Weekly Vulnerabilities Reports > February 9 to 15, 2009

Overview

183 new vulnerabilities reported during this period, including 28 critical vulnerabilities and 59 high severity vulnerabilities. This weekly summary report vulnerabilities in 134 products from 109 vendors including Apple, IBM, Microsoft, Mozilla, and Mozilo. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 162 reported vulnerabilities are remotely exploitables.
  • 79 reported vulnerabilities have public exploit available.
  • 88 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 178 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

28 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-13 CVE-2009-0216 GE Fanuc Credentials Management vulnerability in GE Fanuc Ifix

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.

10.0
2009-02-13 CVE-2009-0138 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.

10.0
2009-02-13 CVE-2009-0137 Apple
Microsoft
Improper Input Validation vulnerability in Apple Safari

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."

10.0
2009-02-13 CVE-2009-0012 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.

10.0
2009-02-12 CVE-2009-0545 Zeroshell Improper Input Validation vulnerability in Zeroshell 1.0

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.

10.0
2009-02-12 CVE-2009-0544 Pycrypto Buffer Errors vulnerability in Pycrypto Arc2 2.0.1

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.

10.0
2009-02-11 CVE-2008-6110 Semanticscuttle Remote Security vulnerability in SemantecScuttle

Unspecified vulnerability in SemanticScuttle before 0.90 has unknown impact and attack vectors related to improper validation of parameters to profile.php.

10.0
2009-02-11 CVE-2009-0517 Phpslash Code Injection vulnerability in PHPslash

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class.

10.0
2009-02-10 CVE-2008-4283 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

10.0
2009-02-10 CVE-2008-6071 Graphicsmagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Graphicsmagick

Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.

10.0
2009-02-10 CVE-2009-0492 Simpleircbot Improper Authentication vulnerability in Simpleircbot 1.0

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."

10.0
2009-02-13 CVE-2009-0569 Rimarts Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rimarts Becky! Internet Mail

Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request.

9.3
2009-02-13 CVE-2009-0140 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.

9.3
2009-02-13 CVE-2009-0139 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.

9.3
2009-02-12 CVE-2009-0546 Newsgator Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Newsgator Feeddemon

Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.

9.3
2009-02-10 CVE-2009-0305 Research IN Motion Limited
Microsoft
Buffer Errors vulnerability in Research in Motion Limited Blackberry Application web Loader 1.0

Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.

9.3
2009-02-10 CVE-2009-0098 Microsoft Resource Management Errors vulnerability in Microsoft Exchange Server 2000/2003/2007

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

9.3
2009-02-10 CVE-2009-0097 Microsoft Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007

Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."

9.3
2009-02-10 CVE-2009-0096 Microsoft Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."

9.3
2009-02-10 CVE-2009-0095 Microsoft Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."

9.3
2009-02-10 CVE-2009-0076 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 7

Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."

9.3
2009-02-10 CVE-2009-0075 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 7

Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2009-02-10 CVE-2009-0465 Synactis Improper Input Validation vulnerability in Synactis ALL in the Box.Ocx 3

The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.

9.3
2009-02-10 CVE-2009-0450 Blazevideo Buffer Errors vulnerability in Blazevideo Hdtv Player 2.1

Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.

9.3
2009-02-10 CVE-2009-0443 Elecard Buffer Errors vulnerability in Elecard AVC HD Player 5.5.90116

Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL.

9.3
2009-02-10 CVE-2008-6070 Graphicsmagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Graphicsmagick

Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770.

9.3
2009-02-10 CVE-2009-0491 Elecard Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Elecard Mpeg Player

Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.

9.3
2009-02-10 CVE-2009-0490 Audacity Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Audacity

Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.

9.3

59 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-13 CVE-2009-0576 SUN Denial Of Service vulnerability in Sun Java System Directory Server LDAP Request

Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.

7.8
2009-02-13 CVE-2009-0020 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.

7.8
2009-02-13 CVE-2009-0018 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.

7.8
2009-02-11 CVE-2008-6122 Netgear Improper Input Validation vulnerability in Netgear Wgr614 V8/V9

The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").

7.8
2009-02-14 CVE-2008-6138 Webbiscuits Code Injection vulnerability in Webbiscuits Modules Controller

PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.

7.5
2009-02-14 CVE-2008-6137 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Everyblog 5.0/6.0

EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors.

7.5
2009-02-14 CVE-2008-6136 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Everyblog 5.0/6.0

Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors.

7.5
2009-02-14 CVE-2008-6134 Drupal SQL Injection vulnerability in Drupal Everyblog 5.0/6.0

SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-02-13 CVE-2008-6133 Ozsari SQL Injection vulnerability in Ozsari Full PHP Emlak Script

SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942.

7.5
2009-02-13 CVE-2009-0574 Cafeengine SQL Injection vulnerability in Cafeengine Easycafeengine

SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.

7.5
2009-02-13 CVE-2008-6124 Moodle
Debian
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

7.5
2009-02-13 CVE-2009-0019 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.

7.5
2009-02-12 CVE-2009-0542 Proftpd Project SQL Injection vulnerability in Proftpd Project Proftpd 1.3.1/1.3.2/1.3.2Rc2

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

7.5
2009-02-11 CVE-2009-0535 Extrosoft Path Traversal vulnerability in Extrosoft Thyme 1.3

Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a ..

7.5
2009-02-11 CVE-2009-0534 Flexcms SQL Injection vulnerability in Flexcms

SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.

7.5
2009-02-11 CVE-2009-0531 Ontarioabandonedplaces SQL Injection vulnerability in Ontarioabandonedplaces A Better Member-Based ASP Photo Gallery

SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.

7.5
2009-02-11 CVE-2009-0528 Rhadrix SQL Injection vulnerability in Rhadrix If-Cms

SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-02-11 CVE-2008-6121 Socialengine Improper Input Validation vulnerability in Socialengine

CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.

7.5
2009-02-11 CVE-2008-6120 Socialengine SQL Injection vulnerability in Socialengine

SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.

7.5
2009-02-11 CVE-2008-6119 Goople CMS Improper Input Validation vulnerability in Goople CMS Goople CMS 1.7

Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters.

7.5
2009-02-11 CVE-2008-6118 Goople CMS Improper Authentication vulnerability in Goople CMS Goople CMS 1.7

win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.

7.5
2009-02-11 CVE-2008-6117 Pilotgroup SQL Injection vulnerability in Pilotgroup PG JOB Site PRO

SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.

7.5
2009-02-11 CVE-2008-6116 Extrosoft
Joomla
SQL Injection vulnerability in Extrosoft COM Thyme 1.0

SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.

7.5
2009-02-11 CVE-2008-6115 Prozilla SQL Injection vulnerability in Prozilla Hosting Index

SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.

7.5
2009-02-11 CVE-2008-6114 Mytipper
E107
SQL Injection vulnerability in Mytipper Zogo Shop 1.15.4

SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.

7.5
2009-02-11 CVE-2008-6111 Netart Media SQL Injection vulnerability in Netart Media Vlog System 1.1

SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.

7.5
2009-02-11 CVE-2009-0516 Businessspace SQL Injection vulnerability in Businessspace

SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2009-02-11 CVE-2009-0514 Webframe Path Traversal vulnerability in Webframe 0.76

Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php.

7.5
2009-02-11 CVE-2009-0513 Webframe Code Injection vulnerability in Webframe 0.76

Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/.

7.5
2009-02-10 CVE-2008-6104 A4Desk SQL Injection vulnerability in A4Desk Flash Event Calendar

SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.

7.5
2009-02-10 CVE-2008-6102 Ezonescripts SQL Injection vulnerability in Ezonescripts Link Trader Script

SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.

7.5
2009-02-10 CVE-2008-6101 Ezonescripts SQL Injection vulnerability in Ezonescripts Adult Banner Exchange Website

SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.

7.5
2009-02-10 CVE-2008-6099 Rportal Code Injection vulnerability in Rportal

PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter.

7.5
2009-02-10 CVE-2009-0469 Futomis CGI Cafe Permissions, Privileges, and Access Controls vulnerability in Futomis CGI Cafe Fulltext Search CGI 1.1.2

Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.

7.5
2009-02-10 CVE-2009-0462 Clicktech SQL Injection vulnerability in Clicktech Clickcart 6.0

Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp.

7.5
2009-02-10 CVE-2009-0461 Wholehogsoftware Improper Authentication vulnerability in Wholehogsoftware Password Protect 1.0

Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.

7.5
2009-02-10 CVE-2009-0460 Wholehogsoftware Improper Authentication vulnerability in Wholehogsoftware Ware Support 1.0

Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.

7.5
2009-02-10 CVE-2009-0459 Wholehogsoftware SQL Injection vulnerability in Wholehogsoftware Password Protect 1.0

Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field).

7.5
2009-02-10 CVE-2009-0458 Wholehogsoftware SQL Injection vulnerability in Wholehogsoftware Ware Support 1.0

Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field).

7.5
2009-02-10 CVE-2009-0457 Magtrb Path Traversal vulnerability in Magtrb AJA Portal 1.2

Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.

7.5
2009-02-10 CVE-2009-0456 Sourdough Code Injection vulnerability in Sourdough 0.3.5

PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter.

7.5
2009-02-10 CVE-2009-0454 Dmxready SQL Injection vulnerability in Dmxready Online Notebook Manager 1.1

Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.

7.5
2009-02-10 CVE-2009-0451 Skalinks SQL Injection vulnerability in Skalinks 1.5

SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attackers to execute arbitrary SQL commands via the Admin name field to the default URI under admin/.

7.5
2009-02-10 CVE-2009-0448 Syntax Desktop Path Traversal vulnerability in Syntax Desktop Syntax Desktop 2.7

Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-02-10 CVE-2009-0447 Aspindir SQL Injection vulnerability in Aspindir Mydesign Sayac 2.0

Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/.

7.5
2009-02-10 CVE-2009-0446 WEB Album SQL Injection vulnerability in Web-Album Webalbum 2.4B

SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-02-10 CVE-2009-0445 Dreampics SQL Injection vulnerability in Dreampics Gallery Builder

SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.

7.5
2009-02-10 CVE-2009-0444 Sirini Code Injection vulnerability in Sirini Grboard 1.8

Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php.

7.5
2009-02-10 CVE-2008-6068 WEB Design Hero
Joomla
SQL Injection vulnerability in web Design Hero Joomladate 1.2

SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.

7.5
2009-02-10 CVE-2009-0495 It747 Code Injection vulnerability in It747 Realtor 747 4.11

PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter.

7.5
2009-02-10 CVE-2009-0494 Mivaco
Joomla
SQL Injection vulnerability in Mivaco COM Portfol 1.2

SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.

7.5
2009-02-10 CVE-2009-0493 Martin Unzner SQL Injection vulnerability in Martin Unzner It!Cms

SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.

7.5
2009-02-09 CVE-2009-0486 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla 3.0.7/3.2.1/3.3.2

Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.

7.5
2009-02-09 CVE-2008-6092 Phpscripts Improper Authentication vulnerability in PHPscripts Ranking-Script

phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.

7.5
2009-02-09 CVE-2009-0479 Onlinegrades SQL Injection vulnerability in Onlinegrades Online Grades 3.2.4

Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter.

7.5
2009-02-13 CVE-2009-0017 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.

7.2
2009-02-13 CVE-2009-0011 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.

7.2
2009-02-10 CVE-2009-0436 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

7.2
2009-02-10 CVE-2009-0449 Kaspersky LAB Buffer Errors vulnerability in Kaspersky LAB Kaspersky Anti-Virus 2008/6.0

Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.

7.2

85 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-13 CVE-2008-6132 Brickhost Code Injection vulnerability in Brickhost PHPscheduleit

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.

6.8
2009-02-13 CVE-2008-6128 Mozilo Improper Authentication vulnerability in Mozilo Mozilocms

Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

6.8
2009-02-13 CVE-2009-0009 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.

6.8
2009-02-12 CVE-2009-0543 Proftpd SQL Injection vulnerability in Proftpd 1.3.1

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

6.8
2009-02-11 CVE-2009-0530 Electrictoad Code Injection vulnerability in Electrictoad Snippetmaster Webpage Editor 2.2.2

Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php.

6.8
2009-02-11 CVE-2009-0527 Adaptcms Code Injection vulnerability in Adaptcms 1.4

PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

6.8
2009-02-11 CVE-2009-0515 Yanocc Path Traversal vulnerability in Yanocc

Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-02-11 CVE-2009-0475 Android Numeric Errors vulnerability in Android Opencore 2.0

Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.

6.8
2009-02-10 CVE-2008-6106 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors.

6.8
2009-02-10 CVE-2008-6103 A4Desk Code Injection vulnerability in A4Desk Flash Event Calendar

PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.

6.8
2009-02-10 CVE-2008-6100 Berlios SQL Injection vulnerability in Berlios Discussion Forum 2K 3.3

Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php.

6.8
2009-02-10 CVE-2009-0468 Armorlogic Cross-Site Request Forgery (CSRF) vulnerability in Armorlogic Profense web Application Firewall 2.6.2/2.6.3

Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.

6.8
2009-02-10 CVE-2009-0463 Groonesworld Code Injection vulnerability in Groonesworld Glinks 2.1

PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

6.8
2009-02-10 CVE-2009-0452 Onlinegrades SQL Injection vulnerability in Onlinegrades Online Grades 3.2.4

Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.

6.8
2009-02-10 CVE-2009-0442 Phpbbbook Path Traversal vulnerability in PHPbbbook 1.3/1.3H

Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-02-10 CVE-2009-0441 Technote Code Injection vulnerability in Technote 7.2

PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138.

6.8
2009-02-10 CVE-2008-6069 123Flashchat
E107
SQL Injection vulnerability in 123Flashchat Echat Plugin 4.2

SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.

6.8
2009-02-09 CVE-2008-6093 Noname CMS SQL Injection vulnerability in Noname-Cms Noname CMS 1.0

SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action.

6.8
2009-02-09 CVE-2008-6091 Bmforum SQL Injection vulnerability in Bmforum 5.6

SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter.

6.8
2009-02-13 CVE-2008-6125 Moodle
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.

6.5
2009-02-10 CVE-2009-0499 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.

6.4
2009-02-13 CVE-2009-0360 Eyrie Improper Authentication vulnerability in Eyrie Pam-Krb5

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

6.2
2009-02-13 CVE-2008-6131 Mozilo Improper Authentication vulnerability in Mozilo Mozilowiki

Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

6.0
2009-02-10 CVE-2008-4284 IBM Link Following vulnerability in IBM Websphere Application Server

Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.

5.8
2009-02-09 CVE-2009-0485 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.

5.8
2009-02-09 CVE-2009-0484 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.

5.8
2009-02-09 CVE-2009-0483 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.

5.8
2009-02-09 CVE-2009-0482 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.

5.8
2009-02-13 CVE-2009-0572 Flatnux Code Injection vulnerability in Flatnux 20090127/20090204

PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php.

5.1
2009-02-13 CVE-2009-0570 Ninjadesigns Path Traversal vulnerability in Ninjadesigns Mailist 3.0

Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2009-02-10 CVE-2009-0464 Groonesworld Code Injection vulnerability in Groonesworld Gbook 2.0

PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

5.1
2009-02-14 CVE-2008-6141 Avaya Resource Management Errors vulnerability in Avaya IP Soft Phone 6.0/6.01.85

Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data.

5.0
2009-02-14 CVE-2008-6140 Avaya Remote Denial Of Service vulnerability in Avaya One-X 2.1.0.78

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

5.0
2009-02-14 CVE-2008-6139 Webbiscuits Path Traversal vulnerability in Webbiscuits Modules Controller 1.1

Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a ..

5.0
2009-02-13 CVE-2008-6126 Mozilo Path Traversal vulnerability in Mozilo Mozilocms

Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2009-02-13 CVE-2009-0571 Ninjadesigns Permissions, Privileges, and Access Controls vulnerability in Ninjadesigns Mailist 3.0

admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.

5.0
2009-02-12 CVE-2009-0547 Evolution Cryptographic Issues vulnerability in Evolution 2.22.3.1

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.

5.0
2009-02-12 CVE-2008-6123 NET Snmp Improper Input Validation vulnerability in Net-Snmp and NET Snmp

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

5.0
2009-02-11 CVE-2008-6112 Scriptsez Path Traversal vulnerability in Scriptsez EZ Ringtone Manager

Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a ..

5.0
2009-02-10 CVE-2009-0438 IBM
Microsoft
Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 7.0

IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request.

5.0
2009-02-10 CVE-2009-0435 IBM Multiple vulnerability in IBM WebSphere Application Server

Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods.

5.0
2009-02-10 CVE-2009-0432 IBM Configuration vulnerability in IBM Websphere Application Server

The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2009-02-10 CVE-2009-0099 Microsoft Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007

The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."

5.0
2009-02-10 CVE-2009-0453 Onlinegrades Information Exposure vulnerability in Onlinegrades Online Grades 3.2.4

Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

5.0
2009-02-10 CVE-2008-6072 Graphicsmagick Remote vulnerability in GraphicsMagick

Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images.

5.0
2009-02-10 CVE-2009-0501 Moodle Unspecified vulnerability in Moodle

Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.

5.0
2009-02-10 CVE-2009-0498 Minitdesign Permissions, Privileges, and Access Controls vulnerability in Minitdesign Virtual Guestbook 2.1

Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb.

5.0
2009-02-10 CVE-2009-0497 Igniterealtime Path Traversal vulnerability in Igniterealtime Openfire 3.6.2

Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

5.0
2009-02-13 CVE-2009-0015 Apple Credentials Management vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."

4.9
2009-02-11 CVE-2009-0536 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX

at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.

4.9
2009-02-10 CVE-2008-6107 Linux Resource Management Errors vulnerability in Linux Kernel

The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range (aka span) checks when the mremap MREMAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mremap calls, a related issue to CVE-2008-2137.

4.9
2009-02-10 CVE-2008-6073 Magic2003 Cryptographic Issues vulnerability in Magic2003 Storagecrypt 2.0.1

StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors.

4.9
2009-02-09 CVE-2009-0480 SUN Numeric Errors vulnerability in SUN Opensolaris and Solaris

The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.

4.9
2009-02-13 CVE-2009-0361 Eyrie Permissions, Privileges, and Access Controls vulnerability in Eyrie Pam-Krb5

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.

4.6
2009-02-11 CVE-2008-6109 Shelter Manager Permissions, Privileges, and Access Controls vulnerability in Shelter Manager Animal Shelter Manager

Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI."

4.6
2009-02-11 CVE-2009-0036 Libvirt Buffer Errors vulnerability in Libvirt 0.5.1

Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.

4.4
2009-02-14 CVE-2008-6135 Drupal Cross-Site Scripting vulnerability in Drupal Everyblog 5.0/6.0

Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-02-13 CVE-2008-6130 Mozilo Cross-Site Scripting vulnerability in Mozilo Mozilowiki

Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.

4.3
2009-02-13 CVE-2008-6129 Mozilo Path Traversal vulnerability in Mozilo Mozilowiki

Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and earlier allows remote attackers to read arbitrary files via a ..

4.3
2009-02-13 CVE-2008-6127 Mozilo Cross-Site Scripting vulnerability in Mozilo Mozilocms

Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.

4.3
2009-02-13 CVE-2009-0575 Drupal Cross-Site Scripting vulnerability in Drupal Views Bulk Operations

Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles.

4.3
2009-02-13 CVE-2009-0573 Fotoware Cross-Site Scripting vulnerability in Fotoware Fotoweb 6.0

Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.

4.3
2009-02-12 CVE-2009-0548 Eset Cross-Site Scripting vulnerability in Eset Remote Administrator

Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-02-11 CVE-2009-0533 Scripts FOR Sites Cross-Site Scripting vulnerability in Scripts-For-Sites EZ Reminder

Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter.

4.3
2009-02-11 CVE-2009-0532 Scripts FOR Sites Cross-Site Scripting vulnerability in Scripts-For-Sites EZ Baby

Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter.

4.3
2009-02-11 CVE-2009-0529 Electrictoad Cross-Site Scripting vulnerability in Electrictoad Snippetmaster Webpage Editor 2.2.2

Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

4.3
2009-02-11 CVE-2009-0526 Adaptcms Cross-Site Scripting vulnerability in Adaptcms 1.4

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI.

4.3
2009-02-11 CVE-2009-0525 Modernmethod Cross-Site Scripting vulnerability in Modernmethod Sajax 0.12

Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6.

4.3
2009-02-11 CVE-2008-6113 Semanticscuttle Cross-Site Scripting vulnerability in Semanticscuttle

Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page.

4.3
2009-02-10 CVE-2008-6108 GWM Cross-Site Scripting vulnerability in GWM Galatolo Webmanager 1.0

Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.

4.3
2009-02-10 CVE-2008-6105 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-02-10 CVE-2009-0467 Armorlogic Cross-Site Scripting vulnerability in Armorlogic Profense web Application Firewall 2.6.2/2.6.3

Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.

4.3
2009-02-10 CVE-2009-0466 Vivvo Cross-Site Scripting vulnerability in Vivvo

Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response.

4.3
2009-02-10 CVE-2009-0417 Agavi Cross-Site Scripting vulnerability in Agavi

Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7.

4.3
2009-02-10 CVE-2009-0502 Snoopy
Moodle
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.

4.3
2009-02-10 CVE-2009-0500 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.

4.3
2009-02-10 CVE-2009-0496 Ignite Realtime Cross-Site Scripting vulnerability in Ignite Realtime Openfire 3.6.2

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp.

4.3
2009-02-09 CVE-2009-0488 Phorum Cross-Site Scripting vulnerability in Phorum

Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-02-09 CVE-2009-0487 Mahara Cross-Site Scripting vulnerability in Mahara

Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.

4.3
2009-02-09 CVE-2008-6097 Wikyblog Cross-Site Scripting vulnerability in Wikyblog

Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.

4.3
2009-02-09 CVE-2008-6096 Juniper Cross-Site Scripting vulnerability in Juniper Netscreen Screenos

Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page.

4.3
2009-02-09 CVE-2008-6095 Opennms Cross-Site Scripting vulnerability in Opennms 1.5.94

Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.

4.3
2009-02-09 CVE-2008-6094 Celoxis Cross-Site Scripting vulnerability in Celoxis

Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter.

4.3
2009-02-13 CVE-2009-0362 Fail2Ban Improper Authentication vulnerability in Fail2Ban 0.8.3

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.

4.0
2009-02-09 CVE-2008-6098 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-09 CVE-2009-0481 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.

3.5
2009-02-11 CVE-2009-0455 Glfusion Cross-Site Scripting vulnerability in Glfusion 1.1.0

Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.

2.6
2009-02-10 CVE-2009-0433 IBM Multiple vulnerability in IBM WebSphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down.

2.6
2009-02-13 CVE-2009-0503 IBM Credentials Management vulnerability in IBM Websphere Message Broker 6.1/6.1.0.1

IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.

2.1
2009-02-13 CVE-2009-0141 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

2.1
2009-02-13 CVE-2009-0014 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder.

2.1
2009-02-13 CVE-2009-0013 Apple Credentials Management vulnerability in Apple mac OS X and mac OS X Server

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

2.1
2009-02-09 CVE-2009-0489 David Paleino Configuration vulnerability in David Paleino Wicd

The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.

2.1
2009-02-12 CVE-2009-0142 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."

1.9
2009-02-10 CVE-2009-0437 IBM
Microsoft
Information Exposure vulnerability in IBM Websphere Application Server 6.0.2

The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.

1.9
2009-02-10 CVE-2009-0434 IBM Information Exposure vulnerability in IBM Websphere Application Server

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files.

1.9