Weekly Vulnerabilities Reports > January 5 to 11, 2009

Overview

77 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 62 vendors including Joomla, Joomlahbs, Phpauctions, Phpclanwebsite, and Constructr. Vulnerabilities are notably categorized as "SQL Injection", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Path Traversal", and "Improper Authentication".

  • 75 reported vulnerabilities are remotely exploitables.
  • 41 reported vulnerabilities have public exploit available.
  • 40 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 74 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-08 CVE-2009-0043 CA Permissions, Privileges, and Access Controls vulnerability in CA Service Level Management and Service Metric Analysis

The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.

10.0
2009-01-08 CVE-2008-0067 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.51

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.

10.0
2009-01-07 CVE-2008-5866 Proxim Code Injection vulnerability in Proxim Tsunami Mp.11 2411 3.0.3

The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables.

10.0
2009-01-07 CVE-2009-0065 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.

10.0
2009-01-06 CVE-2008-5848 Advantech Credentials Management vulnerability in Advantech products

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity.

10.0
2009-01-08 CVE-2009-0070 Apple Numeric Errors vulnerability in Apple Safari

Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.

9.3
2009-01-08 CVE-2008-5876 Irrlicht Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irrlicht

Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader.

9.3
2009-01-08 CVE-2008-4827 Componentone
SAP
Servantix
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

9.3
2009-01-08 CVE-2008-5868 Intellitamper Buffer Errors vulnerability in Intellitamper 2.07/2.08

Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute arbitrary code via a long ProxyLogin value in a configuration (.cfg) file.

9.3
2009-01-05 CVE-2008-5839 Foxmail Buffer Errors vulnerability in Foxmail 6.5

Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element.

9.3

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-08 CVE-2008-5872 Nortel Improper Input Validation vulnerability in Nortel Multimedia Communication Server 5100 3.0.13

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.

7.8
2009-01-07 CVE-2009-0066 Intel Security Bypass vulnerability in Intel Trusted Execution Technology NIL

Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot.

7.6
2009-01-09 CVE-2009-0111 Goople CMS SQL Injection vulnerability in Goople CMS Goople CMS

SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-01-09 CVE-2009-0110 Riotpix SQL Injection vulnerability in Riotpix

SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2009-01-09 CVE-2009-0109 Riotpix SQL Injection vulnerability in Riotpix

SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-01-09 CVE-2009-0108 Phpauctions Permissions, Privileges, and Access Controls vulnerability in PHPauctions NIL

PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.

7.5
2009-01-09 CVE-2009-0106 Phpauctions SQL Injection vulnerability in PHPauctions NIL

SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

7.5
2009-01-09 CVE-2009-0104 SE ED SQL Injection vulnerability in Se-Ed Ezpack 4.2

SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action.

7.5
2009-01-09 CVE-2009-0103 Playsms Code Injection vulnerability in Playsms 0.9.3

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.

7.5
2009-01-09 CVE-2008-5882 Citrix
Avaya
SQL Injection vulnerability in multiple products

SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.

7.5
2009-01-09 CVE-2008-5881 Playsms Path Traversal vulnerability in Playsms 0.9.3

Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php.

7.5
2009-01-08 CVE-2008-5880 Gobbl Improper Authentication vulnerability in Gobbl CMS 1.0

admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".

7.5
2009-01-08 CVE-2008-5875 Joomlahbs
Joomla
SQL Injection vulnerability in Joomlahbs products

SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.

7.5
2009-01-08 CVE-2008-5874 Joomlahbs
Joomla
SQL Injection vulnerability in Joomlahbs products

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module.

7.5
2009-01-08 CVE-2008-5873 Yerba Permissions, Privileges, and Access Controls vulnerability in Yerba 6.28

Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.

7.5
2009-01-06 CVE-2008-5865 Joomlahbs
Joomla
SQL Injection vulnerability in Joomlahbs Hotel Booking Reservation System 1.0.0

SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.

7.5
2009-01-06 CVE-2008-5864 Joomlahbs
Joomla
SQL Injection vulnerability in Joomlahbs products

SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.

7.5
2009-01-06 CVE-2008-5863 Woltlab
V GN
SQL Injection vulnerability in V-Gn Userlocator 3.0

SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.

7.5
2009-01-06 CVE-2008-5851 Mypbs SQL Injection vulnerability in Mypbs NIL

SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter.

7.5
2009-01-05 CVE-2008-5844 PHP Configuration vulnerability in PHP 5.2.7

PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks.

7.5
2009-01-05 CVE-2008-5841 Igamingcms SQL Injection vulnerability in Igamingcms Igaming CMS 1.3.1/1.4.2

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.

7.5
2009-01-05 CVE-2008-5840 Phpicalendar Permissions, Privileges, and Access Controls vulnerability in PHPicalendar and PHPicalendar2.0

PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.

7.5
2009-01-05 CVE-2008-5838 Ephpscripts SQL Injection vulnerability in Ephpscripts E-Shop Shopping Cart

SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5

42 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-09 CVE-2009-0112 Expinion Cross-Site Request Forgery (CSRF) vulnerability in Expinion Poll PRO 3.0

Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.

6.8
2009-01-08 CVE-2008-5877 Phpclanwebsite SQL Injection vulnerability in PHPclanwebsite

Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444.

6.8
2009-01-07 CVE-2009-0068 Freedesktop
Mozilla
Code Injection vulnerability in Freedesktop Xdg-Utils 1.0

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.

6.8
2009-01-07 CVE-2009-0025 ISC Improper Authentication vulnerability in ISC Bind

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

6.8
2009-01-06 CVE-2008-5857 Knowledgetree Document Management Multiple Unspecified vulnerability in KnowledgeTree

The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests.

6.5
2009-01-08 CVE-2008-5871 Nortel Credentials Management vulnerability in Nortel Multimedia Communication Server 5100 3.0.13

Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.

6.4
2009-01-05 CVE-2009-0022 Samba Improper Input Validation vulnerability in Samba

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

6.3
2009-01-07 CVE-2008-5077 Openssl Improper Input Validation vulnerability in Openssl

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

5.8
2009-01-08 CVE-2008-5878 Phpclanwebsite Path Traversal vulnerability in PHPclanwebsite

Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a ..

5.1
2009-01-06 CVE-2008-5860 Constructr Path Traversal vulnerability in Constructr Constructr-Cms

Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.

5.1
2009-01-06 CVE-2008-5859 Constructr SQL Injection vulnerability in Constructr Constructr-Cms

SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.

5.1
2009-01-09 CVE-2009-0113 Joomla Path Traversal vulnerability in Joomla Xstandard

Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a ..

5.0
2009-01-08 CVE-2008-3819 Cisco Remote Denial Of Service vulnerability in Cisco Global Site Selector DNS Server

dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.

5.0
2009-01-07 CVE-2008-5867 Yerba Path Traversal vulnerability in Yerba 6.3

Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component.

5.0
2009-01-07 CVE-2009-0051 Zxid Improper Authentication vulnerability in Zxid

ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

5.0
2009-01-07 CVE-2009-0049 EID Improper Authentication vulnerability in EID Eidlib

Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

5.0
2009-01-07 CVE-2009-0048 Openevidence Improper Authentication vulnerability in Openevidence 1.0.5

OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

5.0
2009-01-07 CVE-2009-0047 Gale Cryptographic Issues vulnerability in Gale

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

5.0
2009-01-07 CVE-2009-0046 SUN Improper Authentication vulnerability in SUN Grid Engine 5.3

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

5.0
2009-01-07 CVE-2009-0021 NTP Improper Authentication vulnerability in NTP

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

5.0
2009-01-06 CVE-2008-5862 Webcamxp Path Traversal vulnerability in Webcamxp 5.3.2.375/5.3.2.410

Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.

5.0
2009-01-06 CVE-2008-5861 Freelyrics Path Traversal vulnerability in Freelyrics 1.0

Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter.

5.0
2009-01-06 CVE-2008-5856 Class Path Traversal vulnerability in Class

Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.

5.0
2009-01-06 CVE-2008-5855 Myphpscripts Permissions, Privileges, and Access Controls vulnerability in Myphpscripts Login Session 2.0

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.

5.0
2009-01-06 CVE-2008-5853 Chicomas Permissions, Privileges, and Access Controls vulnerability in Chicomas 2.0.3

Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.

5.0
2009-01-06 CVE-2008-5852 Emefa Permissions, Privileges, and Access Controls vulnerability in Emefa Guestbook 3.0

Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb.

5.0
2009-01-06 CVE-2008-5849 Checkpoint Information Exposure vulnerability in Checkpoint Vpn-1 R55/R65

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

5.0
2009-01-05 CVE-2004-2761 Ietf Cryptographic Issues vulnerability in Ietf MD5

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

5.0
2009-01-07 CVE-2009-0069 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors.

4.9
2009-01-05 CVE-2008-5843 Pdfjam Unspecified vulnerability in Pdfjam NIL

Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a Trojan horse program in (1) the current working directory or (2) /var/tmp, related to the (a) pdf90, (b) pdfjoin, and (c) pdfnup scripts.

4.6
2009-01-09 CVE-2009-0107 Phpauctions Cross-Site Scripting vulnerability in PHPauctions NIL

Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

4.3
2009-01-09 CVE-2009-0105 SE ED Cross-Site Scripting vulnerability in Se-Ed Ezpack 4.2

Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action.

4.3
2009-01-08 CVE-2009-0072 Microsoft Remote Denial of Service vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.

4.3
2009-01-08 CVE-2008-5879 Phpclanwebsite Cross-Site Scripting vulnerability in PHPclanwebsite

Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors.

4.3
2009-01-08 CVE-2008-5870 Faststone Improper Input Validation vulnerability in Faststone Image Viewer 3.6

FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.

4.3
2009-01-08 CVE-2008-5869 Proxim Cross-Site Scripting vulnerability in Proxim Tsunami Mp.11 2411 3.0.3

Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID.

4.3
2009-01-07 CVE-2009-0050 Entrouvert Improper Input Validation vulnerability in Entrouvert Lasso 1.9.9.0/2.0.01/2.2.10

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

4.3
2009-01-06 CVE-2008-5858 Knowledgetree Document Management Cross-Site Scripting vulnerability in Knowledgetree Document Management Knowledgetree Document Management

Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281.

4.3
2009-01-06 CVE-2008-5854 Myphpscripts Cross-Site Scripting vulnerability in Myphpscripts Login Session 2.0

Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action.

4.3
2009-01-05 CVE-2008-5845 Sixapart Cross-Site Scripting vulnerability in Sixapart Movable Type

Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.

4.3
2009-01-05 CVE-2008-5842 Fujitsu Siemens Cross-Site Scripting vulnerability in Fujitsu-Siemens Webtransactions 6.0/7.0/7.1

Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application."

4.3
2009-01-05 CVE-2008-5846 Sixapart Permissions, Privileges, and Access Controls vulnerability in Sixapart Movable Type

Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-08 CVE-2009-0071 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call.

2.6
2009-01-05 CVE-2008-5847 Constructr Credentials Management vulnerability in Constructr Constructr-Cms

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

2.6