Security-Database Alerts Monitor : Last 100 Alerts

High - RHSA-2010:0145-01 - Problem Description: An updated cpio package...

Mon, 15 Mar 2010 00:00:00 +0100

Problem Description: An updated cpio package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by...

High - RHSA-2010:0144-01 - Moderate: cpio security update

Mon, 15 Mar 2010 00:00:00 +0100

Problem Description: An updated cpio package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by...

High - RHSA-2010:0143-01 - Problem Description: An updated cpio package...

Mon, 15 Mar 2010 00:00:00 +0100

Problem Description: An updated cpio package that fixes one security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by...

High - RHSA-2010:0142-01 - Moderate: tar security update

Mon, 15 Mar 2010 00:00:00 +0100

Problem Description: An updated tar package that fixes one security issue is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by...

High - RHSA-2010:0141-01 - Problem Description: An updated tar package...

Mon, 15 Mar 2010 00:00:00 +0100

Problem Description: An updated tar package that fixes two security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security...

NA - RHSA-2010:0140-01 - Problem Description: Updated pango and...

Mon, 15 Mar 2010 00:00:00 +0100

Problem Description: Updated pango and evolution28-pango packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having...

NA - DSA-2017 - pulseaudio -- insecure temporary directory

Mon, 15 Mar 2010 00:00:00 +0100

Dan Rosenberg discovered that the PulseAudio sound server creates atemporary directory with a predictable name. This allows a local attackerto create a Denial of Service condition or possibly...

High - CVE-2010-0624 - Heap-based buffer overflow in the rmt_read__...

Mon, 15 Mar 2010 00:00:00 +0100

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial...

Medium - CVE-2010-0396 - Directory traversal vulnerability in the...

Mon, 15 Mar 2010 00:00:00 +0100

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

Low - CVE-2010-0124 - Employee Timeclock Software 0.99 places the...

Mon, 15 Mar 2010 00:00:00 +0100

Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Medium - CVE-2010-0123 - The database backup implementation in Employee...

Mon, 15 Mar 2010 00:00:00 +0100

The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a...

High - CVE-2010-0122 - Multiple SQL injection vulnerabilities in...

Mon, 15 Mar 2010 00:00:00 +0100

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or...

Critical - CVE-2010-0054 - Use-after-free vulnerability in WebKit in Apple...

Mon, 15 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG...

Medium - CVE-2010-0053 - Use-after-free vulnerability in WebKit in Apple...

Mon, 15 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the...

Medium - CVE-2010-0052 - Use-after-free vulnerability in WebKit in Apple...

Mon, 15 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to...

Medium - CVE-2010-0051 - WebKit in Apple Safari before 4.0.5 does not...

Mon, 15 Mar 2010 00:00:00 +0100

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document....

Critical - CVE-2010-0050 - Use-after-free vulnerability in WebKit in Apple...

Mon, 15 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with...

Medium - CVE-2010-0049 - Use-after-free vulnerability in WebKit in Apple...

Mon, 15 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with...

Critical - CVE-2010-0048 - Use-after-free vulnerability in WebKit in Apple...

Mon, 15 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

Critical - CVE-2010-0047 - Use-after-free vulnerability in WebKit in Apple...

Mon, 15 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to...

Critical - CVE-2010-0046 - The Cascading Style Sheets (CSS) implementation...

Mon, 15 Mar 2010 00:00:00 +0100

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and...

Critical - CVE-2010-0045 - Apple Safari before 4.0.5 on Windows does not...

Mon, 15 Mar 2010 00:00:00 +0100

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

Medium - CVE-2010-0044 - PubSub in Apple Safari before 4.0.5 does not...

Mon, 15 Mar 2010 00:00:00 +0100

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a...

Critical - CVE-2010-0043 - ImageIO in Apple Safari before 4.0.5 on Windows...

Mon, 15 Mar 2010 00:00:00 +0100

ImageIO in Apple Safari before 4.0.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

Medium - CVE-2010-0042 - ImageIO in Apple Safari before 4.0.5 on Windows...

Mon, 15 Mar 2010 00:00:00 +0100

ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information...

Medium - CVE-2010-0041 - ImageIO in Apple Safari before 4.0.5 on Windows...

Mon, 15 Mar 2010 00:00:00 +0100

ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information...

Critical - CVE-2010-0040 - Integer overflow in ColorSync in Apple Safari...

Mon, 15 Mar 2010 00:00:00 +0100

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted...

NA - CVE-2009-4718 - SQL injection vulnerability in...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this...

NA - CVE-2009-4717 - Multiple cross-site scripting (XSS)...

Mon, 15 Mar 2010 00:00:00 +0100

Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow...

NA - CVE-2009-4716 - Cross-site scripting (XSS) vulnerability in...

Mon, 15 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.

NA - CVE-2009-4715 - Cross-site scripting (XSS) vulnerability in...

Mon, 15 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.

NA - CVE-2009-4714 - Cross-site scripting (XSS) vulnerability in the...

Mon, 15 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.

NA - CVE-2009-4713 - Multiple cross-site scripting (XSS)...

Mon, 15 Mar 2010 00:00:00 +0100

Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter...

NA - CVE-2009-4712 - SQL injection vulnerability in index.php in...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.

NA - CVE-2009-4711 - SQL injection vulnerability in the CoolURI...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability...

NA - CVE-2009-4710 - SQL injection vulnerability in the Reset...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NA - CVE-2009-4709 - SQL injection vulnerability in the datamints...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NA - CVE-2009-4708 - SQL injection vulnerability in the [Gobernalia]...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via...

NA - CVE-2009-4707 - Cross-site scripting (XSS) vulnerability in the...

Mon, 15 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script...

NA - CVE-2009-4706 - Cross-site scripting (XSS) vulnerability in the...

Mon, 15 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

NA - CVE-2009-4705 - Cross-site scripting (XSS) vulnerability in the...

Mon, 15 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

NA - CVE-2009-4704 - Unspecified vulnerability in the Webesse E-Card...

Mon, 15 Mar 2010 00:00:00 +0100

Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

NA - CVE-2009-4703 - SQL injection vulnerability in the Webesse...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NA - CVE-2009-4702 - SQL injection vulnerability in the Tour...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NA - CVE-2009-4701 - SQL injection vulnerability in the Myth...

Mon, 15 Mar 2010 00:00:00 +0100

SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NA - CVE-2009-4700 - Directory traversal vulnerability in index.php...

Mon, 15 Mar 2010 00:00:00 +0100

Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.

NA - CVE-2009-4699 - Multiple cross-site scripting (XSS)...

Mon, 15 Mar 2010 00:00:00 +0100

Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.

NA - CVE-2009-4698 - Multiple SQL injection vulnerabilities in the...

Mon, 15 Mar 2010 00:00:00 +0100

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2)...

Critical - CVE-2009-4001 - Integer overflow in XnView before 1.97.2 might...

Mon, 15 Mar 2010 00:00:00 +0100

Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.

NA - DSA-2016 - drupal6 -- several vulnerabilities

Sat, 13 Mar 2010 00:00:00 +0100

Several vulnerabilities (SA-CORE-2010-001) have been discovered indrupal6, a fully-featured content management framework. Installation cross site scripting A user-supplied value is directly...

High - DSA-2014 - moin -- several vulnerabilities

Fri, 12 Mar 2010 00:00:00 +0100

Several vulnerabilities have been discovered in moin, a python clone ofWikiWiki.The Common Vulnerabilities and Exposures project identifies thefollowing problems CVE-2010-0668 Multiple...

Critical - VU#280613 - Apache mod_isapi module library unload results in orphaned callback pointers

Thu, 11 Mar 2010 00:00:00 +0100

<div id="vu" class="vu" style="clear:both;"><H1>Vulnerability Note VU#280613</H1><H2>Apache mod_isapi module library unload results in orphaned...

High - USN-911-1 - MoinMoin vulnerabilities

Thu, 11 Mar 2010 00:00:00 +0100

A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of ...

Medium - USN-909-1 - dpkg vulnerability

Thu, 11 Mar 2010 00:00:00 +0100

A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of ...

Low - MDVSA-2010:061 - Problem Description: Multiple...

Thu, 11 Mar 2010 00:00:00 +0100

Problem Description: Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the...

NA - DSA-2013 - egroupware -- several vulnerabilities

Thu, 11 Mar 2010 00:00:00 +0100

Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-basedgroupware suite Missing input sanitising in the spellchecker integrationmay lead to the execution of arbitrary commands and...

High - DSA-2012 - linux-2.6 -- privilege escalation/denial of service

Thu, 11 Mar 2010 00:00:00 +0100

Two vulnerabilities have been discovered in the Linux kernel thatmay lead to a denial of service or privilege escalation. The CommonVulnerabilities and Exposures project identifies the following...

Medium - USN-908-1 - Apache vulnerabilities

Wed, 10 Mar 2010 00:00:00 +0100

A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of ...

Medium - MDVSA-2010:060 - Problem Description: A vulnerability has...

Wed, 10 Mar 2010 00:00:00 +0100

Problem Description: A vulnerability has been found and corrected in squid: The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers...

Low - MDVSA-2010:059 - Problem Description: A vulnerability has...

Wed, 10 Mar 2010 00:00:00 +0100

Problem Description: A vulnerability has been found and corrected in virtualbox: Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x,...

Medium - DSA-2011 - dpkg -- path traversal

Wed, 10 Mar 2010 00:00:00 +0100

William Grant discovered that the dpkg-source component of dpkg, thelow-level infrastructure for handling the installation and removal ofDebian software packages, is vulnerable to path traversal...

Medium - DSA-2010 - kvm -- privilege escalation/denial of service

Wed, 10 Mar 2010 00:00:00 +0100

Several local vulnerabilities have been discovered in kvm, a fullvirtualization system. The Common Vulnerabilities and Exposures projectidentifies the following problems CVE-2010-0298 ...

Medium - CVE-2010-0962 - The FTP proxy server in Apple AirPort Express,...

Wed, 10 Mar 2010 00:00:00 +0100

The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows...

High - CVE-2010-0961 - Buffer overflow in qoslist in...

Wed, 10 Mar 2010 00:00:00 +0100

Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.

High - CVE-2010-0960 - Buffer overflow in qosmod in bos.net.tcp.server...

Wed, 10 Mar 2010 00:00:00 +0100

Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.

Medium - CVE-2010-0959 - Cross-site scripting (XSS) vulnerability in...

Wed, 10 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.

Medium - CVE-2010-0958 - Directory traversal vulnerability in...

Wed, 10 Mar 2010 00:00:00 +0100

Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via...

Medium - CVE-2010-0957 - Directory traversal vulnerability in...

Wed, 10 Mar 2010 00:00:00 +0100

Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences...

High - CVE-2010-0956 - SQL injection vulnerability in index.php in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

High - CVE-2010-0955 - SQL injection vulnerability in index.php in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

High - CVE-2010-0954 - SQL injection vulnerability in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.

Medium - CVE-2010-0953 - Directory traversal vulnerability in mod.php in...

Wed, 10 Mar 2010 00:00:00 +0100

Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.

Medium - CVE-2010-0952 - SQL injection vulnerability in index.php in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.

High - CVE-2010-0951 - SQL injection vulnerability in go_target.php in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.

High - CVE-2010-0950 - Multiple SQL injection vulnerabilities in...

Wed, 10 Mar 2010 00:00:00 +0100

Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.

Medium - CVE-2010-0949 - Multiple cross-site scripting (XSS)...

Wed, 10 Mar 2010 00:00:00 +0100

Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.

Medium - CVE-2010-0948 - SQL injection vulnerability in profil.php in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Medium - CVE-2010-0947 - Cross-site scripting (XSS) vulnerability in...

Wed, 10 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Low - CVE-2010-0926 - The default configuration of smbd in Samba...

Wed, 10 Mar 2010 00:00:00 +0100

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory...

Critical - CVE-2010-0806 - Use-after-free vulnerability in the Peer...

Wed, 10 Mar 2010 00:00:00 +0100

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving...

Low - CVE-2010-0791 - The (1) ncpmount, (2) ncpumount, and (3)...

Wed, 10 Mar 2010 00:00:00 +0100

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via...

Low - CVE-2010-0790 - sutil/ncpumount.c in ncpumount in ncpfs 2.2.6...

Wed, 10 Mar 2010 00:00:00 +0100

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of...

High - CVE-2010-0728 - smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when...

Wed, 10 Mar 2010 00:00:00 +0100

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via...

Critical - CVE-2010-0447 - The helpmanager servlet in the web server in HP...

Wed, 10 Mar 2010 00:00:00 +0100

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute...

Critical - CVE-2010-0418 - The web interface in chumby one before 1.0.4...

Wed, 10 Mar 2010 00:00:00 +0100

The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.

Critical - CVE-2010-0265 - Buffer overflow in Microsoft Windows Movie...

Wed, 10 Mar 2010 00:00:00 +0100

Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka...

Critical - CVE-2010-0264 - Microsoft Office Excel 2002 SP3, Office 2004...

Wed, 10 Mar 2010 00:00:00 +0100

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute...

Critical - CVE-2010-0263 - Microsoft Office Excel 2007 SP1 and SP2; Office...

Wed, 10 Mar 2010 00:00:00 +0100

Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007...

Critical - CVE-2010-0262 - Microsoft Office Excel 2007 SP1 and SP2 and...

Wed, 10 Mar 2010 00:00:00 +0100

Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka...

Critical - CVE-2010-0261 - Heap-based buffer overflow in Microsoft Office...

Wed, 10 Mar 2010 00:00:00 +0100

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute...

Critical - CVE-2010-0260 - Heap-based buffer overflow in Microsoft Office...

Wed, 10 Mar 2010 00:00:00 +0100

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2...

Critical - CVE-2010-0258 - Microsoft Office Excel 2002 SP3, 2003 SP3, and...

Wed, 10 Mar 2010 00:00:00 +0100

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack...

Critical - CVE-2010-0257 - Microsoft Office Excel 2002 SP3 does not...

Wed, 10 Mar 2010 00:00:00 +0100

Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel...

Critical - CVE-2010-0103 - UsbCharger.dll in the Energizer DUO USB battery...

Wed, 10 Mar 2010 00:00:00 +0100

UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%system32 directory, which allows remote attackers...

Medium - CVE-2009-4697 - Multiple cross-site scripting (XSS)...

Wed, 10 Mar 2010 00:00:00 +0100

Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and...

High - CVE-2009-4696 - SQL injection vulnerability in index.php in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.

High - CVE-2009-4695 - SQL injection vulnerability in index.php in...

Wed, 10 Mar 2010 00:00:00 +0100

SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.

Medium - CVE-2009-4694 - Cross-site scripting (XSS) vulnerability in...

Wed, 10 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action....

High - CVE-2009-4693 - Multiple PHP remote file inclusion...

Wed, 10 Mar 2010 00:00:00 +0100

Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3)...

Medium - CVE-2009-4692 - Cross-site scripting (XSS) vulnerability in...

Wed, 10 Mar 2010 00:00:00 +0100

Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.