CVE-2010-0966
published 2010-03-16CVE-2010-0966: PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.40%
81.9th percentile
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dzcp | dev_!l_z_clanportal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
bugzilla·2010-12-06·CVSS 9.3
CVE-2010-3777 [CRITICAL] CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of
these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
Igor Bukanov reported a memory safety problem that was fixed in Firefox 3.6
only.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2010:0966 https://rhn.redhat.com/errata/RHSA-2010-0966.html
---
Bugzilla
CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
bugzilla·2010-12-06·CVSS 9.3
CVE-2010-3776 [CRITICAL] CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of
these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
Jesee Ruderman, Andreas Gal, Nils, and Brian Hackett reported memory safety
problems that affected Firefox 3.6 and Firefox 3.5.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2010:0966 https://rh
Bugzilla
CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)
bugzilla·2010-12-06·CVSS 5.1
CVE-2010-3773 [MEDIUM] CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)
CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)
Mozilla security researcher moz_bug_r_a4 reported that the fix for
CVE-2010-0179 could be circumvented permitting the execution of arbitrary
JavaScript with chrome privileges.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-82.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2010:0966 https://rhn.redhat.com/errata/RHSA-2010-0966.html
Bugzilla
CVE-2010-3774 Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)
bugzilla·2010-12-06·CVSS 4.3
CVE-2010-3774 [MEDIUM] CVE-2010-3774 Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)
CVE-2010-3774 Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)
Google security researcher Michal Zalewski reported that when a window was
opened to a site resulting in a network or certificate error page, the
opening site could access the document inside the opened window and inject
arbitrary content. An attacker could use this bug to spoof the location bar
and trick a user into thinking they were on a different site than they
actually were.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-83.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2010:0966 https://rhn.redhat.com/errata/RHSA-2010-0966.html
Bugzilla
CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78)
bugzilla·2010-12-06·CVSS 9.3
CVE-2010-3768 [CRITICAL] CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78)
CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78)
Mozilla added the OTS font sanitizing library to prevent downloadable fonts
from exposing vulnerabilities in the underlying OS font code. This library
mitigates against several issues independently reported by Red Hat Security
Response Team member Marc Schoenefeld and Mozilla security researcher
Christoph Diehl.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-78.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2010:0966 https://rhn.redhat.com/errata/RHSA-2010-0966.html
Bugzilla
CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)
bugzilla·2010-12-06·CVSS 4.3
CVE-2010-3770 [MEDIUM] CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)
CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the
x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to angle
brackets when displayed by the rendering engine. Sites using these
character encodings would thus be potentially vulnerable to script
injection attacks if their script filtering code fails to strip out these
specific characters.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-84.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2010:0966 https://rhn.re
Bugzilla
CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79)
bugzilla·2010-12-06·CVSS 9.3
CVE-2010-3775 [CRITICAL] CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79)
CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79)
Security researcher Gregory Fleischer reported that when a Java LiveConnect
script was loaded via a data: URL which redirects via a meta refresh, then
the resulting plugin object was created with the wrong security principal
and thus received elevated privileges such as the abilities to read local
files, launch processes, and create network connections.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-79.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2010:0966 https://rhn.redhat.com/errata/RHSA-2010-0966.html
---
This issue has been
2010-03-16
Published