Weekly Vulnerabilities Reports > January 26 to February 1, 2009

Overview

134 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 54 high severity vulnerabilities. This weekly summary report vulnerabilities in 150 products from 103 vendors including SUN, Microsoft, Gnome, Activewebsoftwares, and Katywhitton. Vulnerabilities are notably categorized as "SQL Injection", "Path Traversal", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".

  • 114 reported vulnerabilities are remotely exploitables.
  • 66 reported vulnerabilities have public exploit available.
  • 75 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 123 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-29 CVE-2009-0345 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Fire X2100 M2 and Fire X2200 M2

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.

10.0
2009-01-29 CVE-2009-0344 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Fire X2100 M2 and Fire X2200 M2

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.

10.0
2009-01-28 CVE-2009-0323 W3 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3 Amaya

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable.

10.0
2009-01-28 CVE-2008-6005 W3C Buffer Errors vulnerability in W3C Amaya web Browser 10.0.1/11.0.1

Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs.

10.0
2009-01-28 CVE-2009-0042 Broadcom
CA
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
10.0
2009-01-27 CVE-2009-0311 EMC Improper Input Validation vulnerability in EMC Autostart 5.3

The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.

10.0
2009-01-27 CVE-2008-5982 BMC USE of Externally-Controlled Format String vulnerability in BMC Patrol Agent

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

10.0
2009-01-26 CVE-2009-0270 Fujitsu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fujitsu Systemcastwizard Lite

Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.

10.0
2009-01-26 CVE-2009-0264 Fujitsu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fujitsu Systemcastwizard Lite

Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.

10.0
2009-01-29 CVE-2009-0350 Merak Buffer Errors vulnerability in Merak Media Player 3.2

Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip.

9.3
2009-01-29 CVE-2009-0349 Ftpshell Buffer Errors vulnerability in Ftpshell Server 4.3

Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.

9.3
2009-01-29 CVE-2009-0341 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 7

The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.

9.3
2009-01-27 CVE-2009-0298 MW6 Technologies Buffer Errors vulnerability in MW6 Technologies Barcode Activex 3.0.0.1

Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.

9.3
2009-01-27 CVE-2009-0282 Ralinktech
Microsoft
Numeric Errors vulnerability in Ralinktech Rt73 3.08

Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.

9.3
2009-01-26 CVE-2009-0266 Trilogic Buffer Errors vulnerability in Trilogic Media Player 8.0.0.0

Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file.

9.3
2009-01-26 CVE-2008-5260 Axis Buffer Errors vulnerability in Axis Camera Control 2.40.0.0

Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.

9.3
2009-01-29 CVE-2009-0351 Wftpserver Buffer Errors vulnerability in Wftpserver Winftp FTP Server 2.3.0

Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.

9.0
2009-01-27 CVE-2007-2795 Ipswitch Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ipswitch Imail

Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.

9.0

54 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-30 CVE-2009-0034 Gratisoft
Vmware
Incorrect Authorization vulnerability in multiple products

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.

7.8
2009-01-29 CVE-2009-0331 Quirm Path Traversal vulnerability in Quirm Espg 1.72

Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a ..

7.8
2009-01-28 CVE-2008-5997 Ocp2 Path Traversal vulnerability in Ocp2 Omnicom Content Platform 2.0

Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter.

7.8
2009-01-27 CVE-2009-0304 SUN Remote Denial of Service vulnerability in SUN Opensolaris and Solaris

The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.

7.8
2009-01-27 CVE-2009-0277 SUN Local Denial of Service vulnerability in SUN Opensolaris Snv100/Snv101/Snv102

Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.

7.8
2009-01-30 CVE-2009-0373 Elearningforce
Joomla
SQL Injection vulnerability in Elearningforce Flash Magazine Deluxe NIL

SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.

7.5
2009-01-30 CVE-2008-6016 Editeurscripts SQL Injection vulnerability in Editeurscripts Esfaq 2.0

SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952.

7.5
2009-01-30 CVE-2008-6015 Editeurscripts SQL Injection vulnerability in Editeurscripts Esfaq 2.0

Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters.

7.5
2009-01-30 CVE-2008-6014 Rianxosencabos CMS SQL Injection vulnerability in Rianxosencabos CMS Rianxosencabos CMS 0.9

SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-30 CVE-2008-6013 Openfreeway SQL Injection vulnerability in Openfreeway Freeway

Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages.

7.5
2009-01-30 CVE-2008-6011 SG Real Estate Portal SQL Injection vulnerability in SG Real Estate Portal SG Real Estate Portal 2.0

SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

7.5
2009-01-30 CVE-2008-6009 SG Real Estate Portal Improper Authentication vulnerability in SG Real Estate Portal SG Real Estate Portal 2.0

SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.

7.5
2009-01-30 CVE-2008-6007 Quidascript SQL Injection vulnerability in Quidascript Bookmarks Favourites Script NIL

SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-30 CVE-2008-6006 Minbank Code Injection vulnerability in Minbank Micronation Banking System 1.5.0

Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.

7.5
2009-01-29 CVE-2009-0339 Dmxready SQL Injection vulnerability in Dmxready Blog Manager NIL

SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.

7.5
2009-01-29 CVE-2009-0337 Katywhitton SQL Injection vulnerability in Katywhitton Blogit! NIL

SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.

7.5
2009-01-29 CVE-2009-0334 Katywhitton SQL Injection vulnerability in Katywhitton Blogit! NIL

SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.

7.5
2009-01-29 CVE-2009-0333 Joomla SQL Injection vulnerability in Joomla COM Waticketsystem

SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.

7.5
2009-01-29 CVE-2009-0332 Avbooklibrary SQL Injection vulnerability in Avbooklibrary 1.0.0/1.0.1

Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.

7.5
2009-01-29 CVE-2009-0329 Joomla SQL Injection vulnerability in Joomla COM Pccookbook

SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.

7.5
2009-01-29 CVE-2009-0326 Dark AGE CMS SQL Injection vulnerability in Dark AGE CMS Dark AGE CMS 0.2C

SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2009-01-29 CVE-2009-0324 Bibciter SQL Injection vulnerability in Bibciter 1.4

Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.

7.5
2009-01-28 CVE-2008-6003 AJ Square SQL Injection vulnerability in AJ Square AJ Auction 2.0

SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.

7.5
2009-01-28 CVE-2008-6001 Adnforum Permissions, Privileges, and Access Controls vulnerability in Adnforum

index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string.

7.5
2009-01-28 CVE-2008-5993 Barcodephp Path Traversal vulnerability in Barcodephp Barcodegen 1D 1.2.4/1.3.0

Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-01-28 CVE-2008-5992 Jetik SQL Injection vulnerability in Jetik Emlak Sistem A 2.0

Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.

7.5
2009-01-28 CVE-2008-5991 Mailscanner
Mailwatch
Path Traversal vulnerability in Mailwatch

Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-01-28 CVE-2008-5988 Jadu SQL Injection vulnerability in Jadu CMS FOR Government

SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-27 CVE-2009-0299 Groonesworld SQL Injection vulnerability in Groonesworld Glinks 2.1

SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-01-27 CVE-2009-0297 Clicktech SQL Injection vulnerability in Clicktech Clickauction NIL

SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters.

7.5
2009-01-27 CVE-2009-0296 Gempar SQL Injection vulnerability in Gempar Script Toko Online 5.01

SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2009-01-27 CVE-2009-0293 Wazzum SQL Injection vulnerability in Wazzum Dating Software NIL

SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.

7.5
2009-01-27 CVE-2009-0292 Shop Inet SQL Injection vulnerability in Shop-Inet 4.0

SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.

7.5
2009-01-27 CVE-2009-0291 Openx Path Traversal vulnerability in Openx 2.6.3

Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a ..

7.5
2009-01-27 CVE-2009-0287 Keep Toolkit SQL Injection vulnerability in Keep Toolkit Keep Toolkit 2.1

SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.

7.5
2009-01-27 CVE-2009-0281 Warhound SQL Injection vulnerability in Warhound Walking Club

SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2009-01-27 CVE-2009-0280 ASP Project Improper Authentication vulnerability in Asp-Project 1.0

Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.

7.5
2009-01-27 CVE-2009-0279 Pardalcms SQL Injection vulnerability in Pardalcms

SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-27 CVE-2008-5978 Ocean12 Technologies SQL Injection vulnerability in Ocean12 Technologies Mailing List Manager NIL

Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.

7.5
2009-01-27 CVE-2008-5977 Preprojects SQL Injection vulnerability in Preprojects PHP Jobwebsite PRO

SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.

7.5
2009-01-27 CVE-2008-5975 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Price Comparison 4.0

SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

7.5
2009-01-27 CVE-2008-5974 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Price Comparison 4.0

Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.

7.5
2009-01-27 CVE-2008-5973 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active web Mail 4.0

SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2009-01-27 CVE-2008-5972 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Business Directory 2

SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2009-01-27 CVE-2008-5969 Sunbyte SQL Injection vulnerability in Sunbyte E-Flower NIL

SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-26 CVE-2008-5968 Phpicalendar Path Traversal vulnerability in PHPicalendar

Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-01-26 CVE-2008-5967 Phpicalendar Improper Authentication vulnerability in PHPicalendar

admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.

7.5
2009-01-26 CVE-2008-5966 Globsy Improper Input Validation vulnerability in Globsy

globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.

7.5
2009-01-26 CVE-2009-0265 ISC Unchecked Return Value vulnerability in ISC Bind

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.

7.5
2009-01-30 CVE-2009-0370 IBM Unspecified vulnerability in IBM AIX

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."

7.2
2009-01-29 CVE-2009-0343 Niels Provos
Linux
Permissions, Privileges, and Access Controls vulnerability in Niels Provos Systrace

Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.

7.2
2009-01-29 CVE-2009-0342 Provos
Linux
Permissions, Privileges, and Access Controls vulnerability in Provos Systrace

Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.

7.2
2009-01-28 CVE-2008-6000 Gdata Resource Management Errors vulnerability in Gdata products

The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents.

7.2
2009-01-28 CVE-2008-6002 WEB CP Path Traversal vulnerability in Web-Cp 0.5.7

Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter.

7.1

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-28 CVE-2009-0319 SUN Local Code Execution vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."

6.9
2009-01-28 CVE-2009-0318 Gnome Remote Command Execution vulnerability in Gnumeric 'PySys_SetArgv'

Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2009-0317 Gnome Remote Command Execution vulnerability in Nautilus 'PySys_SetArgv'

Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2009-0316 VIM Remote Command Execution vulnerability in Vim 'PySys_SetArgv'

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

6.9
2009-01-28 CVE-2009-0315 Xchat Remote Command Execution vulnerability in XChat 'PySys_SetArgv'

Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2009-0314 Gnome
Fedoraproject
Untrusted Search Path vulnerability in multiple products

Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2008-5987 Gnome Remote Command Execution vulnerability in Gnome EOG 2.22.3

Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2008-5986 Csound Remote Command Execution vulnerability in Csound 5.08.2

Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2008-5985 Gnome Remote Command Execution vulnerability in Gnome Epiphany 2.22.3

Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2008-5984 DIA Remote Command Execution vulnerability in DIA 0.96.1

Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.9
2009-01-28 CVE-2009-0313 Kegel Link Following vulnerability in Kegel Winetricks 20081127

winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.

6.9
2009-01-27 CVE-2009-0032 Apple
Mandriva
Link Following vulnerability in Apple Cups

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

6.9
2009-01-30 CVE-2009-0371 Sitexs CMS Path Traversal vulnerability in Sitexs CMS Sitexs CMS 0.1

Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-01-29 CVE-2009-0340 Quirm Path Traversal vulnerability in Quirm Simple PHP Newsletter 1.5

Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a ..

6.8
2009-01-29 CVE-2009-0330 WSS PRO Path Traversal vulnerability in Wss-Pro Scms 1

Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.

6.8
2009-01-28 CVE-2008-5990 Eduforge Path Traversal vulnerability in Eduforge Emergecolab 1.0

Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-01-28 CVE-2008-5989 Phpcounter Path Traversal vulnerability in PHPcounter

Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-01-27 CVE-2009-0301 Grid2000 Arbitrary File Overwrite vulnerability in Grid2000 Flexcell Grid Control 5.6.9

Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.

6.8
2009-01-27 CVE-2009-0295 Itlpoll SQL Injection vulnerability in Itlpoll Itpoll 2.7

SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2009-01-27 CVE-2009-0294 Webmobo Code Injection vulnerability in Webmobo Wbnews 2.0.1

Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.

6.8
2009-01-27 CVE-2009-0290 SIR Path Traversal vulnerability in SIR Gnuboard 4.31.03

Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-01-30 CVE-2009-0372 Memht Improper Input Validation vulnerability in Memht Portal

Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.

6.5
2009-01-27 CVE-2008-5970 I Netsolution SQL Injection vulnerability in I-Netsolution Orkut Clone NIL

SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

6.5
2009-01-26 CVE-2009-0275 Ryneezy Code Injection vulnerability in Ryneezy Phosheezy 0.2

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter.

6.5
2009-01-30 CVE-2008-5082 Redhat Improper Authentication vulnerability in Redhat Dogtag Certificate System and Certificate System

The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.

6.0
2009-01-28 CVE-2008-5998 Drupal SQL Injection vulnerability in Drupal Ajax Checklist 5.X1.0

Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.

6.0
2009-01-29 CVE-2009-0347 Autonomy Link Following vulnerability in Autonomy Ultraseek NIL

Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

5.8
2009-01-30 CVE-2008-6010 SG Real Estate Portal Path Traversal vulnerability in SG Real Estate Portal SG Real Estate Portal 2.0

Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a ..

5.0
2009-01-30 CVE-2008-6008 Herongyang Permissions, Privileges, and Access Controls vulnerability in Herongyang Hybook NIL

hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.

5.0
2009-01-29 CVE-2009-0348 SUN Information Exposure vulnerability in SUN Java System Access Manager 6.32005Q1/7.1/72005Q4

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5.0
2009-01-29 CVE-2009-0336 Katywhitton Permissions, Privileges, and Access Controls vulnerability in Katywhitton Blogit! NIL

Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb.

5.0
2009-01-29 CVE-2009-0328 Robs Projects Permissions, Privileges, and Access Controls vulnerability in Robs-Projects Digital Sales IPN NIL

ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.

5.0
2009-01-27 CVE-2009-0278 SUN Information Exposure vulnerability in SUN Java System Application Server 8.1/8.2

Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.

5.0
2009-01-27 CVE-2008-5981 Pacosdrivers Permissions, Privileges, and Access Controls vulnerability in Pacosdrivers Pacpoll 4.0

PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb.

5.0
2009-01-27 CVE-2008-5980 Ocean12 Technologies Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Mailing List Manager NIL

Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.

5.0
2009-01-26 CVE-2008-5965 Lokicms Path Traversal vulnerability in Lokicms

Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a ..

5.0
2009-01-26 CVE-2009-0271 Fujitsu Path Traversal vulnerability in Fujitsu Systemcastwizard Lite

Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.

5.0
2009-01-26 CVE-2009-0267 SUN Improper Input Validation vulnerability in SUN Opensolaris and Solaris

libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.

5.0
2009-01-29 CVE-2009-0346 SUN Cryptographic Issues vulnerability in SUN Opensolaris and Solaris

The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.

4.9
2009-01-26 CVE-2009-0268 SUN Race Condition vulnerability in SUN Opensolaris and Solaris

Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.

4.9
2009-01-27 CVE-2009-0302 PHP Nuke SQL Injection vulnerability in PHP-Nuke Downloads Module 8.0

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.

4.6
2009-01-30 CVE-2009-0369 Microsoft Remote Security vulnerability in Microsoft Internet Explorer 7

Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.

4.3
2009-01-30 CVE-2009-0204 HP Cross-Site Scripting vulnerability in HP Select Access 6.1/6.2

Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-01-30 CVE-2008-6012 Hardkap Path Traversal vulnerability in Hardkap Pritlog 0.2/0.3

Directory traversal vulnerability in index.php in Pritlog 0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2009-01-29 CVE-2009-0338 Dmxready Cross-Site Scripting vulnerability in Dmxready Blog Manager NIL

Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.

4.3
2009-01-29 CVE-2009-0335 Katywhitton Cross-Site Scripting vulnerability in Katywhitton Blogit! NIL

Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.

4.3
2009-01-28 CVE-2009-0321 Apple
Microsoft
Link Following vulnerability in Apple Safari 3.2.1

Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) .

4.3
2009-01-28 CVE-2008-3358 SAP
Microsoft
Cross-Site Scripting vulnerability in SAP Netweaver

Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.

4.3
2009-01-28 CVE-2008-6004 AJ Square Cross-Site Scripting vulnerability in AJ Square AJ Auction 2.0

Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.

4.3
2009-01-28 CVE-2008-5995 Typo3 Cross-Site Scripting vulnerability in Typo3 Freecap Captcha Extension 1.0.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-01-28 CVE-2008-5994 Checkpoint Cross-Site Scripting vulnerability in Checkpoint Connectra NGX R62

Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

4.3
2009-01-28 CVE-2009-0312 Moinmoin Cross-Site Scripting vulnerability in Moinmoin 1.7.0/1.8.1

Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.

4.3
2009-01-27 CVE-2009-0303 Webhelpdesk Cross-Site Scripting vulnerability in Webhelpdesk web Help Desk

Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa.

4.3
2009-01-27 CVE-2009-0285 Bbsxp Cross-Site Scripting vulnerability in Bbsxp

Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2009-01-27 CVE-2009-0283 Aobosoft Cross-Site Scripting vulnerability in Aobosoft Oblog

Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2009-01-27 CVE-2008-5979 Ocean12 Technologies Cross-Site Scripting vulnerability in Ocean12 Technologies Mailing List Manager NIL

Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.

4.3
2009-01-27 CVE-2008-5976 Preprojects Cross-Site Scripting vulnerability in Preprojects PHP Jobwebsite PRO

Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.

4.3
2009-01-27 CVE-2008-5971 I Netsolution Cross-Site Scripting vulnerability in I-Netsolution Orkut Clone NIL

Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.

4.3
2009-01-28 CVE-2009-0320 Microsoft Race Condition vulnerability in Microsoft products

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-28 CVE-2008-5999 Drupal Cross-Site Scripting vulnerability in Drupal Ajax Checklist 5.X1.0

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.

3.5
2009-01-28 CVE-2008-5996 Link3
Drupal
Cross-Site Scripting vulnerability in Link3 Simplenews

Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.

3.5
2009-01-27 CVE-2009-0286 Opengoo Path Traversal vulnerability in Opengoo 1.1

Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

2.6