Weekly Vulnerabilities Reports > January 19 to 25, 2009
Overview
103 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 82 products from 63 vendors including Apple, Microsoft, Modxcms, Typo3, and ASP DEV. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Improper Input Validation".
- 99 reported vulnerabilities are remotely exploitables.
- 48 reported vulnerabilities have public exploit available.
- 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 94 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
25 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-01-23 | CVE-2009-0263 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file. | 10.0 |
| 2009-01-23 | CVE-2008-5963 | Gravity GTD | Improper Input Validation vulnerability in Gravity-Gtd 0.2/0.3/0.4 Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter. | 10.0 |
| 2009-01-22 | CVE-2009-0258 | Typo3 | Improper Input Validation vulnerability in Typo3 The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. | 10.0 |
| 2009-01-21 | CVE-2008-3865 | Trend Micro | Buffer Errors vulnerability in Trend Micro products Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. | 10.0 |
| 2009-01-20 | CVE-2009-0178 | IBM | Unspecified vulnerability in IBM Hardware Management Console 7.3.2.0 Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. | 10.0 |
| 2009-01-20 | CVE-2008-5911 | Realnetworks | Buffer Errors vulnerability in Realnetworks Helix Server and Helix Server Mobile Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request. | 10.0 |
| 2009-01-23 | CVE-2009-0262 | Trilogic | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trilogic Media Player 7/8.0.0.0 Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. | 9.3 |
| 2009-01-23 | CVE-2009-0261 | Effectmatrix | Buffer Errors vulnerability in Effectmatrix Total Video Player 1.31 Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value. | 9.3 |
| 2009-01-22 | CVE-2009-0259 | Openoffice | Resource Management Errors vulnerability in Openoffice Openoffice.Org The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. | 9.3 |
| 2009-01-22 | CVE-2009-0254 | Easyhdr | Buffer Errors vulnerability in Easyhdr 1.60.2 Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file. | 9.3 |
| 2009-01-22 | CVE-2009-0246 | Easyhdr | Buffer Errors vulnerability in Easyhdr 1.60.2 Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file. | 9.3 |
| 2009-01-21 | CVE-2009-0007 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms. | 9.3 |
| 2009-01-21 | CVE-2009-0006 | Apple | Numeric Errors vulnerability in Apple Quicktime Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow. | 9.3 |
| 2009-01-21 | CVE-2009-0005 | Apple Microsoft | Resource Management Errors vulnerability in Apple Quicktime Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption. | 9.3 |
| 2009-01-21 | CVE-2009-0004 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file. | 9.3 |
| 2009-01-21 | CVE-2009-0003 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure. | 9.3 |
| 2009-01-21 | CVE-2009-0002 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms. | 9.3 |
| 2009-01-21 | CVE-2009-0001 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. | 9.3 |
| 2009-01-21 | CVE-2009-0219 | Research IN Motion Limited | Resource Management Errors vulnerability in Research in Motion Limited products The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file. | 9.3 |
| 2009-01-20 | CVE-2009-0182 | Vuplayer | Classic Buffer Overflow vulnerability in Vuplayer Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line. | 9.3 |
| 2009-01-20 | CVE-2009-0181 | Vuplayer | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Vuplayer Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters. | 9.3 |
| 2009-01-20 | CVE-2008-4388 | Symantec | Improper Input Validation vulnerability in Symantec Appstream Client 5.2 The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. | 9.3 |
| 2009-01-20 | CVE-2009-0176 | Research IN Motion Limited | Buffer Errors vulnerability in Research in Motion Limited products Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps." | 9.3 |
| 2009-01-20 | CVE-2009-0175 | Heathcosoft | Buffer Errors vulnerability in Heathcosoft MP3 Trackmaker 1.5 Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an invalid .mp3 file. | 9.3 |
| 2009-01-20 | CVE-2009-0174 | Vuplayer | Buffer Errors vulnerability in Vuplayer 2.49 Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file. | 9.3 |
30 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-01-21 | CVE-2009-0244 | Microsoft | Path Traversal vulnerability in Microsoft Windows Mobile 5.0/6.0 Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. | 8.8 |
| 2009-01-22 | CVE-2008-5937 | Zkesoft | Improper Input Validation vulnerability in Zkesoft Ayeview 2.20 AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values. | 7.8 |
| 2009-01-22 | CVE-2009-0008 | Apple Microsoft | Improper Input Validation vulnerability in Apple Quicktime Mpeg-2 Playback Component Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. | 7.6 |
| 2009-01-23 | CVE-2008-5960 | Tribiq | SQL Injection vulnerability in Tribiq CMS 5.0.10B/5.0.11E SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. | 7.5 |
| 2009-01-23 | CVE-2008-5959 | Active WEB Softwares | SQL Injection vulnerability in Active web Softwares Active Test 2.1 Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). | 7.5 |
| 2009-01-23 | CVE-2008-5958 | Activewebsoftwares | SQL Injection vulnerability in Activewebsoftwares Active Test 2.1 Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp. | 7.5 |
| 2009-01-23 | CVE-2008-5957 | Mydyngallery Joomla | SQL Injection vulnerability in Mydyngallery SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. | 7.5 |
| 2009-01-23 | CVE-2008-5955 | Phpstreet | SQL Injection vulnerability in PHPstreet Webboard 1.0 SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-01-23 | CVE-2008-5953 | KTP Computer Customer Database | Path Traversal vulnerability in KTP Computer Customer Database KTP Computer Customer Database NIL Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2009-01-23 | CVE-2008-5950 | Aspapps | SQL Injection vulnerability in Aspapps Template Creature NIL SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. | 7.5 |
| 2009-01-23 | CVE-2008-5949 | Tiddlywiki | Code Injection vulnerability in Tiddlywiki Cctiddly 1.7.4/1.7.6 Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php. | 7.5 |
| 2009-01-23 | CVE-2008-5948 | Bncwi | Path Traversal vulnerability in Bncwi 1.03 Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2009-01-22 | CVE-2009-0256 | Typo3 | Improper Authentication vulnerability in Typo3 Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | 7.5 |
| 2009-01-22 | CVE-2009-0255 | Typo3 Debian | Use of Insufficiently Random Values vulnerability in multiple products The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | 7.5 |
| 2009-01-22 | CVE-2008-2384 | Joey Schulze Apache | SQL Injection vulnerability in Joey Schulze MOD Auth Mysql SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. | 7.5 |
| 2009-01-22 | CVE-2009-0252 | Enthrallweb | SQL Injection vulnerability in Enthrallweb Ereservations Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). | 7.5 |
| 2009-01-22 | CVE-2008-5946 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion 4.01 SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 7.5 |
| 2009-01-22 | CVE-2008-5945 | Nukevietcms | Improper Authentication vulnerability in Nukevietcms Nukeviet 2.0 Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. | 7.5 |
| 2009-01-22 | CVE-2008-5943 | Navboard | Path Traversal vulnerability in Navboard 16 Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2009-01-21 | CVE-2008-5934 | Cmsisweb | SQL Injection vulnerability in Cmsisweb CMS Isweb 3.0 SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter. | 7.5 |
| 2009-01-21 | CVE-2008-5930 | THE NET Guys | SQL Injection vulnerability in the NET Guys Aspired2Blog SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter. | 7.5 |
| 2009-01-21 | CVE-2008-5928 | Flds Script | SQL Injection vulnerability in Flds-Script Flds 1.2A SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-01-21 | CVE-2008-5927 | China ON Site | SQL Injection vulnerability in China-On-Site Flexphpnews 0.0.6 Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. | 7.5 |
| 2009-01-21 | CVE-2008-5926 | ASP DEV | SQL Injection vulnerability in Asp-Dev Internal E-Mail System Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). | 7.5 |
| 2009-01-21 | CVE-2008-5924 | ASP DEV | SQL Injection vulnerability in Asp-Dev XM Events Diary SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2009-01-21 | CVE-2008-5923 | ASP DEV | SQL Injection vulnerability in Asp-Dev XM Events Diary SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter. | 7.5 |
| 2009-01-21 | CVE-2008-5922 | Cfagcms | Code Injection vulnerability in Cfagcms 1.0 Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters. | 7.5 |
| 2009-01-21 | CVE-2008-5921 | Umerinc | SQL Injection vulnerability in Umerinc Songs Portal SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-01-21 | CVE-2008-5920 | Tigris | Code Injection vulnerability in Tigris Websvn The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. | 7.5 |
| 2009-01-20 | CVE-2009-0180 | NFS Redhat | Permissions, Privileges, and Access Controls vulnerability in NFS Nfs-Utils Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. | 7.5 |
41 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-01-23 | CVE-2008-5964 | Impresscms | Improper Authentication vulnerability in Impresscms Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
| 2009-01-23 | CVE-2008-5962 | Gravity GTD | Path Traversal vulnerability in Gravity-Gtd 0.2/0.3/0.4 Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-01-23 | CVE-2008-5954 | KTP Computer Customer Database | SQL Injection vulnerability in KTP Computer Customer Database KTP Computer Customer Database NIL SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. | 6.8 |
| 2009-01-22 | CVE-2009-0253 | Mozilla | Remote Security vulnerability in Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack. | 6.8 |
| 2009-01-22 | CVE-2008-3820 | Cisco | Remote Unauthorized TCP Port Access vulnerability in Cisco Security Manager IPS Event Viewer Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports. | 6.8 |
| 2009-01-22 | CVE-2008-5947 | Yapbb | Code Injection vulnerability in Yapbb 1.2 PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter. | 6.8 |
| 2009-01-22 | CVE-2008-5940 | Modxcms | SQL Injection vulnerability in Modxcms SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. | 6.8 |
| 2009-01-22 | CVE-2008-5938 | Modxcms | Code Injection vulnerability in Modxcms PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. | 6.8 |
| 2009-01-21 | CVE-2008-5919 | Tigris | Path Traversal vulnerability in Tigris Websvn Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. | 6.8 |
| 2009-01-22 | CVE-2009-0251 | Ryneezy | Code Injection vulnerability in Ryneezy Phosheezy 0.2 Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. | 6.5 |
| 2009-01-23 | CVE-2008-5952 | KTP Computer Customer Database | SQL Injection vulnerability in KTP Computer Customer Database KTP Computer Customer Database NIL SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI. | 6.0 |
| 2009-01-22 | CVE-2008-5941 | Modxcms | Cross-Site Request Forgery (CSRF) vulnerability in Modxcms Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | 6.0 |
| 2009-01-23 | CVE-2008-5956 | Phpstreet | Permissions, Privileges, and Access Controls vulnerability in PHPstreet Webboard 1.0 Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | 5.0 |
| 2009-01-23 | CVE-2008-5951 | Aspapps | Permissions, Privileges, and Access Controls vulnerability in Aspapps Template Creature NIL ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | 5.0 |
| 2009-01-22 | CVE-2009-0250 | Ryneezy | Permissions, Privileges, and Access Controls vulnerability in Ryneezy Phosheezy 0.2 Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password. | 5.0 |
| 2009-01-22 | CVE-2009-0249 | Katywhitton | Permissions, Privileges, and Access Controls vulnerability in Katywhitton Rankem Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb. | 5.0 |
| 2009-01-22 | CVE-2008-5936 | Mini PUB | Information Exposure vulnerability in Mini-Pub 0.1/0.1.1/0.1.2 front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter. | 5.0 |
| 2009-01-21 | CVE-2008-3864 | Trend Micro | Improper Input Validation vulnerability in Trend Micro products The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. | 5.0 |
| 2009-01-21 | CVE-2008-5935 | Factosystem | Permissions, Privileges, and Access Controls vulnerability in Factosystem Weblog Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. | 5.0 |
| 2009-01-21 | CVE-2008-5932 | Codeavalanche | Permissions, Privileges, and Access Controls vulnerability in Codeavalanche Freeforum NIL CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. | 5.0 |
| 2009-01-21 | CVE-2008-5931 | THE NET Guys | Permissions, Privileges, and Access Controls vulnerability in the NET Guys Aspired2Blog The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. | 5.0 |
| 2009-01-21 | CVE-2008-5929 | Vpasp | Permissions, Privileges, and Access Controls vulnerability in Vpasp Vp-Asp Shopping Cart 6.50 VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. | 5.0 |
| 2009-01-21 | CVE-2008-5925 | ASP DEV | Permissions, Privileges, and Access Controls vulnerability in Asp-Dev XM Events Diary ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | 5.0 |
| 2009-01-20 | CVE-2009-0177 | Vmware | Resource Management Errors vulnerability in VMWare products vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command. | 5.0 |
| 2009-01-20 | CVE-2008-5913 | Mozilla | Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | 4.9 |
| 2009-01-21 | CVE-2008-3866 | Trend Micro | Improper Authentication vulnerability in Trend Micro products The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. | 4.6 |
| 2009-01-21 | CVE-2008-5916 | GIT | Permissions, Privileges, and Access Controls vulnerability in GIT gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | 4.6 |
| 2009-01-23 | CVE-2009-0260 | Moinmoin | Cross-Site Scripting vulnerability in Moinmoin Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable). | 4.3 |
| 2009-01-23 | CVE-2008-5961 | Tribiq | Cross-Site Scripting vulnerability in Tribiq CMS 5.0.10B/5.0.11E Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. | 4.3 |
| 2009-01-22 | CVE-2009-0257 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | 4.3 |
| 2009-01-22 | CVE-2009-0057 | Cisco | Improper Input Validation vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." | 4.3 |
| 2009-01-22 | CVE-2009-0248 | Katywhitton | Cross-Site Scripting vulnerability in Katywhitton Rankem Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter. | 4.3 |
| 2009-01-22 | CVE-2009-0247 | 53Kf | Cross-Site Scripting vulnerability in 53Kf web IM 2009 NIL The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable. | 4.3 |
| 2009-01-22 | CVE-2008-5942 | Modxcms | Cross-Site Scripting vulnerability in Modxcms Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939. | 4.3 |
| 2009-01-22 | CVE-2008-5939 | Modxcms | Cross-Site Scripting vulnerability in Modxcms Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. | 4.3 |
| 2009-01-22 | CVE-2009-0245 | Usagi | Cross-Site Scripting vulnerability in Usagi Mynets Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629. | 4.3 |
| 2009-01-21 | CVE-2008-5933 | Cmsisweb | Cross-Site Scripting vulnerability in Cmsisweb CMS Isweb 3.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. | 4.3 |
| 2009-01-21 | CVE-2008-5918 | Tigris | Cross-Site Scripting vulnerability in Tigris Websvn Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2009-01-21 | CVE-2008-5917 | Horde Microsoft | Cross-Site Scripting vulnerability in Horde Application Framework 3.2.2/3.3 Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | 4.3 |
| 2009-01-20 | CVE-2009-0179 | Igno Saitz | Remote Denial of Service vulnerability in libmikmod '.XM' File libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. | 4.3 |
| 2009-01-20 | CVE-2007-6720 | Igno Saitz | Sound Channel Media Playback Remote Denial of Service vulnerability in libmikmod libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels. | 4.3 |
7 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-01-21 | CVE-2009-0240 | Tigris | Permissions, Privileges, and Access Controls vulnerability in Tigris Websvn 2.0 listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. | 3.5 |
| 2009-01-22 | CVE-2008-5944 | Navboard | Cross-Site Scripting vulnerability in Navboard 16 Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter. | 2.6 |
| 2009-01-20 | CVE-2008-5915 | Unspecified vulnerability in Google Chrome An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. | 2.1 | |
| 2009-01-20 | CVE-2008-5914 | Apple | Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. | 2.1 |
| 2009-01-20 | CVE-2008-5912 | Microsoft | Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. | 2.1 |
| 2009-01-20 | CVE-2008-2368 | Redhat | Credentials Management vulnerability in Redhat Certificate System 7.2 Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. | 2.1 |
| 2009-01-20 | CVE-2008-2367 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Certificate System 7.2 Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. | 2.1 |