Thinking OPEN

Contributor Archive

Acidcat Cms 3.5.3 and prior [High]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts…

CVE Identifier: CVE-2010-0976
Vulnerability Type(s):
Severity: High



Barnowl 1.5 and prior [High]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header….

CVE Identifier: CVE-2010-0793
Vulnerability Type(s):
Severity: High



Enterprise Linux 4 [Medium]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call….

CVE Identifier: CVE-2010-0729
Vulnerability Type(s):
Severity: Medium



Kernel 6 and prior [Medium]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file’s permissions….

CVE Identifier: CVE-2010-0727
Vulnerability Type(s):
Severity: Medium



Php 5.3.1 [Medium]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument….

CVE Identifier: CVE-2010-0397
Vulnerability Type(s):
Severity: Medium



Phpcityportal [High]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter….

CVE Identifier: CVE-2010-0975
Vulnerability Type(s):
Severity: High



Phpcityportal [High]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php….

CVE Identifier: CVE-2010-0974
Vulnerability Type(s):
Severity: High



Domain Verkaus And Auktions Portal [High]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter….

CVE Identifier: CVE-2010-0973
Vulnerability Type(s):
Severity: High



Com Gcalendar 2.1.5 and prior [High]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a ….

CVE Identifier: CVE-2010-0972
Vulnerability Type(s):
Severity: High



Atutor 1.6.4 [Low]

By Security Team • Mar 16th, 2010 • Category: Security Notifications

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php…

CVE Identifier: CVE-2010-0971
Vulnerability Type(s):
Severity: Low