Monthly Archive: March 2010

Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has...

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or...

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a...

The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared...

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to...

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via...

SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38802 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/

SQL injection vulnerability in the CleanDB – DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38800 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/

Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38805 http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/

SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38805 http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/

Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38797...

The TYPO3 Security – Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38799 http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/

Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38818 http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/

Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-03-19 http://www.securityfocus.com/bid/38796 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/