- mediawikithumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.2010-03-314.3CVE-2010-1190
MLIST
VUPEN
DEBIAN
CONFIRM
SECUNIA
microsoft -- ieMicrosoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."2010-03-314.3CVE-2010-0488
VUPEN
BID
MS
SECTRACK
microsoft -- ieCross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."2010-03-314.3CVE-2010-0494
VUPEN
BID
MS
SECTRACK
mm_forum -- mmforumCross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-03-304.3CVE-2010-1218
XF
BID
CONFIRM
CONFIRM
recly -- clickheat-heatmapUnspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793.2010-03-306.8CVE-2009-4763
XF
BID
CONFIRM
SECUNIA
sahanafoundation -- sahanaSahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module.2010-03-316.4CVE-2010-1191
BUGTRAQ
MISC
SECUNIA
skadate -- skadate_online_dating_softwarePHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.2010-03-266.8CVE-2009-4739
XF
XF
BID
MILW0RM
SECUNIA
OSVDB
stafford.uklinux -- libesmtplibESMTP, probably 1.0.4 and earlier, does not properly handle a '

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.