Weekly Vulnerabilities Reports > January 19 to 25, 2009

Overview

109 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 89 products from 66 vendors including Microsoft, Apple, Modxcms, Typo3, and ASP DEV. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Improper Input Validation".

  • 103 reported vulnerabilities are remotely exploitables.
  • 48 reported vulnerabilities have public exploit available.
  • 45 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 99 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

25 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-23 CVE-2009-0263 Nullsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp

Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.

10.0
2009-01-23 CVE-2008-5963 Gravity GTD Improper Input Validation vulnerability in Gravity-Gtd 0.2/0.3/0.4

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.

10.0
2009-01-22 CVE-2009-0258 Typo3 Improper Input Validation vulnerability in Typo3

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

10.0
2009-01-21 CVE-2008-3865 Trend Micro Buffer Errors vulnerability in Trend Micro products

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.

10.0
2009-01-20 CVE-2009-0178 IBM Unspecified vulnerability in IBM Hardware Management Console 7.3.2.0

Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors.

10.0
2009-01-20 CVE-2008-5911 Realnetworks Buffer Errors vulnerability in Realnetworks Helix Server and Helix Server Mobile

Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request.

10.0
2009-01-23 CVE-2009-0262 Trilogic Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trilogic Media Player 7/8.0.0.0

Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file.

9.3
2009-01-23 CVE-2009-0261 Effectmatrix Buffer Errors vulnerability in Effectmatrix Total Video Player 1.31

Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value.

9.3
2009-01-22 CVE-2009-0259 Openoffice Resource Management Errors vulnerability in Openoffice Openoffice.Org

The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.

9.3
2009-01-22 CVE-2009-0254 Easyhdr Buffer Errors vulnerability in Easyhdr 1.60.2

Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file.

9.3
2009-01-22 CVE-2009-0246 Easyhdr Buffer Errors vulnerability in Easyhdr 1.60.2

Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file.

9.3
2009-01-21 CVE-2009-0007 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.

9.3
2009-01-21 CVE-2009-0006 Apple Numeric Errors vulnerability in Apple Quicktime

Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

9.3
2009-01-21 CVE-2009-0005 Apple
Microsoft
Resource Management Errors vulnerability in Apple Quicktime

Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.

9.3
2009-01-21 CVE-2009-0004 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.

9.3
2009-01-21 CVE-2009-0003 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.

9.3
2009-01-21 CVE-2009-0002 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

9.3
2009-01-21 CVE-2009-0001 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.

9.3
2009-01-21 CVE-2009-0219 Research IN Motion Limited Resource Management Errors vulnerability in Research in Motion Limited products

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.

9.3
2009-01-20 CVE-2009-0182 Vuplayer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Vuplayer

Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.

9.3
2009-01-20 CVE-2009-0181 Vuplayer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Vuplayer

Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters.

9.3
2009-01-20 CVE-2008-4388 Symantec Improper Input Validation vulnerability in Symantec Appstream Client 5.2

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

9.3
2009-01-20 CVE-2009-0176 Research IN Motion Limited Buffer Errors vulnerability in Research in Motion Limited products

Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."

9.3
2009-01-20 CVE-2009-0175 Heathcosoft Buffer Errors vulnerability in Heathcosoft MP3 Trackmaker 1.5

Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an invalid .mp3 file.

9.3
2009-01-20 CVE-2009-0174 Vuplayer Buffer Errors vulnerability in Vuplayer 2.49

Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file.

9.3

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-21 CVE-2009-0244 Microsoft Path Traversal vulnerability in Microsoft Windows Mobile 5.0/6.0

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a ..

8.5
2009-01-22 CVE-2008-5937 Zkesoft Improper Input Validation vulnerability in Zkesoft Ayeview 2.20

AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.

7.8
2009-01-22 CVE-2009-0008 Apple
Microsoft
Improper Input Validation vulnerability in Apple Quicktime Mpeg-2 Playback Component

Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.

7.6
2009-01-23 CVE-2008-5960 Tribiq SQL Injection vulnerability in Tribiq CMS 5.0.10B/5.0.11E

SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action.

7.5
2009-01-23 CVE-2008-5959 Active WEB Softwares SQL Injection vulnerability in Active web Softwares Active Test 2.1

Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field).

7.5
2009-01-23 CVE-2008-5958 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Test 2.1

Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.

7.5
2009-01-23 CVE-2008-5957 Mydyngallery
Joomla
SQL Injection vulnerability in Mydyngallery

SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php.

7.5
2009-01-23 CVE-2008-5955 Phpstreet SQL Injection vulnerability in PHPstreet Webboard 1.0

SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-23 CVE-2008-5953 KTP Computer Customer Database Path Traversal vulnerability in KTP Computer Customer Database KTP Computer Customer Database NIL

Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-01-23 CVE-2008-5950 Aspapps SQL Injection vulnerability in Aspapps Template Creature NIL

SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.

7.5
2009-01-23 CVE-2008-5949 Tiddlywiki Code Injection vulnerability in Tiddlywiki Cctiddly 1.7.4/1.7.6

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.

7.5
2009-01-23 CVE-2008-5948 Bncwi Path Traversal vulnerability in Bncwi 1.03

Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-01-22 CVE-2009-0256 Typo3 Improper Authentication vulnerability in Typo3

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

7.5
2009-01-22 CVE-2008-2384 Joey Schulze
Apache
SQL Injection vulnerability in Joey Schulze MOD Auth Mysql

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.

7.5
2009-01-22 CVE-2009-0252 Enthrallweb SQL Injection vulnerability in Enthrallweb Ereservations

Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field).

7.5
2009-01-22 CVE-2008-5946 PHP Fusion SQL Injection vulnerability in PHP-Fusion 4.01

SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

7.5
2009-01-22 CVE-2008-5945 Nukevietcms Improper Authentication vulnerability in Nukevietcms Nukeviet 2.0

Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1.

7.5
2009-01-22 CVE-2008-5943 Navboard Path Traversal vulnerability in Navboard 16

Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a ..

7.5
2009-01-21 CVE-2008-5934 Cmsisweb SQL Injection vulnerability in Cmsisweb CMS Isweb 3.0

SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.

7.5
2009-01-21 CVE-2008-5930 THE NET Guys SQL Injection vulnerability in the NET Guys Aspired2Blog

SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.

7.5
2009-01-21 CVE-2008-5928 Flds Script SQL Injection vulnerability in Flds-Script Flds 1.2A

SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-21 CVE-2008-5927 China ON Site SQL Injection vulnerability in China-On-Site Flexphpnews 0.0.6

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php.

7.5
2009-01-21 CVE-2008-5926 ASP DEV SQL Injection vulnerability in Asp-Dev Internal E-Mail System

Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field).

7.5
2009-01-21 CVE-2008-5924 ASP DEV SQL Injection vulnerability in Asp-Dev XM Events Diary

SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-01-21 CVE-2008-5923 ASP DEV SQL Injection vulnerability in Asp-Dev XM Events Diary

SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.

7.5
2009-01-21 CVE-2008-5922 Cfagcms Code Injection vulnerability in Cfagcms 1.0

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.

7.5
2009-01-21 CVE-2008-5921 Umerinc SQL Injection vulnerability in Umerinc Songs Portal

SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-21 CVE-2009-0241 Ganglia Buffer Errors vulnerability in Ganglia 3.1.1

Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

7.5
2009-01-21 CVE-2008-5920 Tigris Code Injection vulnerability in Tigris Websvn

The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

7.5
2009-01-20 CVE-2009-0180 NFS
Redhat
Permissions, Privileges, and Access Controls vulnerability in NFS Nfs-Utils

Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.

7.5
2009-01-20 CVE-2008-5516 GIT
GIT SCM
Permissions, Privileges, and Access Controls vulnerability in multiple products

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.

7.5
2009-01-21 CVE-2009-0243 Microsoft Configuration vulnerability in Microsoft products

Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file.

7.2

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-23 CVE-2008-5964 Impresscms Improper Authentication vulnerability in Impresscms

Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

6.8
2009-01-23 CVE-2008-5962 Gravity GTD Path Traversal vulnerability in Gravity-Gtd 0.2/0.3/0.4

Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-01-23 CVE-2008-5954 KTP Computer Customer Database SQL Injection vulnerability in KTP Computer Customer Database KTP Computer Customer Database NIL

SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component.

6.8
2009-01-22 CVE-2009-0253 Mozilla Remote Security vulnerability in Mozilla Firefox 3.0.5

Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.

6.8
2009-01-22 CVE-2008-3820 Cisco Remote Unauthorized TCP Port Access vulnerability in Cisco Security Manager IPS Event Viewer

Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.

6.8
2009-01-22 CVE-2008-5947 Yapbb Code Injection vulnerability in Yapbb 1.2

PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.

6.8
2009-01-22 CVE-2008-5940 Modxcms SQL Injection vulnerability in Modxcms

SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter.

6.8
2009-01-22 CVE-2008-5938 Modxcms Code Injection vulnerability in Modxcms

PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.

6.8
2009-01-21 CVE-2008-5919 Tigris Path Traversal vulnerability in Tigris Websvn

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

6.8
2009-01-22 CVE-2009-0251 Ryneezy Code Injection vulnerability in Ryneezy Phosheezy 0.2

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter.

6.5
2009-01-21 CVE-2009-0030 Squirrelmail Improper Authentication vulnerability in Squirrelmail 1.4.8

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface.

6.5
2009-01-23 CVE-2008-5952 KTP Computer Customer Database SQL Injection vulnerability in KTP Computer Customer Database KTP Computer Customer Database NIL

SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.

6.0
2009-01-22 CVE-2008-5941 Modxcms Cross-Site Request Forgery (CSRF) vulnerability in Modxcms

Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.

6.0
2009-01-23 CVE-2008-5956 Phpstreet Permissions, Privileges, and Access Controls vulnerability in PHPstreet Webboard 1.0

Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.

5.0
2009-01-23 CVE-2008-5951 Aspapps Permissions, Privileges, and Access Controls vulnerability in Aspapps Template Creature NIL

ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.

5.0
2009-01-22 CVE-2009-0255 Typo3 Cryptographic Issues vulnerability in Typo3

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

5.0
2009-01-22 CVE-2009-0250 Ryneezy Permissions, Privileges, and Access Controls vulnerability in Ryneezy Phosheezy 0.2

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.

5.0
2009-01-22 CVE-2009-0249 Katywhitton Permissions, Privileges, and Access Controls vulnerability in Katywhitton Rankem

Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.

5.0
2009-01-22 CVE-2008-5936 Mini PUB Information Exposure vulnerability in Mini-Pub 0.1/0.1.1/0.1.2

front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.

5.0
2009-01-21 CVE-2008-3864 Trend Micro Improper Input Validation vulnerability in Trend Micro products

The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.

5.0
2009-01-21 CVE-2008-5935 Factosystem Permissions, Privileges, and Access Controls vulnerability in Factosystem Weblog

Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb.

5.0
2009-01-21 CVE-2008-5932 Codeavalanche Permissions, Privileges, and Access Controls vulnerability in Codeavalanche Freeforum NIL

CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb.

5.0
2009-01-21 CVE-2008-5931 THE NET Guys Permissions, Privileges, and Access Controls vulnerability in the NET Guys Aspired2Blog

The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb.

5.0
2009-01-21 CVE-2008-5929 Vpasp Permissions, Privileges, and Access Controls vulnerability in Vpasp Vp-Asp Shopping Cart 6.50

VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb.

5.0
2009-01-21 CVE-2008-5925 ASP DEV Permissions, Privileges, and Access Controls vulnerability in Asp-Dev XM Events Diary

ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.

5.0
2009-01-20 CVE-2009-0177 Vmware Resource Management Errors vulnerability in VMWare products

vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.

5.0
2009-01-21 CVE-2009-0031 Linux Resource Management Errors vulnerability in Linux Kernel

Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree."

4.9
2009-01-20 CVE-2008-5913 Mozilla Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

4.9
2009-01-21 CVE-2008-3866 Trend Micro Improper Authentication vulnerability in Trend Micro products

The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.

4.6
2009-01-21 CVE-2008-5916 GIT Permissions, Privileges, and Access Controls vulnerability in GIT

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.

4.6
2009-01-23 CVE-2009-0260 Moinmoin Cross-Site Scripting vulnerability in Moinmoin

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

4.3
2009-01-23 CVE-2008-5961 Tribiq Cross-Site Scripting vulnerability in Tribiq CMS 5.0.10B/5.0.11E

Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action.

4.3
2009-01-22 CVE-2009-0257 Typo3 Cross-Site Scripting vulnerability in Typo3

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.

4.3
2009-01-22 CVE-2009-0057 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."

4.3
2009-01-22 CVE-2009-0248 Katywhitton Cross-Site Scripting vulnerability in Katywhitton Rankem

Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.

4.3
2009-01-22 CVE-2009-0247 53Kf Cross-Site Scripting vulnerability in 53Kf web IM 2009 NIL

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable.

4.3
2009-01-22 CVE-2008-5942 Modxcms Cross-Site Scripting vulnerability in Modxcms

Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.

4.3
2009-01-22 CVE-2008-5939 Modxcms Cross-Site Scripting vulnerability in Modxcms

Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php.

4.3
2009-01-22 CVE-2009-0245 Usagi Cross-Site Scripting vulnerability in Usagi Mynets

Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629.

4.3
2009-01-21 CVE-2009-0026 Apache Cross-Site Scripting vulnerability in Apache Jackrabbit 1.4/1.5.0

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

4.3
2009-01-21 CVE-2008-5933 Cmsisweb Cross-Site Scripting vulnerability in Cmsisweb CMS Isweb 3.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter.

4.3
2009-01-21 CVE-2008-5918 Tigris Cross-Site Scripting vulnerability in Tigris Websvn

Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-01-21 CVE-2008-5917 Horde
Microsoft
Cross-Site Scripting vulnerability in Horde Application Framework 3.2.2/3.3

Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.

4.3
2009-01-20 CVE-2009-0179 Igno Saitz Remote Denial of Service vulnerability in libmikmod '.XM' File

libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.

4.3
2009-01-20 CVE-2007-6720 Igno Saitz Sound Channel Media Playback Remote Denial of Service vulnerability in libmikmod

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.

4.3

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-21 CVE-2009-0240 Tigris Permissions, Privileges, and Access Controls vulnerability in Tigris Websvn 2.0

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

3.5
2009-01-22 CVE-2008-5944 Navboard Cross-Site Scripting vulnerability in Navboard 16

Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.

2.6
2009-01-20 CVE-2008-5915 Google Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information.

2.1
2009-01-20 CVE-2008-5914 Apple Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information.

2.1
2009-01-20 CVE-2008-5912 Microsoft Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain

An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information.

2.1
2009-01-20 CVE-2008-2368 Redhat Credentials Management vulnerability in Redhat Certificate System 7.2

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

2.1
2009-01-20 CVE-2008-2367 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Certificate System 7.2

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.

2.1